improve wireguard

roles/wireguard/tasks/main.yml

@@ -6,5 +6,6 @@
 - name: Install home.conf
   become: true
   template:
-    src: "{{ role_path }}/templates/home.conf.j2"
+    src: "{{ role_path }}/templates/wg.conf.j2"
-    dest: /etc/wireguard/home.conf
+    dest: "/etc/wireguard/{{ item.name }}.conf"
+  loop: "{{ wireguard_interfaces }}"

roles/wireguard/templates/home.conf.j2

@@ -1,10 +0,0 @@
-[Interface]
-Privatekey={{ wg_private_key }}
-Address = 10.225.191.4/24,fd11:5ee:bad:c0de::4/64
-DNS=192.168.10.1
-
-[Peer]
-Publickey=fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=
-PresharedKey={{ wg_preshared_key }}
-Endpoint=wg4.geokunis2.nl:51820
-AllowedIPs = 0.0.0.0/0, ::0/0

roles/wireguard/templates/wg.conf.j2

@@ -0,0 +1,14 @@
+[Interface]
+Privatekey = {{ item.private_key }}
+Address = {{ item.address }}
+{% if 'dns' in item %}
+DNS = {{ item.dns }}
+{% endif %}
+
+[Peer]
+Publickey = {{ item.peer_public_key }}
+{% if 'preshared_key' in item %}
+PresharedKey={{ item.preshared_key }}
+{% endif %}
+Endpoint = {{ item.endpoint }}
+AllowedIPs = {{ item.allowed_ips }}

roles/wireguard/vars/main.yml

@@ -1,12 +1,11 @@
-wg_private_key: !vault |
+wireguard_interfaces:
-          $ANSIBLE_VAULT;1.1;AES256
+  - name: home
-          66373536666638303935653866346565636236613831616139316437336564653732646538333431
+    address: "10.225.191.4/24, fd11:5ee:bad:c0de::4/64"
-          3366386633353633313932373730373738663534303138630a336539366539623832343034396438
+    dns: "192.168.10.1"
-          62626163663135323138353965316361396164633736313435396435653338393661366638363032
+    peer_public_key: "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg="
-          6637383765663066380a613330326566313764663635326335353964343438316336613130393462
+    endpoint: "84.245.14.149:51820"
-          61663539656433336135396362623862623336613464346139356466633365663939346366346335
+    allowed_ips: "0.0.0.0/0, ::0/0"
-          3561326462646131346238633334613539623161653838386435
+    preshared_key: !vault |
-wg_preshared_key: !vault |
           $ANSIBLE_VAULT;1.1;AES256
           30323832316230326261663365363938306161623639643261376164373563346665643261656632
           6432616232633465356565653638333830396561613435300a666662353138346638636631366661
@@ -14,3 +13,24 @@ wg_preshared_key: !vault |
           3539636466383232340a313961383861656662303434356335343539346364313937663439356665
           37373466373763636434313632643365333434336561643361346130373964396530313339623739
           6565306236643866663765313636333139366331356164393939
+    private_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          66373536666638303935653866346565636236613831616139316437336564653732646538333431
+          3366386633353633313932373730373738663534303138630a336539366539623832343034396438
+          62626163663135323138353965316361396164633736313435396435653338393661366638363032
+          6637383765663066380a613330326566313764663635326335353964343438316336613130393462
+          61663539656433336135396362623862623336613464346139356466633365663939346366346335
+          3561326462646131346238633334613539623161653838386435
+  - name: atlas
+    address: "10.42.0.2/32"
+    peer_public_key: "NLI4IsIgb4if2FhP8BXJupTlC/guZfY4tG91dZ4t8jE="
+    endpoint: "atlas.lan:51820"
+    allowed_ips: "10.42.0.1/32"
+    private_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          39396361643039633361303266326166376236626430336534303330373766303063373839643031
+          6561323836616535323931643335313438306338396264360a653830353237396665373436316466
+          35353063646263353163303836383762313034653563663634613139303136323739626334313232
+          3162366232656534630a636639626134343638316665306362396363363034616163616662326136
+          62363632393536356562306562366431383962646330353035323137613865333636356663363763
+          6137333432336533646534656437633539633065663931643633