Support for separate public address added (#25)

* Declaration of a public address added Possibility to set a seperate address as the public address of a node. Required if ansible works on dedicated management net. * Declaration of a public address added Possibility to set a seperate address as the public address of a node. Required if ansible works on dedicated management net. * Declaration of a public address added Possibility to set a seperate address as the public address of a node. Required if ansible works on dedicated management net. * Properly chained defaults, added hint in ReadMe, added public_add in client.conf * Moved public_addr hint in ReadMe to inventory file * Extracted comment from inventory file
mawalu · Dec 30, 2020 · c220399 · c220399
1 parent ca06331
commit c220399
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -20,13 +20,16 @@ $ ansible-galaxy install mawalu.wireguard_private_networking
 
 Install this role, assign a `vpn_ip` variable to every host that should be part of the network and run the role. Plese make sure to allow the VPN port (default is 5888) in your firewall. Here is a small example configuration:
 
+Optionally, you can set a `public_addr` on each host. This address will be used to connect to the wireguard peer instead of the address in the inventory. Useful if you are configuring over a different network than wireguard is using. e.g. ansible connects over a LAN to your peer.
+
 ```yaml
 # inventory host file
 
 wireguard:
   hosts:
     1.1.1.1:
       vpn_ip: 10.1.0.1/32
+      public_addr: "example.com" # optional
     2.2.2.2:
       vpn_ip: 10.1.0.2/32
 

diff --git a/templates/client.conf.j2 b/templates/client.conf.j2
@@ -6,7 +6,7 @@ PrivateKey = {{ client_privatekey.content | b64decode | trim }}
 [Peer]
 PublicKey = {{ hostvars[node].public.content | b64decode | trim }}
 AllowedIPs = {{ hostvars[node].vpn_ip }}
-Endpoint = {{ hostvars[node]['ansible_host'] | default(hostvars[node]['inventory_hostname']) }}:{{ wireguard_port }}
+Endpoint = {{ hostvars[node]['public_addr'] | default(hostvars[node]['ansible_host']) | default(hostvars[node]['inventory_hostname']) }}:{{ wireguard_port }}
 PersistentKeepalive = 25
 
 {% endfor %}

diff --git a/templates/interface.conf.j2 b/templates/interface.conf.j2
@@ -17,7 +17,7 @@ MTU = {{ wireguard_mtu }}
 [Peer]
 PublicKey = {{ hostvars[node].public.content | b64decode | trim }}
 AllowedIPs = {{ hostvars[node].vpn_ip }}
-Endpoint = {{ hostvars[node]['ansible_host'] | default(hostvars[node]['inventory_hostname']) }}:{{ wireguard_port }}
+Endpoint = {{ hostvars[node]['public_addr'] | default(hostvars[node]['ansible_host']) | default(hostvars[node]['inventory_hostname']) }}:{{ wireguard_port }}
 
 {% endif %}
 {% endfor %}