diff options
author | Egor Tensin <Egor.Tensin@gmail.com> | 2023-08-20 23:02:06 +0200 |
---|---|---|
committer | Egor Tensin <Egor.Tensin@gmail.com> | 2023-08-20 23:02:08 +0200 |
commit | c054d22c4818d916ac6dd9c8d7a7a2c614408e17 (patch) | |
tree | c0239045b1587cd950fd1d777f0c84fe5c23aa92 /roles/wireguard/templates/wg0.conf.j2 | |
parent | add ansible_managed comment to templates (diff) | |
download | infra-ansible-c054d22c4818d916ac6dd9c8d7a7a2c614408e17.tar.gz infra-ansible-c054d22c4818d916ac6dd9c8d7a7a2c614408e17.zip |
append .j2 extension to templates
I saw a good point somewhere that it should help with syntax
highlighting.
Diffstat (limited to 'roles/wireguard/templates/wg0.conf.j2')
-rw-r--r-- | roles/wireguard/templates/wg0.conf.j2 | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/roles/wireguard/templates/wg0.conf.j2 b/roles/wireguard/templates/wg0.conf.j2 new file mode 100644 index 0000000..fca9a0b --- /dev/null +++ b/roles/wireguard/templates/wg0.conf.j2 @@ -0,0 +1,35 @@ +{{ ansible_managed | comment }} + +[Interface] +PrivateKey = {{ wg_private_key }} +Address = {{ wg_addr4 }}, {{ wg_addr6 }} +ListenPort = {{ wg_listen_port }} +SaveConfig = false + +{% if wg_firewall %} +PostUp = iptables -t nat -A POSTROUTING -s {{ wg_addr4 }} -m policy --pol none --dir out -j MASQUERADE +PostUp = iptables -A FORWARD -s {{ wg_addr4 }} -j ACCEPT +PostUp = ip6tables -t nat -A POSTROUTING -s {{ wg_addr6 }} -m policy --pol none --dir out -j MASQUERADE +PostUp = ip6tables -A FORWARD -s {{ wg_addr6 }} -j ACCEPT +PostDown = iptables -t nat -D POSTROUTING -s {{ wg_addr4 }} -m policy --pol none --dir out -j MASQUERADE +PostDown = iptables -D FORWARD -s {{ wg_addr4 }} -j ACCEPT +PostDown = ip6tables -t nat -A POSTROUTING -s {{ wg_addr6 }} -m policy --pol none --dir out -j MASQUERADE +PostDown = ip6tables -D FORWARD -s {{ wg_addr6 }} -j ACCEPT +{% endif %} +{% if wg_peers is defined %} +{% for peer in wg_peers %} + +[Peer] +PublicKey = {{ peer.public_key }} +{% if peer.preshared_key is defined %} +PresharedKey = {{ peer.preshared_key }} +{% endif %} +AllowedIPs = {{ peer.allowed_ips }} +{% if peer.endpoint is defined %} +Endpoint = {{ peer.endpoint }} +{% endif %} +{% if peer.persistent_keepalive is defined and peer.persistent_keepalive %} +PersistentKeepalive = 25 +{% endif %} +{% endfor %} +{% endif %} |