Skip to content

Fix Ansible 12 double-templating and Jinja2 spacing issues #14836

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Sep 15, 2025
Merged

Fix Ansible 12 double-templating and Jinja2 spacing issues #14836

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
cb4620d
Fix Ansible 12 double-templating and Jinja2 spacing issues
dguido Sep 15, 2025
122a34d
Fix Python linting issue
dguido Sep 15, 2025
fd37fa4
Fix line length linting issues
dguido Sep 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion files/cloud-init/base.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ users:
shell: /bin/bash
lock_passwd: true
ssh_authorized_keys:
- "{{ lookup('file', '{{ SSH_keys.public }}') }}"
- "{{ lookup('file', SSH_keys.public) }}"

write_files:
- path: /etc/ssh/sshd_config
Expand Down
31 changes: 9 additions & 22 deletions input.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,35 +109,22 @@
- name: Set facts based on the input
set_fact:
algo_server_name: >-
{% if server_name is defined %}{% set _server = server_name %}
{%- elif _algo_server_name.user_input is defined and _algo_server_name.user_input | length > 0 -%}
{% if server_name is defined %}{% set _server = server_name %}{%- elif _algo_server_name.user_input is defined and _algo_server_name.user_input | length > 0 -%}
{%- set _server = _algo_server_name.user_input -%}
{%- else %}{% set _server = defaults['server_name'] %}{% endif -%}
{{ _server | regex_replace('(?!\.)(\W | _)', '-') }}
{{ _server | regex_replace('(?!\.)(\W|_)', '-') }}
algo_ondemand_cellular: >-
{% if ondemand_cellular is defined %}{{ ondemand_cellular | bool }}
{%- elif _ondemand_cellular.user_input is defined %}{{ booleans_map[_ondemand_cellular.user_input] | default(defaults['ondemand_cellular']) }}
{%- else %}{{ false }}{% endif %}
{% if ondemand_cellular is defined %}{{ ondemand_cellular | bool }}{%- elif _ondemand_cellular.user_input is defined %}{{ booleans_map[_ondemand_cellular.user_input] | default(defaults['ondemand_cellular']) }}{%- else %}{{ false }}{% endif %}
algo_ondemand_wifi: >-
{% if ondemand_wifi is defined %}{{ ondemand_wifi | bool }}
{%- elif _ondemand_wifi.user_input is defined %}{{ booleans_map[_ondemand_wifi.user_input] | default(defaults['ondemand_wifi']) }}
{%- else %}{{ false }}{% endif %}
{% if ondemand_wifi is defined %}{{ ondemand_wifi | bool }}{%- elif _ondemand_wifi.user_input is defined %}{{ booleans_map[_ondemand_wifi.user_input] | default(defaults['ondemand_wifi']) }}{%- else %}{{ false }}{% endif %}
algo_ondemand_wifi_exclude: >-
{% if ondemand_wifi_exclude is defined %}{{ ondemand_wifi_exclude | b64encode }}
{%- elif _ondemand_wifi_exclude.user_input is defined and _ondemand_wifi_exclude.user_input | length > 0 -%}
{{ _ondemand_wifi_exclude.user_input | b64encode }}
{%- else %}{{ '_null' | b64encode }}{% endif %}
{% if ondemand_wifi_exclude is defined %}{{ ondemand_wifi_exclude | b64encode }}{%- elif _ondemand_wifi_exclude.user_input is defined and _ondemand_wifi_exclude.user_input | length > 0 -%}
{{ _ondemand_wifi_exclude.user_input | b64encode }}{%- else %}{{ '_null' | b64encode }}{% endif %}
algo_dns_adblocking: >-
{% if dns_adblocking is defined %}{{ dns_adblocking | bool }}
{%- elif _dns_adblocking.user_input is defined %}{{ booleans_map[_dns_adblocking.user_input] | default(defaults['dns_adblocking']) }}
{%- else %}{{ false }}{% endif %}
{% if dns_adblocking is defined %}{{ dns_adblocking | bool }}{%- elif _dns_adblocking.user_input is defined %}{{ booleans_map[_dns_adblocking.user_input] | default(defaults['dns_adblocking']) }}{%- else %}{{ false }}{% endif %}
algo_ssh_tunneling: >-
{% if ssh_tunneling is defined %}{{ ssh_tunneling | bool }}
{%- elif _ssh_tunneling.user_input is defined %}{{ booleans_map[_ssh_tunneling.user_input] | default(defaults['ssh_tunneling']) }}
{%- else %}{{ false }}{% endif %}
{% if ssh_tunneling is defined %}{{ ssh_tunneling | bool }}{%- elif _ssh_tunneling.user_input is defined %}{{ booleans_map[_ssh_tunneling.user_input] | default(defaults['ssh_tunneling']) }}{%- else %}{{ false }}{% endif %}
algo_store_pki: >-
{% if ipsec_enabled %}{%- if store_pki is defined %}{{ store_pki | bool }}
{%- elif _store_pki.user_input is defined %}{{ booleans_map[_store_pki.user_input] | default(defaults['store_pki']) }}
{%- else %}{{ false }}{% endif %}{% endif %}
{% if ipsec_enabled %}{%- if store_pki is defined %}{{ store_pki | bool }}{%- elif _store_pki.user_input is defined %}{{ booleans_map[_store_pki.user_input] | default(defaults['store_pki']) }}{%- else %}{{ false }}{% endif %}{% endif %}
rescue:
- include_tasks: playbooks/rescue.yml
6 changes: 2 additions & 4 deletions roles/cloud-azure/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,7 @@

