From c054d22c4818d916ac6dd9c8d7a7a2c614408e17 Mon Sep 17 00:00:00 2001 From: Egor Tensin Date: Sun, 20 Aug 2023 23:02:06 +0200 Subject: append .j2 extension to templates I saw a good point somewhere that it should help with syntax highlighting. --- roles/wireguard/tasks/main.yml | 2 +- roles/wireguard/templates/wg0.conf | 35 ----------------------------------- roles/wireguard/templates/wg0.conf.j2 | 35 +++++++++++++++++++++++++++++++++++ 3 files changed, 36 insertions(+), 36 deletions(-) delete mode 100644 roles/wireguard/templates/wg0.conf create mode 100644 roles/wireguard/templates/wg0.conf.j2 (limited to 'roles/wireguard') diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml index b91ad8a..64b0f76 100644 --- a/roles/wireguard/tasks/main.yml +++ b/roles/wireguard/tasks/main.yml @@ -9,7 +9,7 @@ - name: Write wg-quick config file ansible.builtin.template: - src: wg0.conf + src: wg0.conf.j2 dest: '/etc/wireguard/{{ wg_name }}.conf' owner: root group: root diff --git a/roles/wireguard/templates/wg0.conf b/roles/wireguard/templates/wg0.conf deleted file mode 100644 index fca9a0b..0000000 --- a/roles/wireguard/templates/wg0.conf +++ /dev/null @@ -1,35 +0,0 @@ -{{ ansible_managed | comment }} - -[Interface] -PrivateKey = {{ wg_private_key }} -Address = {{ wg_addr4 }}, {{ wg_addr6 }} -ListenPort = {{ wg_listen_port }} -SaveConfig = false - -{% if wg_firewall %} -PostUp = iptables -t nat -A POSTROUTING -s {{ wg_addr4 }} -m policy --pol none --dir out -j MASQUERADE -PostUp = iptables -A FORWARD -s {{ wg_addr4 }} -j ACCEPT -PostUp = ip6tables -t nat -A POSTROUTING -s {{ wg_addr6 }} -m policy --pol none --dir out -j MASQUERADE -PostUp = ip6tables -A FORWARD -s {{ wg_addr6 }} -j ACCEPT -PostDown = iptables -t nat -D POSTROUTING -s {{ wg_addr4 }} -m policy --pol none --dir out -j MASQUERADE -PostDown = iptables -D FORWARD -s {{ wg_addr4 }} -j ACCEPT -PostDown = ip6tables -t nat -A POSTROUTING -s {{ wg_addr6 }} -m policy --pol none --dir out -j MASQUERADE -PostDown = ip6tables -D FORWARD -s {{ wg_addr6 }} -j ACCEPT -{% endif %} -{% if wg_peers is defined %} -{% for peer in wg_peers %} - -[Peer] -PublicKey = {{ peer.public_key }} -{% if peer.preshared_key is defined %} -PresharedKey = {{ peer.preshared_key }} -{% endif %} -AllowedIPs = {{ peer.allowed_ips }} -{% if peer.endpoint is defined %} -Endpoint = {{ peer.endpoint }} -{% endif %} -{% if peer.persistent_keepalive is defined and peer.persistent_keepalive %} -PersistentKeepalive = 25 -{% endif %} -{% endfor %} -{% endif %} diff --git a/roles/wireguard/templates/wg0.conf.j2 b/roles/wireguard/templates/wg0.conf.j2 new file mode 100644 index 0000000..fca9a0b --- /dev/null +++ b/roles/wireguard/templates/wg0.conf.j2 @@ -0,0 +1,35 @@ +{{ ansible_managed | comment }} + +[Interface] +PrivateKey = {{ wg_private_key }} +Address = {{ wg_addr4 }}, {{ wg_addr6 }} +ListenPort = {{ wg_listen_port }} +SaveConfig = false + +{% if wg_firewall %} +PostUp = iptables -t nat -A POSTROUTING -s {{ wg_addr4 }} -m policy --pol none --dir out -j MASQUERADE +PostUp = iptables -A FORWARD -s {{ wg_addr4 }} -j ACCEPT +PostUp = ip6tables -t nat -A POSTROUTING -s {{ wg_addr6 }} -m policy --pol none --dir out -j MASQUERADE +PostUp = ip6tables -A FORWARD -s {{ wg_addr6 }} -j ACCEPT +PostDown = iptables -t nat -D POSTROUTING -s {{ wg_addr4 }} -m policy --pol none --dir out -j MASQUERADE +PostDown = iptables -D FORWARD -s {{ wg_addr4 }} -j ACCEPT +PostDown = ip6tables -t nat -A POSTROUTING -s {{ wg_addr6 }} -m policy --pol none --dir out -j MASQUERADE +PostDown = ip6tables -D FORWARD -s {{ wg_addr6 }} -j ACCEPT +{% endif %} +{% if wg_peers is defined %} +{% for peer in wg_peers %} + +[Peer] +PublicKey = {{ peer.public_key }} +{% if peer.preshared_key is defined %} +PresharedKey = {{ peer.preshared_key }} +{% endif %} +AllowedIPs = {{ peer.allowed_ips }} +{% if peer.endpoint is defined %} +Endpoint = {{ peer.endpoint }} +{% endif %} +{% if peer.persistent_keepalive is defined and peer.persistent_keepalive %} +PersistentKeepalive = 25 +{% endif %} +{% endfor %} +{% endif %} -- cgit v1.2.3