2022-02-24 13:57:19 +01:00
|
|
|
[NetDev]
|
2022-02-24 21:36:07 +01:00
|
|
|
Name=serverctl-wg0
|
2022-02-24 13:57:19 +01:00
|
|
|
Kind=wireguard
|
2022-02-24 21:36:07 +01:00
|
|
|
Description=WireGuard tunnel serverctl-wg0
|
2022-02-24 13:57:19 +01:00
|
|
|
|
|
|
|
|
[WireGuard]
|
|
|
|
|
ListenPort={{ wireguard_port }}
|
|
|
|
|
PrivateKey={{ wireguard_private_key.stdout }}
|
|
|
|
|
|
2022-02-24 21:36:07 +01:00
|
|
|
{% for peer in groups['serverctl_super_cluster'] %}
|
2022-02-24 13:57:19 +01:00
|
|
|
{% if peer != inventory_hostname %}
|
|
|
|
|
|
|
|
|
|
[WireGuardPeer]
|
|
|
|
|
PublicKey={{ hostvars[peer].wireguard_public_key.stdout }}
|
|
|
|
|
PresharedKey={{ wireguard_preshared_keys[peer] if inventory_hostname < peer else hostvars[peer].wireguard_preshared_keys[inventory_hostname] }}
|
|
|
|
|
AllowedIPs={{ hostvars[peer].wireguard_ip }}/32
|
2022-02-24 21:36:07 +01:00
|
|
|
{% if not hostvars[peer].client_server %}
|
2022-02-24 13:57:19 +01:00
|
|
|
Endpoint={{ hostvars[peer].ansible_host }}:{{ wireguard_port }}
|
|
|
|
|
PersistentKeepalive=25
|
|
|
|
|
{% endif %}
|
2022-02-24 21:36:07 +01:00
|
|
|
{% endif %}
|
2022-02-24 13:57:19 +01:00
|
|
|
{% endfor %}
|