- set_fact:
algo_region: >-
{% if region is defined %}{{ region }}
{%- elif _algo_region.user_input %}{{ azure_regions[_algo_region.user_input | int -1 ]['name'] }}
{%- else %}{{ azure_regions[default_region | int - 1]['name'] }}{% endif %}
{% if region is defined %}{{ region }}{%- elif _algo_region.user_input %}{{ azure_regions[_algo_region.user_input | int - 1]['name'] }}{%- else %}{{ azure_regions[default_region | int - 1]['name'] }}{% endif %}

- name: Create AlgoVPN Server
azure_rm_deployment:
Expand All @@ -24,7 +22,7 @@
location: "{{ algo_region }}"
parameters:
sshKeyData:
value: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
value: "{{ lookup('file', SSH_keys.public) }}"
WireGuardPort:
value: "{{ wireguard_port }}"
vmSize:
Expand Down
4 changes: 1 addition & 3 deletions roles/cloud-azure/tasks/prompts.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,7 @@
- name: Set the default region
set_fact:
default_region: >-
{% for r in azure_regions %}
{%- if r['name'] == "eastus" %}{{ loop.index }}{% endif %}
{%- endfor %}
{% for r in azure_regions %}{%- if r['name'] == "eastus" %}{{ loop.index }}{% endif %}{%- endfor %}

- pause:
prompt: |
Expand Down
4 changes: 1 addition & 3 deletions roles/cloud-cloudstack/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,7 @@
- block:
- set_fact:
algo_region: >-
{% if region is defined %}{{ region }}
{%- elif _algo_region.user_input is defined and _algo_region.user_input | length > 0 %}{{ cs_zones[_algo_region.user_input | int -1 ]['name'] }}
{%- else %}{{ cs_zones[default_zone | int - 1]['name'] }}{% endif %}
{%- if region is defined -%}{{ region }}{%- elif _algo_region.user_input is defined and _algo_region.user_input | length > 0 -%}{{ cs_zones[_algo_region.user_input | int - 1]['name'] }}{%- else -%}{{ cs_zones[default_zone | int - 1]['name'] }}{%- endif -%}

- name: Security group created
cs_securitygroup:
Expand Down
4 changes: 2 additions & 2 deletions roles/cloud-cloudstack/tasks/prompts.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,8 @@
- name: Set the default zone
set_fact:
default_zone: >-
{% for z in cs_zones %}
{%- if z['name'] == "ch-gva-2" %}{{ loop.index }}{% endif %}
{%- for z in cs_zones -%}
{%- if z['name'] == "ch-gva-2" %}{{ loop.index }}{% endif -%}
{%- endfor %}

- pause:
Expand Down
2 changes: 1 addition & 1 deletion roles/cloud-digitalocean/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
digital_ocean_sshkey:
oauth_token: "{{ algo_do_token }}"
name: "{{ SSH_keys.comment }}"
ssh_pub_key: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
ssh_pub_key: "{{ lookup('file', SSH_keys.public) }}"
register: do_ssh_key

