jokester/ansible-playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a8545fc501c1bdc9a86f2097c277b8b138f36c49
ansible-playbooks/roles/wireguard/templates/wireguard.conf.j2
T
Clément Désiles ff3133f8e7 feat: wireguard role allow multiple endpoints
2026-05-29 21:32:08 +02:00

26 lines
1.4 KiB
Django/Jinja
Raw Blame History

[Interface]
Address = {{ _tunnel.address }}
{% if _tunnel_effective_dns %}DNS = {{ _tunnel_effective_dns }}
{% endif %}
PrivateKey = {{ _tunnel_private_key }}
{% if _tunnel.server_mode | default(false) %}
{% if ansible_facts['os_family'] == 'Archlinux' %}
PostUp = nft add table inet wireguard_%i; nft add chain inet wireguard_%i forward '{ type filter hook forward priority 0; policy accept; }'; nft add rule inet wireguard_%i forward iifname %i accept; nft add chain inet wireguard_%i postrouting '{ type nat hook postrouting priority 100; }'; nft add rule inet wireguard_%i postrouting oifname {{ _tunnel.primary_interface | default(wireguard_primary_interface) }} masquerade
PostDown = nft delete table inet wireguard_%i
{% else %}
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {{ _tunnel.primary_interface | default(wireguard_primary_interface) }} -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {{ _tunnel.primary_interface | default(wireguard_primary_interface) }} -j MASQUERADE
{% endif %}
ListenPort = {{ _tunnel.port }}
{% endif %}
{% for peer in _tunnel.peers | default([]) %}# {{ peer.name }}
[Peer]
PublicKey = {{ peer.public_key }}
AllowedIPs = {{ peer.allowed_ips | join(',') }}
{% if peer.endpoint is defined %}Endpoint = {{ peer.endpoint }}
{% endif %}
{% if peer.persistent_keepalive is defined %}PersistentKeepalive = {{ peer.persistent_keepalive }}
{% endif %}
{% endfor %}
Reference in New Issue View Git Blame Copy Permalink