add comment

host_vars/azerty.fil.sand.auro.re/vpn.yml

@@ -10,3 +10,4 @@ vpn_interfaces:
       public_key: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.public_key }}"
       allowed_ip: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.ip }}"
       allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
+      comment: "hindley"

host_vars/hellman.fil.sand.auro.re/vpn.yml

@@ -10,3 +10,4 @@ vpn_interfaces:
       public_key: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.public_key }}"
       allowed_ip: "{{ hostvars['hindley.adh.auro.re'].vpn_interfaces.wg0.ip }}"
       allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
+      comment: "hindley"

host_vars/hindley.adh.auro.re/vpn.yml

@@ -10,7 +10,14 @@ vpn_interfaces:
       public_key: "{{ hostvars['azerty.fil.sand.auro.re'].vpn_interfaces.wg0.public_key }}"
       allowed_ip: "{{ hostvars['azerty.fil.sand.auro.re'].vpn_interfaces.wg0.ip }}"
       allowed_mask: 32
+      comment: "azerty"
     - endpoint: ""
       public_key: "{{ hostvars['hellman.fil.sand.auro.re'].vpn_interfaces.wg0.public_key }}"
       allowed_ip: "{{ hostvars['hellman.fil.sand.auro.re'].vpn_interfaces.wg0.ip }}"
       allowed_mask: 32
+      comment: "hellman"
+    - endpoint: ""
+      public_key: "NVKyKcX6PEEApSZvAwnT9gfMmMo6o5Go5FtzEPvh+y8="
+      allowed_ip: "172.20.1.200"
+      allowed_mask: 32
+      comment: "knuth"

roles/vpn/handlers/main.yml

@@ -1,5 +1,7 @@
 ---
 - name: Reload wireguard for interface
   systemd:
-    name: "wg-quick@{{ item.key }}"
+    name: "wg-quick@{{ item }}"
     state: reloaded
+  loop:
+    - "{{ vpn_interfaces.key() }}"

roles/vpn/tasks/main.yml

@@ -28,15 +28,16 @@
   until: apt_result is succeeded
 
 - name: Create config files
-  template:
+  ansible.builtin.template:
     src: "wiregard.conf"
     dest: "/etc/wireguard/{{ item.key }}.conf"
     owner: root
     group: root
     mode: '600'
+  notify: Reload wireguard for interface
   loop:
     - "{{ lookup('dict', vpn_interfaces) }}"
-  notify: Reload wireguard for interface
+  no_log: true
 
 - name: Enable interface
   systemd:
@@ -45,3 +46,4 @@
     enabled: yes
   loop:
     - "{{ lookup('dict', vpn_interfaces) }}"
+  no_log: true

roles/vpn/templates/wiregard.conf

@@ -7,6 +7,7 @@ ListenPort = {{ vpn_port }}
 
 {% for peer in item.value.peers %}
 [Peer]
+{{ peer.comment | comment }}
 Publickey = {{ peer.public_key }}
 {% if peer.endpoint %}
 Endpoint = {{peer.endpoint}}:{{ vpn_port }}