- name: Creating a droplet...
Expand Down
8 changes: 2 additions & 6 deletions roles/cloud-digitalocean/tasks/prompts.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,7 @@
- name: Set default region
set_fact:
default_region: >-
{% for r in do_regions %}
{%- if r['slug'] == "nyc3" %}{{ loop.index }}{% endif %}
{%- endfor %}
{% for r in do_regions %}{%- if r['slug'] == "nyc3" %}{{ loop.index }}{% endif %}{%- endfor %}

- pause:
prompt: |
Expand All @@ -51,6 +49,4 @@
- name: Set additional facts
set_fact:
algo_do_region: >-
{% if region is defined %}{{ region }}
{%- elif _algo_region.user_input %}{{ do_regions[_algo_region.user_input | int -1 ]['slug'] }}
{%- else %}{{ do_regions[default_region | int - 1]['slug'] }}{% endif %}
{% if region is defined %}{{ region }}{%- elif _algo_region.user_input %}{{ do_regions[_algo_region.user_input | int - 1]['slug'] }}{%- else %}{{ do_regions[default_region | int - 1]['slug'] }}{% endif %}
10 changes: 4 additions & 6 deletions roles/cloud-ec2/tasks/prompts.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,8 +82,8 @@
- name: Set the default region
set_fact:
default_region: >-
{% for r in aws_regions %}
{%- if r['region_name'] == "us-east-1" %}{{ loop.index }}{% endif %}
{%- for r in aws_regions -%}
{%- if r['region_name'] == "us-east-1" %}{{ loop.index }}{% endif -%}
{%- endfor %}

- pause:
Expand All @@ -102,9 +102,7 @@
- name: Set algo_region and stack_name facts
set_fact:
algo_region: >-
{% if region is defined %}{{ region }}
{%- elif _algo_region.user_input %}{{ aws_regions[_algo_region.user_input | int -1 ]['region_name'] }}
{%- else %}{{ aws_regions[default_region | int - 1]['region_name'] }}{% endif %}
{%- if region is defined -%}{{ region }}{%- elif _algo_region.user_input -%}{{ aws_regions[_algo_region.user_input | int - 1]['region_name'] }}{%- else -%}{{ aws_regions[default_region | int - 1]['region_name'] }}{%- endif -%}
stack_name: "{{ algo_server_name | replace('.', '-') }}"

- block:
Expand All @@ -131,5 +129,5 @@
register: _use_existing_eip

- set_fact:
existing_eip: "{{ available_eip_addresses[_use_existing_eip.user_input | int -1 ]['allocation_id'] }}"
existing_eip: "{{ available_eip_addresses[_use_existing_eip.user_input | int - 1]['allocation_id'] }}"
when: cloud_providers.ec2.use_existing_eip
6 changes: 3 additions & 3 deletions roles/cloud-gce/tasks/prompts.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,11 @@
credentials_file_path: >-
{{ gce_credentials_file | default(_gce_credentials_file.user_input|default(None)) |
default(lookup('env', 'GCE_CREDENTIALS_FILE_PATH'), true) }}
ssh_public_key_lookup: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
ssh_public_key_lookup: "{{ lookup('file', SSH_keys.public) }}"
no_log: true

- set_fact:
credentials_file_lookup: "{{ lookup('file', '{{ credentials_file_path }}') }}"
credentials_file_lookup: "{{ lookup('file', credentials_file_path) }}"
no_log: true

- set_fact:
Expand All @@ -26,7 +26,7 @@
no_log: true

- block:
- name: Get regions

Check failure on line 29 in roles/cloud-gce/tasks/prompts.yml

View workflow job for this annotation

GitHub Actions / Linting

syntax-check[unknown-module] 

couldn't resolve module/action 'gcp_compute_location_info'. This often indicates a misspelling, missing collection, or incorrect module path.
gcp_compute_location_info:
auth_kind: serviceaccount
service_account_file: "{{ credentials_file_path }}"
Expand Down Expand Up @@ -66,7 +66,7 @@
set_fact:
algo_region: >-
{% if region is defined %}{{ region }}
{%- elif _gce_region.user_input %}{{ gce_regions[_gce_region.user_input | int -1 ] }}
{%- elif _gce_region.user_input %}{{ gce_regions[_gce_region.user_input | int - 1] }}
{%- else %}{{ gce_regions[default_region | int - 1] }}{% endif %}

