Add support for wireguard_include_peers variable #196
Conversation
jelmer
force-pushed
the
wireguard-peers
branch
from
cc6d1a7 to
905e141
Compare
jelmer
changed the title
There was a problem hiding this comment.
Thanks for your PR! I'm currently not so happy with the variable name wireguard_reachable_peers 😉 While the term is "technically" true I think it takes a bit to figure out what this variable is all about. E.g. if the variable would be called wireguard_include_peers then it'd be possible to also introduce wireguard_exclude_peers later if needed. Formerly that would have been a "whitelist" and "blacklist" I guess but makes no sense anymore to use them.
Nevertheless there is definitely some documentation needed and the variable should be put separately in README. The variables in that variable block are covered by "wg_quick". That's why wireguard_unmanaged_peers shouldn't be there too. I'll change that with the next release.
So can you please put your variable and one or two sentences below the text The commands are executed in order as described in wg-quick.8?
jelmer
force-pushed
the
wireguard-peers
branch
from
905e141 to
0bf882d
Compare
|
That seems reasonable - updated to address your feedback. |
jelmer
changed the title
jelmer
force-pushed
the
wireguard-peers
branch
from
0bf882d to
e509874
Compare
|
@githubixx any more thoughts on this? |
|
@jelmer Sorry, I'm currently a little bit short on time. I'll get back to you next week. I need to test the patch first to make sure it has no side effects. But it'd be helpful if you could extend the Molecule test accordingly. You don't have to execute it. It's just for me to have a starting point. Maybe make a copy of the Ubuntu 22.04 host and put it here with adjusted values. And the add the needed variable at the end here. Thanks! |
…master Pull request githubixx#196 Fixes githubixx#195 Add support for wireguard_include_peers variable
jelmer
force-pushed
the
wireguard-peers
branch
from
e509874 to
ad6a9f2
Compare
|
updated to resolve conflicts; I hope to get to adding tests sometime this month |
|
@jelmer Hello. Thanks for getting back at this. I am in dire need of this change :) - - name: There should be as much WireGuard interfaces as hosts in vpn group minus one
+ - name: There should be as many WireGuard interfaces as hosts in vpn group minus one or as defined peers
ansible.builtin.assert:
that:
- - "hosts_count|int -1 == wireguard__interfaces_count.stdout|int"
+ - >
+ (wireguard_include_peers is defined and
+ wireguard__interfaces_count.stdout|int == wireguard_include_peers|length) or
+ (wireguard_include_peers is not defined and
+ hosts_count|int - 1 == wireguard__interfaces_count.stdout|int) |
This allows explicitly setting which peers a node can connect to. If the variable is not present, then all peers are included.
Fixes #195