add comment

3 years ago · 1881ba57c2
parent 763911246e
commit 1881ba57c2
6 changed files with 17 additions and 3 deletions
--- a/host_vars/azerty.fil.sand.auro.re/vpn.yml
+++ b/host_vars/azerty.fil.sand.auro.re/vpn.yml
@ -10,3 +10,4 @@ vpn_interfaces:
      public_key: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.public_key }}"
      allowed_ip: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.ip }}"
      allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
+      comment: "hindley"
--- a/host_vars/hellman.fil.sand.auro.re/vpn.yml
+++ b/host_vars/hellman.fil.sand.auro.re/vpn.yml
@ -10,3 +10,4 @@ vpn_interfaces:
      public_key: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.public_key }}"
      allowed_ip: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.ip }}"
      allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
+      comment: "hindley"
--- a/host_vars/hindley.adh.auro.re/vpn.yml
+++ b/host_vars/hindley.adh.auro.re/vpn.yml
@ -10,7 +10,14 @@ vpn_interfaces:
      public_key: "{{ hostvars['azerty.fil.sand.auro.re'].vpn_interfaces.wg0.public_key }}"
      allowed_ip: "{{ hostvars['azerty.fil.sand.auro.re'].vpn_interfaces.wg0.ip }}"
      allowed_mask: 32
+      comment: "azerty"
    - endpoint: ""
      public_key: "{{ hostvars['hellman.fil.sand.auro.re'].vpn_interfaces.wg0.public_key }}"
      allowed_ip: "{{ hostvars['hellman.fil.sand.auro.re'].vpn_interfaces.wg0.ip }}"
      allowed_mask: 32
+      comment: "hellman"
+    - endpoint: ""
+      public_key: "NVKyKcX6PEEApSZvAwnT9gfMmMo6o5Go5FtzEPvh+y8="
+      allowed_ip: "172.20.1.200"
+      allowed_mask: 32
+      comment: "knuth"
--- a/roles/vpn/handlers/main.yml
+++ b/roles/vpn/handlers/main.yml
@ -1,5 +1,7 @@
 ---
 - name: Reload wireguard for interface
  systemd:
-    name: "wg-quick@{{ item.key }}"
+    name: "wg-quick@{{ item }}"
    state: reloaded
+  loop:
+    - "{{ vpn_interfaces.key() }}"
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@ -28,15 +28,16 @@
  until: apt_result is succeeded

 - name: Create config files
-  template:
+  ansible.builtin.template:
    src: "wiregard.conf"
    dest: "/etc/wireguard/{{ item.key }}.conf"
    owner: root
    group: root
    mode: '600'
+  notify: Reload wireguard for interface
  loop:
    - "{{ lookup('dict', vpn_interfaces) }}"
-  notify: Reload wireguard for interface
+  no_log: true

 - name: Enable interface
  systemd:
@ -45,3 +46,4 @@
    enabled: yes
  loop:
    - "{{ lookup('dict', vpn_interfaces) }}"
+  no_log: true
--- a/roles/vpn/templates/wiregard.conf
+++ b/roles/vpn/templates/wiregard.conf
@ -7,6 +7,7 @@ ListenPort = {{ vpn_port }}

 {% for peer in item.value.peers %}
 [Peer]
+{{ peer.comment | comment }}
 Publickey = {{ peer.public_key }}
 {% if peer.endpoint %}
 Endpoint = {{peer.endpoint}}:{{ vpn_port }}