feat: Move from Debian to Fedora

2026-04-21 01:32:58 +02:00
parent 3b900d7b9c
commit 25cf191476
9 changed files with 112 additions and 175 deletions
--- a/templates/wgN.j2
+++ b/templates/wgN.j2
@@ -1,22 +1,36 @@
 # {{ ansible_managed }}

-[Interface]
-{% if item.listen_port is defined %}
-ListenPort = {{ item.listen_port }}
-{% endif %}
-PrivateKey = {{ item.privkey }}
-Address = {{ item.addresses | join(', ') }}
+{%- if wireguard_openbao_mount | length > 0 %}
+{%- set openbao_path = [inventory_hostname, ansible_role_name, inventory_hostname] | join('/') %}
+{%- set privatekey = lookup('community.hashi_vault.vault_kv2_get', openbao_path)['data']['data']['privatekey'] %}
+{%- else %}
+{%- set privatekey = wireguard_interface_privatekey %}
+{%- endif %}
+
+[Interface]
+Address = {{ wireguard_interface_addresses | join(', ') }}
+ListenPort = {{ wireguard_interface_listen_port }}
+PrivateKey = {{ privatekey }}
+
+{% for peer in wireguard_peers -%}
+{% if wireguard_openbao_mount | length > 0 -%}
+{% set openbao_path = [inventory_hostname, ansible_role_name, peer.name] | join('/') -%}
+{% set publickey = lookup('community.hashi_vault.vault_kv2_get', openbao_path)['data']['data']['publickey'] -%}
+{% else -%}
+{% set publickey = peer.publickey -%}
+{% endif -%}

-{% for peer in item.peers %}
 [Peer]
 # {{ peer.name }}
-PublicKey = {{ peer.pubkey }}
+AllowedIPs = {{ peer.allowed_ips | join(', ') }}
 {% if peer.endpoint is defined %}
 Endpoint = {{ peer.endpoint }}
 {% endif %}
-AllowedIPs = {{ peer.allowed_ips | join(', ') }}
 {% if peer.persistent_keepalive is defined %}
 PersistentKeepalive = {{ peer.persistent_keepalive }}
 {% endif %}
+PublicKey = {{ publickey }}
+{% if not loop.last %}

+{% endif %}
 {% endfor %}