- name: Get zones
Expand Down
8 changes: 3 additions & 5 deletions roles/cloud-hetzner/tasks/prompts.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,8 @@
- name: Set default region
set_fact:
default_region: >-
{% for r in hcloud_regions %}
{%- if r['location'] == "nbg1" %}{{ loop.index }}{% endif %}
{%- for r in hcloud_regions -%}
{%- if r['location'] == "nbg1" %}{{ loop.index }}{% endif -%}
{%- endfor %}
- pause:
Expand All @@ -45,6 +45,4 @@
- name: Set additional facts
set_fact:
algo_hcloud_region: >-
{% if region is defined %}{{ region }}
{%- elif _algo_region.user_input %}{{ hcloud_regions[_algo_region.user_input | int -1 ]['location'] }}
{%- else %}{{ hcloud_regions[default_region | int - 1]['location'] }}{% endif %}
{%- if region is defined -%}{{ region }}{%- elif _algo_region.user_input -%}{{ hcloud_regions[_algo_region.user_input | int - 1]['location'] }}{%- else -%}{{ hcloud_regions[default_region | int - 1]['location'] }}{%- endif -%}
2 changes: 1 addition & 1 deletion roles/cloud-lightsail/tasks/prompts.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
no_log: true

- block:
- name: Get regions

Check failure on line 29 in roles/cloud-lightsail/tasks/prompts.yml

View workflow job for this annotation

GitHub Actions / Linting

syntax-check[unknown-module] 

couldn't resolve module/action 'lightsail_region_facts'. This often indicates a misspelling, missing collection, or incorrect module path.
lightsail_region_facts:
aws_access_key: "{{ access_key }}"
aws_secret_key: "{{ secret_key }}"
Expand Down Expand Up @@ -62,5 +62,5 @@
stack_name: "{{ algo_server_name | replace('.', '-') }}"
algo_region: >-
{% if region is defined %}{{ region }}
{%- elif _algo_region.user_input %}{{ lightsail_regions[_algo_region.user_input | int -1 ]['name'] }}
{%- elif _algo_region.user_input %}{{ lightsail_regions[_algo_region.user_input | int - 1]['name'] }}
{%- else %}{{ lightsail_regions[default_region | int - 1]['name'] }}{% endif %}
10 changes: 4 additions & 6 deletions roles/cloud-linode/tasks/prompts.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@
- name: Set default region
set_fact:
default_region: >-
{% for r in linode_regions %}
{%- if r['id'] == "us-east" %}{{ loop.index }}{% endif %}
{%- for r in linode_regions -%}
{%- if r['id'] == "us-east" %}{{ loop.index }}{% endif -%}
{%- endfor %}

- pause:
Expand All @@ -47,7 +47,5 @@
- name: Set additional facts
set_fact:
algo_linode_region: >-
{% if region is defined %}{{ region }}
{%- elif _algo_region.user_input %}{{ linode_regions[_algo_region.user_input | int -1 ]['id'] }}
{%- else %}{{ linode_regions[default_region | int - 1]['id'] }}{% endif %}
public_key: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
{%- if region is defined -%}{{ region }}{%- elif _algo_region.user_input -%}{{ linode_regions[_algo_region.user_input | int - 1]['id'] }}{%- else -%}{{ linode_regions[default_region | int - 1]['id'] }}{%- endif -%}
public_key: "{{ lookup('file', SSH_keys.public) }}"
2 changes: 1 addition & 1 deletion roles/cloud-scaleway/tasks/prompts.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,6 @@
algo_scaleway_token: "{{ scaleway_token | default(_scaleway_token.user_input) | default(lookup('env', 'SCW_TOKEN'), true) }}"
algo_region: >-
{% if region is defined %}{{ region }}
{%- elif _algo_region.user_input %}{{ scaleway_regions[_algo_region.user_input | int -1 ]['alias'] }}
{%- elif _algo_region.user_input %}{{ scaleway_regions[_algo_region.user_input | int - 1]['alias'] }}
{%- else %}{{ scaleway_regions.0.alias }}{% endif %}
no_log: true
4 changes: 1 addition & 3 deletions roles/cloud-vultr/tasks/prompts.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,4 @@
- name: Set the desired region as a fact
set_fact:
algo_vultr_region: >-
{% if region is defined %}{{ region }}
{%- elif _algo_region.user_input %}{{ vultr_regions[_algo_region.user_input | int -1 ]['id'] }}
{%- else %}{{ vultr_regions[default_region | int - 1]['id'] }}{% endif %}
{%- if region is defined -%}{{ region }}{%- elif _algo_region.user_input -%}{{ vultr_regions[_algo_region.user_input | int - 1]['id'] }}{%- else -%}{{ vultr_regions[default_region | int - 1]['id'] }}{%- endif -%}
12 changes: 3 additions & 9 deletions roles/local/tasks/prompts.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,7 @@
- name: Set the facts
set_fact:
cloud_instance_ip: >-
{% if server is defined %}{{ server }}
{%- elif _algo_server.user_input %}{{ _algo_server.user_input }}
{%- else %}localhost{% endif %}
{%- if server is defined -%}{{ server }}{%- elif _algo_server.user_input -%}{{ _algo_server.user_input }}{%- else -%}localhost{%- endif -%}

