infra/roles/pdns/templates/wireguard.conf

[Interface]
PrivateKey = {{ lookup('ansible.builtin.ini', 'private_key section=wireguard file=secrets/' + inventory_hostname + '.ini') }}
ListenPort = 51822
Address = {{ dns_wg_ip }}

{% for host in groups['nameservers'] %}
{% if host != inventory_hostname %}
# {{ host }}
[Peer]
Endpoint = {{ hostvars[host].dns_wg_endpoint|default(host) }}:51822
PublicKey = {{ hostvars[host].dns_wg_pubkey }}
AllowedIPs = {{ hostvars[host].dns_wg_ip }}

{% endif %}{% endfor %}
Initial commit 2024-01-17 17:45:49 +00:00			`[Interface]`
			`PrivateKey = {{ lookup('ansible.builtin.ini', 'private_key section=wireguard file=secrets/' + inventory_hostname + '.ini') }}`
			`ListenPort = 51822`
Add home-k8s which just has monitoring and misc cleanup 2024-02-04 00:16:30 +00:00			`Address = {{ dns_wg_ip }}`
Initial commit 2024-01-17 17:45:49 +00:00
enable aliases, but use localhost for upstream lookups 2024-04-08 00:54:12 +00:00			`{% for host in groups['nameservers'] %}`
Initial commit 2024-01-17 17:45:49 +00:00			`{% if host != inventory_hostname %}`
			`# {{ host }}`
			`[Peer]`
Add home-k8s which just has monitoring and misc cleanup 2024-02-04 00:16:30 +00:00			`Endpoint = {{ hostvars[host].dns_wg_endpoint\|default(host) }}:51822`
			`PublicKey = {{ hostvars[host].dns_wg_pubkey }}`
			`AllowedIPs = {{ hostvars[host].dns_wg_ip }}`
Initial commit 2024-01-17 17:45:49 +00:00
			`{% endif %}{% endfor %}`