wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-04-19 15:47:11 +02:00
Code Issues Projects Releases Wiki Activity

WireGuard update-users fix (#1154)

Browse source
This commit is contained in:
Jack Ivanov 2018-10-22 23:49:09 +03:00 committed by Dan Guido
parent efc8dc7620
commit fbc7b29456
4 changed files with 19 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
roles/wireguard/defaults/main.yml Normal file
View file

@ -0,0 +1,3 @@
---
wireguard_client_ip: "{{ wireguard_network_ipv4['clients_range'] }}.{{ wireguard_network_ipv4['clients_start'] + item.0 + 1 }}/32{% if ipv6_support %},{{ wireguard_network_ipv6['clients_range'] }}{{ wireguard_network_ipv6['clients_start'] + item.0 + 1 }}/{{ wireguard_network_ipv6['prefix'] }}{% endif %}"
wireguard_server_ip: "{{ wireguard_network_ipv4['gateway'] }}/{{ wireguard_network_ipv4['prefix'] }}{% if ipv6_support %},{{ wireguard_network_ipv6['gateway'] }}/{{ wireguard_network_ipv6['prefix'] }}{% endif %}"

13
roles/wireguard/tasks/main.yml
View file

@ -7,6 +7,7 @@
with_items:
- private
- public
- ip
delegate_to: localhost
become: false
@ -24,6 +25,16 @@
import_tasks: keys.yml
tags: update-users
- name: Dump IP addresses
copy:
dest: "{{ wireguard_config_path }}/ip/{{ item.1 }}"
content: "{{ wireguard_client_ip }}"
force: false
with_indexed_items: "{{ users }}"
tags: update-users
become: false
delegate_to: localhost
- name: WireGuard configured
template:
src: server.conf.j2
@ -38,9 +49,9 @@
dest: "{{ wireguard_config_path }}/{{ item.1 }}.conf"
mode: "0600"
with_indexed_items: "{{ users }}"
become: false
tags: update-users
delegate_to: localhost
become: false
- name: Generate QR codes
shell: >

4
roles/wireguard/templates/client.conf.j2
View file

@ -1,8 +1,6 @@
[Interface]
PrivateKey = {{ lookup('file', wireguard_config_path + '/private/' + item.1) }}
Address = {{ wireguard_network_ipv4['clients_range'] }}.{{ wireguard_network_ipv4['clients_start'] + item.0 + 1 }}/32{% if ipv6_support %},{{ wireguard_network_ipv6['clients_range'] }}{{ wireguard_network_ipv6['clients_start'] + item.0 + 1 }}/{{ wireguard_network_ipv6['prefix'] }}
{% endif %}
Address = {{ lookup('file', wireguard_config_path + '/ip/' + item.1) }}
DNS = {{ wireguard_dns_servers }}
[Peer]

9
roles/wireguard/templates/server.conf.j2
View file

@ -1,16 +1,13 @@
[Interface]
Address = {{ wireguard_network_ipv4['gateway'] }}/{{ wireguard_network_ipv4['prefix'] }}{% if ipv6_support %},{{ wireguard_network_ipv6['gateway'] }}/{{ wireguard_network_ipv6['prefix'] }}
{% endif %}
Address = {{ wireguard_server_ip }}
ListenPort = {{ wireguard_port }}
PrivateKey = {{ lookup('file', wireguard_config_path + '/private/' + IP_subject_alt_name) }}
SaveConfig = false
{% for u in users %}
{% for u in users|sort %}
[Peer]
# {{ u }}
PublicKey = {{ lookup('file', wireguard_config_path + '/public/' + u) }}
AllowedIPs = {{ wireguard_network_ipv4['clients_range'] }}.{{ wireguard_network_ipv4['clients_start'] + loop.index }}/32{% if ipv6_support %},{{ wireguard_network_ipv6['clients_range'] }}{{ wireguard_network_ipv6['clients_start'] + loop.index }}/128
{% endif %}
AllowedIPs = {{ lookup('file', wireguard_config_path + '/ip/' + u) }}
{% endfor %}