diff --git a/roles/service-bird-lg/meta/main.yml b/roles/service-bird-lg/meta/main.yml index 35e84d4..454abce 100644 --- a/roles/service-bird-lg/meta/main.yml +++ b/roles/service-bird-lg/meta/main.yml @@ -1,4 +1,5 @@ --- dependencies: + - { role: wireguard } - { role: service-bird } - { role: service-nginx } diff --git a/roles/service-bird-lg/templates/lgproxy.cfg.j2 b/roles/service-bird-lg/templates/lgproxy.cfg.j2 index 0e18f52..43c82c5 100644 --- a/roles/service-bird-lg/templates/lgproxy.cfg.j2 +++ b/roles/service-bird-lg/templates/lgproxy.cfg.j2 @@ -3,14 +3,20 @@ DEBUG=False LOG_FILE="/var/log/bird-lg/lg-proxy.log" LOG_LEVEL="WARNING" -BIND_IP = "{{ loopback_net_ipv4 | ipsubnet(32, magic) | ipaddr('address') }}" +BIND_IP = "{{ loopback_net_ipv4 | ipaddr(magic) | ipaddr('address') }}" BIND_PORT = 5000 -ACCESS_LIST = [ {% for host in groups["ffmwu-monitoring"] %}"{{ loopback_net_ipv4 | ipsubnet(32, hostvars[host]['magic']) | ipaddr('address') }}"{% if not loop.last %}, {% endif %}{% endfor %} ] - -# ??? -IPV4_SOURCE = "10.207.0.37" -IPV6_SOURCE = "fec0::a:cf:0:25" +ACCESS_LIST = [ +{% for network in my_wireguard_networks %} +{% if network.remote_hostname in groups["ffmwu-monitoring"] %} +{% if magic > network.remote_magic %} + "{{ network.ipv4 | ipaddr(0) | ipaddr('address') }}", +{% else %} + "{{ network.ipv4 | ipaddr(1) | ipaddr('address') }}", +{% endif %} +{% endif %} +{% endfor %} +] BIRD_SOCKET="/var/run/bird/bird.ctl" BIRD6_SOCKET="/var/run/bird/bird6.ctl"