Clément Désiles
26 lines
1.4 KiB
Django/Jinja
26 lines
1.4 KiB
Django/Jinja
[Interface]
|
|
Address = {{ _tunnel.address }}
|
|
{% if _tunnel_effective_dns %}DNS = {{ _tunnel_effective_dns }}
|
|
{% endif %}
|
|
PrivateKey = {{ _tunnel_private_key }}
|
|
{% if _tunnel.server_mode | default(false) %}
|
|
{% if ansible_facts['os_family'] == 'Archlinux' %}
|
|
PostUp = nft add table inet wireguard_%i; nft add chain inet wireguard_%i forward '{ type filter hook forward priority 0; policy accept; }'; nft add rule inet wireguard_%i forward iifname %i accept; nft add chain inet wireguard_%i postrouting '{ type nat hook postrouting priority 100; }'; nft add rule inet wireguard_%i postrouting oifname {{ _tunnel.primary_interface | default(wireguard_primary_interface) }} masquerade
|
|
PostDown = nft delete table inet wireguard_%i
|
|
{% else %}
|
|
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {{ _tunnel.primary_interface | default(wireguard_primary_interface) }} -j MASQUERADE
|
|
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {{ _tunnel.primary_interface | default(wireguard_primary_interface) }} -j MASQUERADE
|
|
{% endif %}
|
|
ListenPort = {{ _tunnel.port }}
|
|
{% endif %}
|
|
|
|
{% for peer in _tunnel.peers | default([]) %}# {{ peer.name }}
|
|
[Peer]
|
|
PublicKey = {{ peer.public_key }}
|
|
AllowedIPs = {{ peer.allowed_ips | join(',') }}
|
|
{% if peer.endpoint is defined %}Endpoint = {{ peer.endpoint }}
|
|
{% endif %}
|
|
{% if peer.persistent_keepalive is defined %}PersistentKeepalive = {{ peer.persistent_keepalive }}
|
|
{% endif %}
|
|
{% endfor %}
|