WireGuard update-users fix (#1154)

2025-06-06 15:13:56 +02:00 · 2018-10-22 23:49:09 +03:00 · 2018-10-22 23:49:09 +03:00 · fbc7b29456
commit fbc7b29456
parent efc8dc7620
4 changed files with 19 additions and 10 deletions
--- a/roles/wireguard/defaults/main.yml
+++ b/roles/wireguard/defaults/main.yml
@ -0,0 +1,3 @@
 ---
 wireguard_client_ip: "{{ wireguard_network_ipv4['clients_range'] }}.{{ wireguard_network_ipv4['clients_start'] + item.0 + 1 }}/32{% if ipv6_support %},{{ wireguard_network_ipv6['clients_range'] }}{{ wireguard_network_ipv6['clients_start'] + item.0 + 1 }}/{{ wireguard_network_ipv6['prefix'] }}{% endif %}"
 wireguard_server_ip: "{{ wireguard_network_ipv4['gateway'] }}/{{ wireguard_network_ipv4['prefix'] }}{% if ipv6_support %},{{ wireguard_network_ipv6['gateway'] }}/{{ wireguard_network_ipv6['prefix'] }}{% endif %}"
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@ -7,6 +7,7 @@
  with_items:
    - private
    - public
    - ip
  delegate_to: localhost
  become: false
@ -24,6 +25,16 @@
  import_tasks: keys.yml
  tags: update-users
 - name: Dump IP addresses
  copy:
    dest: "{{ wireguard_config_path }}/ip/{{ item.1 }}"
    content: "{{ wireguard_client_ip }}"
    force: false
  with_indexed_items: "{{ users }}"
  tags: update-users
  become: false
  delegate_to: localhost
 - name: WireGuard configured
  template:
    src: server.conf.j2
@ -38,9 +49,9 @@
    dest: "{{ wireguard_config_path }}/{{ item.1 }}.conf"
    mode: "0600"
  with_indexed_items: "{{ users }}"
  become: false
  tags: update-users
  delegate_to: localhost
  become: false
 - name: Generate QR codes
  shell: >
--- a/roles/wireguard/templates/client.conf.j2
+++ b/roles/wireguard/templates/client.conf.j2
@ -1,8 +1,6 @@
 [Interface]
 PrivateKey = {{ lookup('file', wireguard_config_path + '/private/' + item.1) }}
-Address = {{ wireguard_network_ipv4['clients_range'] }}.{{ wireguard_network_ipv4['clients_start'] + item.0 + 1 }}/32{% if ipv6_support %},{{ wireguard_network_ipv6['clients_range'] }}{{ wireguard_network_ipv6['clients_start'] + item.0 + 1 }}/{{ wireguard_network_ipv6['prefix'] }}
+Address = {{ lookup('file', wireguard_config_path + '/ip/' + item.1) }}
 {% endif %}
 DNS = {{ wireguard_dns_servers }}
 [Peer]
--- a/roles/wireguard/templates/server.conf.j2
+++ b/roles/wireguard/templates/server.conf.j2
@ -1,16 +1,13 @@
 [Interface]
-Address = {{ wireguard_network_ipv4['gateway'] }}/{{ wireguard_network_ipv4['prefix'] }}{% if ipv6_support %},{{ wireguard_network_ipv6['gateway'] }}/{{ wireguard_network_ipv6['prefix'] }}
+Address = {{ wireguard_server_ip }}
 {% endif %}
 ListenPort = {{ wireguard_port }}
 PrivateKey = {{ lookup('file', wireguard_config_path + '/private/' + IP_subject_alt_name) }}
 SaveConfig = false
-{% for u in users %}
+{% for u in users|sort %}
 [Peer]
 # {{ u }}
 PublicKey = {{ lookup('file', wireguard_config_path + '/public/' + u) }}
-AllowedIPs = {{ wireguard_network_ipv4['clients_range'] }}.{{ wireguard_network_ipv4['clients_start'] + loop.index }}/32{% if ipv6_support %},{{ wireguard_network_ipv6['clients_range'] }}{{ wireguard_network_ipv6['clients_start'] + loop.index }}/128
+AllowedIPs = {{ lookup('file', wireguard_config_path + '/ip/' + u) }}
 {% endif %}
 {% endfor %}