From a1fcbe0024dbed9d9782766273f47679bd9caeb3 Mon Sep 17 00:00:00 2001
From: Remko Molier <remko.molier@googlemail.com>
Date: Mon, 10 Feb 2025 12:16:19 +0100
Subject: [PATCH] fix: ensure peers are only output when the public key fact is
 available for them

In the case wireguard is installed for only a subgroup of all the hosts in the play, the current solution will not work.

This is a quick fix to not create peers if the public key has not been set as a fact for this host.
---
 templates/etc/wireguard/wg.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/etc/wireguard/wg.conf.j2 b/templates/etc/wireguard/wg.conf.j2
index ea1f8eb..7eecfbc 100644
--- a/templates/etc/wireguard/wg.conf.j2
+++ b/templates/etc/wireguard/wg.conf.j2
@@ -54,7 +54,7 @@ PostDown = {{ wg_postdown }}
 SaveConfig = {{ wireguard_save_config }}
 {% endif %}
 {% for host in ansible_play_hosts %}
-{%   if host != inventory_hostname and ((hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "") or (wireguard_endpoint is defined and wireguard_endpoint != "")) %}
+{%   if host != inventory_hostname and hostvars[host].wireguard__fact_public_key is defined and ((hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "") or (wireguard_endpoint is defined and wireguard_endpoint != "")) %}
 
 [Peer]
 # Name = {{ host }}