5 files changed, 32 insertions, 30 deletions

diff --git a/inventory/host_vars/ele-gwhetzner.yml b/inventory/host_vars/ele-gwhetzner.yml
index aa9cc7b3..d3faf0cf 100644
--- a/inventory/host_vars/ele-gwhetzner.yml
+++ b/inventory/host_vars/ele-gwhetzner.yml
@@ -87,7 +87,7 @@ wireguard_p2p_interface:
   addresses:
   - 192.168.123.1/30
 
-wireguard_p2p_peer:
-  pub_key: "RDNeaG06AUkEZqEr/v3zTidroGfTBTsXluOx2ArITyE="
-  allowed_ips:
-    - 192.168.123.2/32
+wireguard_p2p_peers:
+  - pub_key: "RDNeaG06AUkEZqEr/v3zTidroGfTBTsXluOx2ArITyE="
+    allowed_ips:
+      - 192.168.123.2/32
diff --git a/inventory/host_vars/s2-thetys.yml b/inventory/host_vars/s2-thetys.yml
index 689c124b..d373ff63 100644
--- a/inventory/host_vars/s2-thetys.yml
+++ b/inventory/host_vars/s2-thetys.yml
@@ -85,11 +85,11 @@ wireguard_p2p_interface:
   addresses:
   - 192.168.123.2/30
 
-wireguard_p2p_peer:
-  pub_key: "r/pFU+OOHmSZUJPSA15emuCQhC/MvLnmfx5o5MPl7yo="
-  keepalive_interval: 10
-  endpoint:
-    host: 178.63.180.138
-    port: 51920
-  allowed_ips:
-    - 192.168.123.1/32
+wireguard_p2p_peers:
+  - pub_key: "r/pFU+OOHmSZUJPSA15emuCQhC/MvLnmfx5o5MPl7yo="
+    keepalive_interval: 10
+    endpoint:
+      host: 178.63.180.138
+      port: 51920
+    allowed_ips:
+      - 192.168.123.1/32
diff --git a/roles/network/wireguard/gateway/templates/nftables.rules.j2 b/roles/network/wireguard/gateway/templates/nftables.rules.j2
index fcf4a21b..501b1d0b 100644
--- a/roles/network/wireguard/gateway/templates/nftables.rules.j2
+++ b/roles/network/wireguard/gateway/templates/nftables.rules.j2
@@ -4,7 +4,7 @@
 table ip nat {
   chain wireguard-gateway-{{ item.key }}-snat {
     type nat hook postrouting priority 100; policy accept;
-    ip saddr { {{ item.value.addresses | map('ipaddr', 'network/prefix') | join(', ') }} } oifname {{ item.value.ip_snat.interface }} snat to {{ item.value.ip_snat.to }}
+    ip saddr { {{ item.value.addresses | map('ansible.utils.ipaddr', 'network/prefix') | join(', ') }} } oifname {{ item.value.ip_snat.interface }} snat to {{ item.value.ip_snat.to }}
   }
 }
 {% endif %}
diff --git a/roles/network/wireguard/p2p/defaults/main.yml b/roles/network/wireguard/p2p/defaults/main.yml
index 9d93b810..cb8d6f18 100644
--- a/roles/network/wireguard/p2p/defaults/main.yml
+++ b/roles/network/wireguard/p2p/defaults/main.yml
@@ -7,12 +7,12 @@
 #   addresses:
 #   - 192.168.123.254/24
 
-# wireguard_p2p_peer:
-#   pub_key: public_key_of_peer
-#   keepalive_interval: 10
-#   endpoint:
-#     host: 5.6.7.8
-#     port: 1234
-#   allowed_ips:
-#     - 192.168.255.3/32
-#     - 192.168.123.0/24
+# wireguard_p2p_peers:
+#   - pub_key: public_key_of_peer
+#     keepalive_interval: 10
+#     endpoint:
+#       host: 5.6.7.8
+#       port: 1234
+#     allowed_ips:
+#       - 192.168.255.3/32
+#       - 192.168.123.0/24
diff --git a/roles/network/wireguard/p2p/templates/systemd.netdev.j2 b/roles/network/wireguard/p2p/templates/systemd.netdev.j2
index 04abfa1d..336fdfb2 100644
--- a/roles/network/wireguard/p2p/templates/systemd.netdev.j2
+++ b/roles/network/wireguard/p2p/templates/systemd.netdev.j2
@@ -12,15 +12,17 @@ PrivateKey={{ wireguard_p2p_interface.priv_key }}
 ListenPort={{ wireguard_p2p_interface.listen_port }}
 {% endif %}
 
+{% for peer in wireguard_p2p_peers %}
 
 [WireGuardPeer]
-PublicKey={{ wireguard_p2p_peer.pub_key }}
-{% for ip in wireguard_p2p_peer.allowed_ips %}
+PublicKey={{ peer.pub_key }}
+{%   for ip in peer.allowed_ips %}
 AllowedIPs={{ ip }}
+{%   endfor %}
+{%   if 'endpoint' in peer %}
+Endpoint={{ peer.endpoint.host }}:{{ peer.endpoint.port | default(51820) }}
+{%   endif %}
+{%   if 'keepalive_interval' in peer %}
+PersistentKeepalive={{ peer.keepalive_interval }}
+{%   endif %}
 {% endfor %}
-{% if 'endpoint' in wireguard_p2p_peer %}
-Endpoint={{ wireguard_p2p_peer.endpoint.host }}:{{ wireguard_p2p_peer.endpoint.port | default(51820) }}
-{% endif %}
-{% if 'keepalive_interval' in wireguard_p2p_peer %}
-PersistentKeepalive={{ wireguard_p2p_peer.keepalive_interval }}
-{% endif %}