- block:
- pause:
Expand All @@ -35,9 +33,7 @@
- name: Set the facts
set_fact:
ansible_ssh_user: >-
{% if ssh_user is defined %}{{ ssh_user }}
{%- elif _algo_ssh_user.user_input %}{{ _algo_ssh_user.user_input }}
{%- else %}root{% endif %}
{%- if ssh_user is defined -%}{{ ssh_user }}{%- elif _algo_ssh_user.user_input -%}{{ _algo_ssh_user.user_input }}{%- else -%}root{%- endif -%}
when: cloud_instance_ip != "localhost"

- pause:
Expand All @@ -50,6 +46,4 @@
- name: Set the facts
set_fact:
IP_subject_alt_name: >-
{% if endpoint is defined %}{{ endpoint }}
{%- elif _endpoint.user_input %}{{ _endpoint.user_input }}
{%- else %}{{ cloud_instance_ip }}{% endif %}
{%- if endpoint is defined -%}{{ endpoint }}{%- elif _endpoint.user_input -%}{{ _endpoint.user_input }}{%- else -%}{{ cloud_instance_ip }}{%- endif -%}
20 changes: 2 additions & 18 deletions roles/strongswan/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,26 +19,10 @@ openssl_constraint_random_id: "{{ IP_subject_alt_name | to_uuid }}.algo"
# Without SAN, IKEv2 connections will fail with certificate validation errors
subjectAltName_type: "{{ 'DNS' if IP_subject_alt_name | regex_search('[a-z]') else 'IP' }}"
subjectAltName: >-
{{ subjectAltName_type }}:{{ IP_subject_alt_name }}
{%- if ipv6_support -%},IP:{{ ansible_default_ipv6['address'] }}{%- endif -%}
{{ subjectAltName_type }}:{{ IP_subject_alt_name }}{%- if ipv6_support -%},IP:{{ ansible_default_ipv6['address'] }}{%- endif -%}
subjectAltName_USER: email:{{ item }}@{{ openssl_constraint_random_id }}
nameConstraints: >-
critical,permitted;{{ subjectAltName_type }}:{{ IP_subject_alt_name }}{{- '/255.255.255.255' if subjectAltName_type == 'IP' else '' -}}
{%- if subjectAltName_type == 'IP' -%}
,permitted;DNS:{{ openssl_constraint_random_id }}
,excluded;DNS:.com,excluded;DNS:.org,excluded;DNS:.net,excluded;DNS:.gov,excluded;DNS:.edu,excluded;DNS:.mil,excluded;DNS:.int
,excluded;IP:10.0.0.0/255.0.0.0,excluded;IP:172.16.0.0/255.240.0.0,excluded;IP:192.168.0.0/255.255.0.0
{%- else -%}
,excluded;IP:0.0.0.0/0.0.0.0
{%- endif -%}
,permitted;email:{{ openssl_constraint_random_id }}
,excluded;email:.com,excluded;email:.org,excluded;email:.net,excluded;email:.gov,excluded;email:.edu,excluded;email:.mil,excluded;email:.int
{%- if ipv6_support -%}
,permitted;IP:{{ ansible_default_ipv6['address'] }}/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
,excluded;IP:fc00:0:0:0:0:0:0:0/fe00:0:0:0:0:0:0:0,excluded;IP:fe80:0:0:0:0:0:0:0/ffc0:0:0:0:0:0:0:0,excluded;IP:2001:db8:0:0:0:0:0:0/ffff:fff8:0:0:0:0:0:0
{%- else -%}
,excluded;IP:::/0
{%- endif -%}
critical,permitted;{{ subjectAltName_type }}:{{ IP_subject_alt_name }}{{- '/255.255.255.255' if subjectAltName_type == 'IP' else '' -}}{%- if subjectAltName_type == 'IP' -%},permitted;DNS:{{ openssl_constraint_random_id }},excluded;DNS:.com,excluded;DNS:.org,excluded;DNS:.net,excluded;DNS:.gov,excluded;DNS:.edu,excluded;DNS:.mil,excluded;DNS:.int,excluded;IP:10.0.0.0/255.0.0.0,excluded;IP:172.16.0.0/255.240.0.0,excluded;IP:192.168.0.0/255.255.0.0{%- else -%},excluded;IP:0.0.0.0/0.0.0.0{%- endif -%},permitted;email:{{ openssl_constraint_random_id }},excluded;email:.com,excluded;email:.org,excluded;email:.net,excluded;email:.gov,excluded;email:.edu,excluded;email:.mil,excluded;email:.int{%- if ipv6_support -%},permitted;IP:{{ ansible_default_ipv6['address'] }}/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff,excluded;IP:fc00:0:0:0:0:0:0:0/fe00:0:0:0:0:0:0:0,excluded;IP:fe80:0:0:0:0:0:0:0/ffc0:0:0:0:0:0:0:0,excluded;IP:2001:db8:0:0:0:0:0:0/ffff:fff8:0:0:0:0:0:0{%- else -%},excluded;IP:::/0{%- endif -%}
openssl_bin: openssl
strongswan_enabled_plugins:
- aes
Expand Down
2 changes: 1 addition & 1 deletion roles/strongswan/tasks/client_configs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@

