From 1881ba57c2c9ed3954c9bfc12679fe8b720ada3b Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Fri, 23 Apr 2021 00:40:31 +0200 Subject: [PATCH] add comment --- host_vars/azerty.fil.sand.auro.re/vpn.yml | 1 + host_vars/hellman.fil.sand.auro.re/vpn.yml | 1 + host_vars/hindley.adh.auro.re/vpn.yml | 7 +++++++ roles/vpn/handlers/main.yml | 4 +++- roles/vpn/tasks/main.yml | 6 ++++-- roles/vpn/templates/wiregard.conf | 1 + 6 files changed, 17 insertions(+), 3 deletions(-) diff --git a/host_vars/azerty.fil.sand.auro.re/vpn.yml b/host_vars/azerty.fil.sand.auro.re/vpn.yml index 85576a7..42b3ad4 100644 --- a/host_vars/azerty.fil.sand.auro.re/vpn.yml +++ b/host_vars/azerty.fil.sand.auro.re/vpn.yml @@ -10,3 +10,4 @@ vpn_interfaces: public_key: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.public_key }}" allowed_ip: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.ip }}" allowed_mask: "{{ interfaces.wg0.netmaskv4 }}" + comment: "hindley" diff --git a/host_vars/hellman.fil.sand.auro.re/vpn.yml b/host_vars/hellman.fil.sand.auro.re/vpn.yml index c7e16dd..7f46bb1 100644 --- a/host_vars/hellman.fil.sand.auro.re/vpn.yml +++ b/host_vars/hellman.fil.sand.auro.re/vpn.yml @@ -10,3 +10,4 @@ vpn_interfaces: public_key: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.public_key }}" allowed_ip: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.ip }}" allowed_mask: "{{ interfaces.wg0.netmaskv4 }}" + comment: "hindley" diff --git a/host_vars/hindley.adh.auro.re/vpn.yml b/host_vars/hindley.adh.auro.re/vpn.yml index 68ed2f4..c742b22 100644 --- a/host_vars/hindley.adh.auro.re/vpn.yml +++ b/host_vars/hindley.adh.auro.re/vpn.yml @@ -10,7 +10,14 @@ vpn_interfaces: public_key: "{{ hostvars['azerty.fil.sand.auro.re'].vpn_interfaces.wg0.public_key }}" allowed_ip: "{{ hostvars['azerty.fil.sand.auro.re'].vpn_interfaces.wg0.ip }}" allowed_mask: 32 + comment: "azerty" - endpoint: "" public_key: "{{ hostvars['hellman.fil.sand.auro.re'].vpn_interfaces.wg0.public_key }}" allowed_ip: "{{ hostvars['hellman.fil.sand.auro.re'].vpn_interfaces.wg0.ip }}" allowed_mask: 32 + comment: "hellman" + - endpoint: "" + public_key: "NVKyKcX6PEEApSZvAwnT9gfMmMo6o5Go5FtzEPvh+y8=" + allowed_ip: "172.20.1.200" + allowed_mask: 32 + comment: "knuth" diff --git a/roles/vpn/handlers/main.yml b/roles/vpn/handlers/main.yml index a232044..8e081c2 100644 --- a/roles/vpn/handlers/main.yml +++ b/roles/vpn/handlers/main.yml @@ -1,5 +1,7 @@ --- - name: Reload wireguard for interface systemd: - name: "wg-quick@{{ item.key }}" + name: "wg-quick@{{ item }}" state: reloaded + loop: + - "{{ vpn_interfaces.key() }}" diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml index e86338e..19a59cc 100644 --- a/roles/vpn/tasks/main.yml +++ b/roles/vpn/tasks/main.yml @@ -28,15 +28,16 @@ until: apt_result is succeeded - name: Create config files - template: + ansible.builtin.template: src: "wiregard.conf" dest: "/etc/wireguard/{{ item.key }}.conf" owner: root group: root mode: '600' + notify: Reload wireguard for interface loop: - "{{ lookup('dict', vpn_interfaces) }}" - notify: Reload wireguard for interface + no_log: true - name: Enable interface systemd: @@ -45,3 +46,4 @@ enabled: yes loop: - "{{ lookup('dict', vpn_interfaces) }}" + no_log: true diff --git a/roles/vpn/templates/wiregard.conf b/roles/vpn/templates/wiregard.conf index df1abeb..25890c7 100644 --- a/roles/vpn/templates/wiregard.conf +++ b/roles/vpn/templates/wiregard.conf @@ -7,6 +7,7 @@ ListenPort = {{ vpn_port }} {% for peer in item.value.peers %} [Peer] +{{ peer.comment | comment }} Publickey = {{ peer.public_key }} {% if peer.endpoint %} Endpoint = {{peer.endpoint}}:{{ vpn_port }}