wip
This commit is contained in:
mwiegand
parent
cbaded9f8a
commit
1c9c4e0902
4 changed files with 11 additions and 17 deletions
|
|
@ -9,12 +9,8 @@ repo.libs.wireguard.repo = repo
|
|||
defaults = {
|
||||
'apt': {
|
||||
'packages': {
|
||||
# 'linux-headers-amd64': {},
|
||||
'wireguard': {
|
||||
'backports': node.os_version < (11,),
|
||||
# 'needs': [
|
||||
# 'pkg_apt:linux-headers-amd64',
|
||||
# ],
|
||||
'triggers': [
|
||||
'svc_systemd:systemd-networkd:restart',
|
||||
],
|
||||
|
|
@ -55,6 +51,9 @@ def client_peer_specific(metadata):
|
|||
'clients': {
|
||||
client: {
|
||||
'id': client,
|
||||
'route': [
|
||||
'172.30.0.0/24',
|
||||
]
|
||||
}
|
||||
for client in metadata.get('wireguard/clients')
|
||||
},
|
||||
|
|
@ -73,11 +72,6 @@ def systemd_networkd_networks(metadata):
|
|||
'Address': {
|
||||
'Address': metadata.get('wireguard/my_ip'),
|
||||
},
|
||||
'Route': {
|
||||
'Destination': str(ip_interface(metadata.get('wireguard/my_ip')).network),
|
||||
'GatewayOnlink': 'yes',
|
||||
'PreferredSource': str(ip_interface(metadata.get('network/internal/ipv4')).ip),
|
||||
},
|
||||
'Network': {
|
||||
'DHCP': 'no',
|
||||
'IPForward': 'yes',
|
||||
|
|
@ -87,15 +81,12 @@ def systemd_networkd_networks(metadata):
|
|||
|
||||
for peer, config in {
|
||||
**metadata.get('wireguard/peers'),
|
||||
**metadata.get('wireguard/clients'),
|
||||
}.items():
|
||||
for route in config.get('route', []):
|
||||
network.update({
|
||||
f'Route#{peer}_{route}': {
|
||||
'Destination': route,
|
||||
'Gateway': str(ip_interface(config['ip']).ip),
|
||||
'GatewayOnlink': 'yes',
|
||||
'PreferredSource': str(ip_interface(metadata.get('network/internal/ipv4')).ip),
|
||||
'Gateway': str(ip_interface(metadata.get('wireguard/my_ip')).ip),
|
||||
}
|
||||
})
|
||||
|
||||
|
|
@ -133,7 +124,7 @@ def systemd_networkd_netdevs(metadata):
|
|||
'PublicKey': repo.libs.wireguard.pubkey(config['id']),
|
||||
'PresharedKey': repo.libs.wireguard.psk(config['id'], metadata.get('id')),
|
||||
'AllowedIPs': ', '.join([
|
||||
str(ip_interface(config['ip']).ip),
|
||||
# '172.30.0.0/24', # FIXME
|
||||
*config.get('route', []),
|
||||
]), # FIXME
|
||||
'PersistentKeepalive': 30,
|
||||
|
|
|
|||
|
|
@ -58,10 +58,11 @@
|
|||
'ram': 16192,
|
||||
},
|
||||
'wireguard': {
|
||||
'my_ip': '172.30.0.2/24',
|
||||
'my_ip': '172.30.0.2/32',
|
||||
'peers': {
|
||||
'htz.mails': {
|
||||
'route': [
|
||||
'172.30.0.0/24',
|
||||
'10.0.10.0/24',
|
||||
'10.0.11.0/24',
|
||||
'10.0.20.0/24',
|
||||
|
|
|
|||
|
|
@ -31,10 +31,11 @@
|
|||
# 'hostname': 'mail2.sublimity.de',
|
||||
# },
|
||||
'wireguard': {
|
||||
'my_ip': '172.30.0.3/24',
|
||||
'my_ip': '172.30.0.3/32',
|
||||
'peers': {
|
||||
'htz.mails': {
|
||||
'route': [
|
||||
'172.30.0.0/24',
|
||||
'10.0.0.0/24',
|
||||
'10.0.2.0/24',
|
||||
'10.0.9.0/24',
|
||||
|
|
|
|||
|
|
@ -22,10 +22,11 @@
|
|||
},
|
||||
},
|
||||
'wireguard': {
|
||||
'my_ip': '172.30.0.4/24',
|
||||
'my_ip': '172.30.0.4/32',
|
||||
'peers': {
|
||||
'htz.mails': {
|
||||
'route': [
|
||||
'172.30.0.0/24',
|
||||
'10.0.0.0/24',
|
||||
'10.0.2.0/24',
|
||||
'10.0.9.0/24',
|
||||
|
|
|
|||
Loading…
Reference in a new issue