- name: Set facts for mobileconfigs
set_fact:
PayloadContentCA: "{{ lookup('file' , '{{ ipsec_pki_path }}/cacert.pem')|b64encode }}"
PayloadContentCA: "{{ lookup('file', ipsec_pki_path + '/cacert.pem') | b64encode }}"

- name: Build the mobileconfigs
template:
Expand Down
11 changes: 3 additions & 8 deletions roles/wireguard/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,10 @@ wireguard_port_avoid: 53
wireguard_port_actual: 51820
keys_clean_all: false
wireguard_dns_servers: >-
{% if algo_dns_adblocking | default(false) | bool or dns_encryption | default(false) | bool %}
{{ local_service_ip }}{{ ', ' + local_service_ipv6 if ipv6_support else '' }}
{% else %}
{% for host in dns_servers.ipv4 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}
{%- if ipv6_support %},{% for host in dns_servers.ipv6 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}
{% endif %}
{% if algo_dns_adblocking | default(false) | bool or dns_encryption | default(false) | bool %}{{ local_service_ip }}{{ ', ' + local_service_ipv6 if ipv6_support else '' }}{% else %}{% for host in dns_servers.ipv4 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{%- if ipv6_support %},{% for host in dns_servers.ipv6 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}{% endif %}
wireguard_client_ip: >-
{{ wireguard_network_ipv4 | ansible.utils.ipmath(index | int+2) }}
{{ ',' + wireguard_network_ipv6 | ansible.utils.ipmath(index | int+2) if ipv6_support else '' }}
{{ wireguard_network_ipv4 | ansible.utils.ipmath(index | int + 2) }}
{{ ',' + wireguard_network_ipv6 | ansible.utils.ipmath(index | int + 2) if ipv6_support else '' }}
wireguard_server_ip: >-
{{ wireguard_network_ipv4 | ansible.utils.ipaddr('1') }}
{{ ',' + wireguard_network_ipv6 | ansible.utils.ipaddr('1') if ipv6_support else '' }}
2 changes: 1 addition & 1 deletion server.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -235,7 +235,7 @@
- "{{ congrats.common.split('\n') }}"
- " {{ congrats.p12_pass if algo_ssh_tunneling or ipsec_enabled else '' }}"
- " {{ congrats.ca_key_pass if algo_store_pki and ipsec_enabled else '' }}"
- " {{ congrats.ssh_access if algo_provider != 'local' else ''}}"
- " {{ congrats.ssh_access if algo_provider != 'local' else '' }}"
tags: always
rescue:
- include_tasks: playbooks/rescue.yml
Loading
Loading