Add conf for other host not in play

2022-09-16 18:44:22 +02:00 · 2022-09-16 18:44:22 +02:00 · 481fdcb32c
commit 481fdcb32c
parent 410b448e37
3 changed files with 28 additions and 9 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -1,3 +1,19 @@
 ---
 - name: Restart WireGuard
  service: name=wg-quick@{{ wireguard_interface }} state=restarted
 - name: syncconf wireguard
  ansible.builtin.shell: |
    set -o errexit
    set -o pipefail
    set -o nounset
    systemctl is-active wg-quick@{{ wireguard_interface|quote }} || systemctl start wg-quick@{{ wireguard_interface|quote }}
    wg syncconf {{ wireguard_interface|quote }} <(wg-quick strip /etc/wireguard/{{ wireguard_interface|quote }}.conf)
    exit 0
  args:
    executable: "/bin/bash"
 #  when:
 #    - not wireguard__restart_interface
 #    - not ansible_os_family == 'Darwin'
 #    - wireguard_service_enabled == "yes"
  listen: "reconfigure wireguard"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -73,6 +73,7 @@
        owner: root
        group: root
        mode: 0644
      notify: "reconfigure wireguard"
    - name: Enable Wireguard service
      service:
--- a/templates/etc/wireguard/wireguard.conf.j2
+++ b/templates/etc/wireguard/wireguard.conf.j2
@ -41,28 +41,30 @@ PostDown   = firewall-cmd --remove-port {{ wireguard_port }}/udp && firewall-cmd
 {% if wireguard_save_config is defined %}
 SaveConfig = {{ wireguard_save_config }}
 {% endif %}
-{% for host in ansible_play_hosts %}
+{% for host in groups['Vpn'] | difference([inventory_hostname]) %}
-{%   if host != inventory_hostname %}
+{%   if hostvars[host].wireguard_public_key is defined %}
 [Peer]
 # {{ host }}
 PublicKey = {{ hostvars[host].wireguard_public_key }}
 {%     if false %}
 #AllowedIPs = 0.0.0.0/0,::/0
 {%     endif %}
 {%     if hostvars[host].wireguard_allowed_ips is defined %}
 AllowedIPs = {{ hostvars[host].wireguard_address.split('/')[0] }}/32, {% for wireguard_allowed_ip in hostvars[host].wireguard_allowed_ips %}{{ wireguard_allowed_ip }}{% if not loop.last %}, {% endif %}{% endfor %}
 {%     else %}
 AllowedIPs = {{ hostvars[host].wireguard_address.split('/')[0] }}/32
 {%     endif %}
-{% if hostvars[host].wireguard_endpoint_ip is defined and hostvars[host].wireguard_endpoint_port is defined %}
+{%     if hostvars[host].wireguard_endpoint_ip is defined and hostvars[host].wireguard_endpoint_port is defined %}
 Endpoint = {{ hostvars[host].wireguard_endpoint_ip }}:{{ hostvars[host].wireguard_endpoint_port }}
-{% elif hostvars[host].wireguard_endpoint_ip is defined %}
+{%     elif hostvars[host].wireguard_endpoint_ip is defined %}
 Endpoint = {{ hostvars[host].wireguard_endpoint_ip }}:{{ hostvars[host].wireguard_port }}
-{% else %}
+{%     else %}
 Endpoint = {{ hostvars[host].ansible_default_ipv4.address }}:{{ wireguard_port }}
 {% endif %}
 {%     if hostvars[host].wireguard_persistent_keepalive is defined %}
 PersistentKeepalive = {{hostvars[host].wireguard_persistent_keepalive}}
 {%     endif %}
-{% endif %}
+{%     if hostvars[host].wireguard_persistent_keepalive is defined %}
 PersistentKeepalive = {{ hostvars[host].wireguard_persistent_keepalive }}
 {%     endif %}
 {%   endif %}
 {% endfor %}