35 lines
953 B
YAML
35 lines
953 B
YAML
- name: Add wireguard peers to each server
|
|
hosts:
|
|
- colors
|
|
- kubernetes
|
|
- managed
|
|
become: true
|
|
become_user: root
|
|
become_method: sudo
|
|
vars_files:
|
|
- vars.yaml
|
|
tasks:
|
|
- name: delete unused peers
|
|
shell: wg set {{ wireguard.interface }} peer {{ item }} remove
|
|
loop:
|
|
- "CQxNsdPgfzjvOszjn/UZHFdAY3k+D9J+vI8qKUjCYV0="
|
|
- name: wg set peers
|
|
shell: >
|
|
wg set {{ wireguard.interface }}
|
|
peer {{ item.public_key }}
|
|
allowed-ips '{{ ip[item.name].address_ipv6 }},{{ ip[item.name].address_ipv4 }}'
|
|
persistent-keepalive 5
|
|
{% if item.endpoint %}
|
|
endpoint '{{ item.endpoint }}'
|
|
{% endif %}
|
|
loop: "{{ peers }}"
|
|
- name: wg delete peers
|
|
shell: >
|
|
wg set {{ wireguard.interface }}
|
|
peer {{ item }} remove
|
|
loop:
|
|
- 9/dBUlO9TGf0H9M3xwPiuIuz6Q/u7fSJVZaUxqAiqi8=
|
|
ignore_errors: yes
|
|
- name: save wg config
|
|
shell: wg-quick save {{ wireguard.interface }}
|