From cc6d1a7707176f483deeb5a1b7f7dcee239f3d0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jelmer=20Vernoo=C4=B3?= <jelmer@jelmer.uk>
Date: Mon, 13 Nov 2023 23:20:15 +0000
Subject: [PATCH] Add support for wireguard_peers variable

---
 README.md                          | 2 ++
 templates/etc/wireguard/wg.conf.j2 | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index ae64207..59e667c 100644
--- a/README.md
+++ b/README.md
@@ -265,6 +265,8 @@ wireguard_unmanaged_peers:
     allowed_ips: 10.0.0.3/32
     endpoint: client.example.com:51820
     persistent_keepalive: 0
+wireguard_peers:
+ - ...
 ```
 
 `wireguard_(preup|predown|postup|postdown)` are specified as lists. Here are two examples:
diff --git a/templates/etc/wireguard/wg.conf.j2 b/templates/etc/wireguard/wg.conf.j2
index bf9681a..afadf00 100644
--- a/templates/etc/wireguard/wg.conf.j2
+++ b/templates/etc/wireguard/wg.conf.j2
@@ -52,7 +52,7 @@ PostDown = {{ wg_postdown }}
 SaveConfig = {{ wireguard_save_config }}
 {% endif %}
 {% for host in ansible_play_hosts %}
-{%   if host != inventory_hostname %}
+{%   if host != inventory_hostname and (wireguard_peers is not defined or host in wireguard_peers) %}
 
 [Peer]
 # {{ host }}
@@ -104,6 +104,7 @@ Endpoint = {{host}}:{{wireguard_port}}
 
 # Peers not managed by Ansible from "wireguard_unmanaged_peers" variable
 {% for peer in wireguard_unmanaged_peers.keys() %}
+{%   if wireguard_peers is not defined or peer in wireguard_peers %}
 [Peer]
 # {{ peer }}
 PublicKey = {{ wireguard_unmanaged_peers[peer].public_key }}
@@ -119,5 +120,6 @@ Endpoint = {{ wireguard_unmanaged_peers[peer].endpoint }}
 {%     if wireguard_unmanaged_peers[peer].persistent_keepalive is defined %}
 PersistentKeepalive = {{ wireguard_unmanaged_peers[peer].persistent_keepalive }}
 {%     endif %}
+{%    endif %}
 {%   endfor %}
 {% endif %}