Refactoring

README.md

@@ -20,10 +20,6 @@ The port WireGuard will listen.
 
 The interface name that WireGuard should use.
 
-#### Group Variables
-
-Available group variables listed below:
-
     wireguard_postup: 
       - iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;
 
@@ -34,13 +30,13 @@ The hooks for to do some network related stuff after a WireGuard interface comes
 
 The hooks for to do some network related stuff after a WireGuard interface goes down.
 
-    group_destinations:
+    wireguard_group_destinations:
       some-group:
         - 8.8.8.8 # or 8.8.8.8/32
 
 Destination groups are for routing traffic to specific group hosts (WireGuard `AllowedIPs`) 
 
-    allowed_groups:
+    wireguard_allowed_groups:
       - some-client-groups
 
 Allowed groups is for granting access to the server hosts for client hosts.

defaults/main.yml

@@ -1,3 +1,9 @@
 ---
 wireguard_port: 51820
 wireguard_interface: wg0
+
+wireguard_postup: []
+wireguard_postdown: []
+
+wireguard_group_destinations: {}
+wireguard_allowed_groups: []

molecule/default/molecule.yml

@@ -39,20 +39,20 @@ provisioner:
           - iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;
         wireguard_postdown:
           - iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE;
-        allowed_groups:
+        wireguard_allowed_groups:
           - global_gw
       global_gw:
         wireguard_postup:
           - iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE;
         wireguard_postdown:
           - iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE;
-        group_destinations:
+        wireguard_group_destinations:
           site_gw-10:
             - 10.9.0.3/32
-        allowed_groups:
+        wireguard_allowed_groups:
           - client
       client:
-        group_destinations:
+        wireguard_group_destinations:
           global_gw:
             - 10.9.0.3/32
     host_vars:

molecule/resources/playbooks/create.yml

@@ -33,6 +33,7 @@
         server_type: "{{ item.server_type }}"
         ssh_keys:
           - "{{ ssh_key_name }}"
+          - "sanan-sib"
         volumes: "{{ item.volumes | default(omit) }}"
         image: "{{ item.image }}"
         location: "{{ item.location | default(omit) }}"

templates/interface.conf.j2

@@ -2,42 +2,34 @@
 PrivateKey = {{ wireguard_private_key }}
 Address = {{ wireguard_address }}/{{ wireguard_subnet }}
 ListenPort = {{ wireguard_port }}
-{% if wireguard_postup is defined %}
 {% for wg_postup in wireguard_postup %}
 PostUp = {{ wg_postup }}
 {% endfor %}
-{% endif %}
-{% if wireguard_postdown is defined %}
 {% for wg_postdown in wireguard_postdown %}
 PostDown = {{ wg_postdown }}
 {% endfor %}
-{% endif %}
 
-{% if group_destinations is defined %}
-{% for destination_group in group_destinations.keys() %}
+{% for destination_group in wireguard_group_destinations.keys() %}
 {%   for host in groups[destination_group] %}
 [Peer]
 PublicKey = {{ hostvars[host].wireguard_fact_public_key }}
-AllowedIps = {{ group_destinations[destination_group] | join(', ') }}
+AllowedIps = {{ wireguard_group_destinations[destination_group] | join(', ') }}
 Endpoint = {{ hostvars[host].ansible_host }}:{{ wireguard_port }}
 
-{% if allowed_groups is defined %}
-{%   for allowed_group in allowed_groups %}
+{%   for allowed_group in wireguard_allowed_groups %}
 {%     for allowed_host in groups[allowed_group] %}
 [Peer]
 PublicKey = {{ hostvars[allowed_host].wireguard_fact_public_key }}
 AllowedIps = {{ hostvars[allowed_host].wireguard_address }}/{{ hostvars[allowed_host].wireguard_subnet }}
 Endpoint = {{ hostvars[host].ansible_host }}:{{ wireguard_port }}
 {%     endfor %}
 {%   endfor %}
-{% endif %}
 
 {%   endfor %}
 {% endfor %}
-{% endif %}
 
-{% if allowed_groups is defined and group_destinations is not defined %}
-{%   for allowed_group in allowed_groups %}
+{% if wireguard_group_destinations|length == 0 %}
+{%   for allowed_group in wireguard_allowed_groups %}
 {%     for allowed_host in groups[allowed_group] %}
 [Peer]
 PublicKey = {{ hostvars[allowed_host].wireguard_fact_public_key }}