2 files changed, 11 insertions, 3 deletions

diff --git a/playbooks/roles/wireguard-mesh/tasks/main.yml b/playbooks/roles/wireguard-mesh/tasks/main.yml
index 9f9419f..34d46bc 100644
--- a/playbooks/roles/wireguard-mesh/tasks/main.yml
+++ b/playbooks/roles/wireguard-mesh/tasks/main.yml
@@ -8,8 +8,9 @@
     state: present
 
 - name: Get node ips from dns records
-  ansible.builtin.shell: "dig +short {{ item }} | tail -n1"
+  command: "dig +short {{ item }}"
   register: wireguard_node_ip
+  delegate_to: localhost
   with_items: "{{ groups['wireguard-mesh'] }}"
 
 - name: Massage node ips
diff --git a/playbooks/roles/wireguard-mesh/templates/mmtmesh.conf.j2 b/playbooks/roles/wireguard-mesh/templates/mmtmesh.conf.j2
index aa15d23..634b20a 100644
--- a/playbooks/roles/wireguard-mesh/templates/mmtmesh.conf.j2
+++ b/playbooks/roles/wireguard-mesh/templates/mmtmesh.conf.j2
@@ -1,8 +1,11 @@
 [Interface]
 Address={{ wireguard_node_ips[inventory_hostname] }}/32
-SaveConfig=true
 ListenPort={{ wireguard_listen_port }}
 PrivateKey={{ wireguard_private_key.stdout }}
+SaveConfig=true
+{% if wireguard_node_ips[inventory_hostname] != '10.212.0.1' %}
+PostUp=ip route add 10.137.0.0/16 via 10.212.0.1 dev mmtmesh
+{% endif %}
 
 {% for peer in groups['wireguard-mesh'] %}
 {% if peer != inventory_hostname %}
@@ -10,8 +13,12 @@ PrivateKey={{ wireguard_private_key.stdout }}
 [Peer]
 PublicKey={{ hostvars[peer].wireguard_public_key.stdout }}
 PresharedKey={{ wireguard_preshared_keys[peer] if inventory_hostname < peer else hostvars[peer].wireguard_preshared_keys[inventory_hostname] }}
+{% if wireguard_node_ips[peer] == '10.212.0.1' %}
+AllowedIPs={{ wireguard_node_ips[peer] }}/32, 10.137.0.0/16
+{% else %}
 AllowedIPs={{ wireguard_node_ips[peer] }}/32
-Endpoint={{ peer | replace('.int.', '.pub.') }}:{{ wireguard_listen_port }}
+{% endif %}
+Endpoint={{ peer | replace('.int.', '.') }}:{{ wireguard_listen_port }}
 
 {% endif %}
 {% endfor %}