From abeaf9fe374479f52a4cdccb17b43584be1cb982 Mon Sep 17 00:00:00 2001
From: Wojciech Kozlowski <wk@wojciechkozlowski.eu>
Date: Tue, 20 Dec 2022 19:40:33 +0100
Subject: [PATCH] Decouple bridge from wireguard role

---
 host_vars/yggdrasil/vars.yml                       | 5 +++++
 playbooks/roles/vpn/bridge/meta/argument_specs.yml | 7 ++-----
 playbooks/roles/vpn/bridge/templates/br0.j2        | 8 ++++----
 3 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/host_vars/yggdrasil/vars.yml b/host_vars/yggdrasil/vars.yml
index 2f983d6..e132463 100644
--- a/host_vars/yggdrasil/vars.yml
+++ b/host_vars/yggdrasil/vars.yml
@@ -32,6 +32,11 @@ vpn_wireguard_server_preshared_key: "{{ vault_vpn_wireguard_server_preshared_key
 vpn_wireguard_server_address: "{{ vault_vpn_wireguard_server_address }}"
 vpn_wireguard_routing_table: 66
 
+# --------------------------------------------------------------------------------------------------
+# vpn:bridge
+# --------------------------------------------------------------------------------------------------
+vpn_bridge_routing_table: "{{ vpn_wireguard_routing_table }}"
+
 # --------------------------------------------------------------------------------------------------
 # backups:snapshots
 # --------------------------------------------------------------------------------------------------
diff --git a/playbooks/roles/vpn/bridge/meta/argument_specs.yml b/playbooks/roles/vpn/bridge/meta/argument_specs.yml
index 7822eaf..1e9df8f 100644
--- a/playbooks/roles/vpn/bridge/meta/argument_specs.yml
+++ b/playbooks/roles/vpn/bridge/meta/argument_specs.yml
@@ -22,9 +22,6 @@ argument_specs:
       vpn_bridge_netmask:
         type: "str"
         required: true
-      vpn_wireguard_role:
-        type: "str"
-        required: true
-      vpn_wireguard_routing_table:
+      vpn_bridge_routing_table:
         type: "int"
-        required: "{{ vpn_wireguard_role == 'client' }}"
+        required: false
diff --git a/playbooks/roles/vpn/bridge/templates/br0.j2 b/playbooks/roles/vpn/bridge/templates/br0.j2
index 542933f..ae777d2 100644
--- a/playbooks/roles/vpn/bridge/templates/br0.j2
+++ b/playbooks/roles/vpn/bridge/templates/br0.j2
@@ -4,14 +4,14 @@ iface br0 inet static
 
     post-up /usr/local/sbin/post-up-$IFACE-inet.nft
     post-up /usr/local/sbin/post-up-$IFACE-ipv4.nft
-{% if vpn_wireguard_role == "client" %}
-    post-up ip rule add dev $IFACE table {{ vpn_wireguard_routing_table }}
+{% if vpn_bridge_routing_table is defined %}
+    post-up ip rule add dev $IFACE table {{ vpn_bridge_routing_table }}
     post-up ip rule add dev $IFACE to {{ local_network }} table main priority 1
 {% endif %}
 
-{% if vpn_wireguard_role == "client" %}
+{% if vpn_bridge_routing_table is defined %}
     pre-down ip rule del dev $IFACE to {{ local_network }} table main priority 1
-    pre-down ip rule del dev $IFACE table {{ vpn_wireguard_routing_table }}
+    pre-down ip rule del dev $IFACE table {{ vpn_bridge_routing_table }}
 {% endif %}
     pre-down /usr/local/sbin/pre-down-$IFACE-ipv4.nft
     pre-down /usr/local/sbin/pre-down-$IFACE-inet.nft