From d4fc7adc43f356759adb21f881e542b6159b6624 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 20 Nov 2022 21:36:51 +0100
Subject: wireguard roles: some more cleanups and fixes

---
 .../wireguard/gateway/templates/nftables.rules.j2      |  2 +-
 roles/network/wireguard/p2p/defaults/main.yml          | 18 +++++++++---------
 .../network/wireguard/p2p/templates/systemd.netdev.j2  | 18 ++++++++++--------
 3 files changed, 20 insertions(+), 18 deletions(-)

(limited to 'roles/network/wireguard')

diff --git a/roles/network/wireguard/gateway/templates/nftables.rules.j2 b/roles/network/wireguard/gateway/templates/nftables.rules.j2
index fcf4a21b..501b1d0b 100644
--- a/roles/network/wireguard/gateway/templates/nftables.rules.j2
+++ b/roles/network/wireguard/gateway/templates/nftables.rules.j2
@@ -4,7 +4,7 @@
 table ip nat {
   chain wireguard-gateway-{{ item.key }}-snat {
     type nat hook postrouting priority 100; policy accept;
-    ip saddr { {{ item.value.addresses | map('ipaddr', 'network/prefix') | join(', ') }} } oifname {{ item.value.ip_snat.interface }} snat to {{ item.value.ip_snat.to }}
+    ip saddr { {{ item.value.addresses | map('ansible.utils.ipaddr', 'network/prefix') | join(', ') }} } oifname {{ item.value.ip_snat.interface }} snat to {{ item.value.ip_snat.to }}
   }
 }
 {% endif %}
diff --git a/roles/network/wireguard/p2p/defaults/main.yml b/roles/network/wireguard/p2p/defaults/main.yml
index 9d93b810..cb8d6f18 100644
--- a/roles/network/wireguard/p2p/defaults/main.yml
+++ b/roles/network/wireguard/p2p/defaults/main.yml
@@ -7,12 +7,12 @@
 #   addresses:
 #   - 192.168.123.254/24
 
-# wireguard_p2p_peer:
-#   pub_key: public_key_of_peer
-#   keepalive_interval: 10
-#   endpoint:
-#     host: 5.6.7.8
-#     port: 1234
-#   allowed_ips:
-#     - 192.168.255.3/32
-#     - 192.168.123.0/24
+# wireguard_p2p_peers:
+#   - pub_key: public_key_of_peer
+#     keepalive_interval: 10
+#     endpoint:
+#       host: 5.6.7.8
+#       port: 1234
+#     allowed_ips:
+#       - 192.168.255.3/32
+#       - 192.168.123.0/24
diff --git a/roles/network/wireguard/p2p/templates/systemd.netdev.j2 b/roles/network/wireguard/p2p/templates/systemd.netdev.j2
index 04abfa1d..336fdfb2 100644
--- a/roles/network/wireguard/p2p/templates/systemd.netdev.j2
+++ b/roles/network/wireguard/p2p/templates/systemd.netdev.j2
@@ -12,15 +12,17 @@ PrivateKey={{ wireguard_p2p_interface.priv_key }}
 ListenPort={{ wireguard_p2p_interface.listen_port }}
 {% endif %}
 
+{% for peer in wireguard_p2p_peers %}
 
 [WireGuardPeer]
-PublicKey={{ wireguard_p2p_peer.pub_key }}
-{% for ip in wireguard_p2p_peer.allowed_ips %}
+PublicKey={{ peer.pub_key }}
+{%   for ip in peer.allowed_ips %}
 AllowedIPs={{ ip }}
+{%   endfor %}
+{%   if 'endpoint' in peer %}
+Endpoint={{ peer.endpoint.host }}:{{ peer.endpoint.port | default(51820) }}
+{%   endif %}
+{%   if 'keepalive_interval' in peer %}
+PersistentKeepalive={{ peer.keepalive_interval }}
+{%   endif %}
 {% endfor %}
-{% if 'endpoint' in wireguard_p2p_peer %}
-Endpoint={{ wireguard_p2p_peer.endpoint.host }}:{{ wireguard_p2p_peer.endpoint.port | default(51820) }}
-{% endif %}
-{% if 'keepalive_interval' in wireguard_p2p_peer %}
-PersistentKeepalive={{ wireguard_p2p_peer.keepalive_interval }}
-{% endif %}
-- 
cgit v1.2.3