mmt-infra/playbooks/roles/wireguard-mesh/templates/mmtmesh.conf.j2

[Interface]
Address={{ wireguard_node_ips[inventory_hostname] }}/32
ListenPort={{ wireguard_listen_port }}
PrivateKey={{ wireguard_private_key.stdout }}
SaveConfig=true

{% for peer in groups['wireguard-mesh'] %}
{% if peer != inventory_hostname %}

[Peer]
PublicKey={{ hostvars[peer].wireguard_public_key.stdout }}
PresharedKey={{ wireguard_preshared_keys[peer] if inventory_hostname < peer else hostvars[peer].wireguard_preshared_keys[inventory_hostname] }}
{% if wireguard_node_ips[peer] == '10.212.0.1' %}
AllowedIPs={{ wireguard_node_ips[peer] }}/32, 10.137.0.0/16
{% else %}
AllowedIPs={{ wireguard_node_ips[peer] }}/32
{% endif %}
Endpoint={{ peer | replace('.int.', '.') }}:{{ wireguard_listen_port }}

{% endif %}
{% endfor %}
init 2024-05-01 04:33:35 -04:00			`[Interface]`
			`Address={{ wireguard_node_ips[inventory_hostname] }}/32`
			`ListenPort={{ wireguard_listen_port }}`
			`PrivateKey={{ wireguard_private_key.stdout }}`
borg 2024-05-04 16:19:48 -04:00			`SaveConfig=true`
init 2024-05-01 04:33:35 -04:00
			`{% for peer in groups['wireguard-mesh'] %}`
			`{% if peer != inventory_hostname %}`

			`[Peer]`
			`PublicKey={{ hostvars[peer].wireguard_public_key.stdout }}`
			`PresharedKey={{ wireguard_preshared_keys[peer] if inventory_hostname < peer else hostvars[peer].wireguard_preshared_keys[inventory_hostname] }}`
borg 2024-05-04 16:19:48 -04:00			`{% if wireguard_node_ips[peer] == '10.212.0.1' %}`
			`AllowedIPs={{ wireguard_node_ips[peer] }}/32, 10.137.0.0/16`
			`{% else %}`
init 2024-05-01 04:33:35 -04:00			`AllowedIPs={{ wireguard_node_ips[peer] }}/32`
borg 2024-05-04 16:19:48 -04:00			`{% endif %}`
			`Endpoint={{ peer \| replace('.int.', '.') }}:{{ wireguard_listen_port }}`
init 2024-05-01 04:33:35 -04:00
			`{% endif %}`
			`{% endfor %}`