From 6f146f527c224557ec2fffc2af651372cb5b2b56 Mon Sep 17 00:00:00 2001
From: Alex <caskd@420blaze.it>
Date: Thu, 21 May 2020 20:21:01 +0200
Subject: [PATCH] Update some vars

---
 tasks/main.yml              |  5 +++++
 templates/wireguard.conf.j2 | 10 +++++-----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index 655a2f0..fef1dff 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,3 +1,8 @@
+- name: Include sensitive info
+  include_vars:
+        dir: '/vault/main.yml'
+  tags:
+        - vault
 - name: Copy configuration files
   loop:
         - { src: "wireguard.conf.j2", dest: "/etc/wireguard/wg0.conf", mode: '600' }
diff --git a/templates/wireguard.conf.j2 b/templates/wireguard.conf.j2
index 5d77e4f..4b3ed63 100644
--- a/templates/wireguard.conf.j2
+++ b/templates/wireguard.conf.j2
@@ -1,12 +1,12 @@
 [Interface]
-Address = {{ services.wireguard.net.v4.addr }}.1/{{ services.wireguard.net.v4.range.serv }}, {{ services.wireguard.net.v6.addr }}:1/{{ services.wireguard.net.v6.range.serv }}
-PostUp = iptables -A FORWARD -i {{ services.wireguard.interface }} -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i {{ services.wireguard.interface }} -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-PostDown = iptables -D FORWARD -i {{ services.wireguard.interface }} -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i {{ services.wireguard.interface }} -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
-ListenPort = {{ services.wireguard.port }}
+Address = {{ wireguard.net.v4.addr }}.1/{{ wireguard.net.v4.range.serv }}, {{ wireguard.net.v6.addr }}:1/{{ wireguard.net.v6.range.serv }}
+PostUp = iptables -A FORWARD -i {{ wireguard.interface }} -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i {{ wireguard.interface }} -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+PostDown = iptables -D FORWARD -i {{ wireguard.interface }} -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i {{ wireguard.interface }} -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+ListenPort = {{ wireguard.port }}
 PrivateKey = {{ wg.privkey }}
 
 {% for user in services.wireguard.peers %}
 [Peer]
 PublicKey = {{ user.pubkey }} 
-AllowedIPs = {{ services.wireguard.net.v4.addr }}.{{ user.bit }}/{{ services.wireguard.net.v4.range.clnt }}, {{ services.wireguard.net.v6.addr}}:{{ user.bit }}/{{ services.wireguard.net.v6.range.clnt }}
+AllowedIPs = {{ wireguard.net.v4.addr }}.{{ user.bit }}/{{ wireguard.net.v4.range.clnt }}, {{ wireguard.net.v6.addr}}:{{ user.bit }}/{{ wireguard.net.v6.range.clnt }}
 {% endfor %}