diff --git a/bin/wireguard_client_config b/bin/wireguard_client_config index 49d6b68..37c2b0f 100755 --- a/bin/wireguard_client_config +++ b/bin/wireguard_client_config @@ -14,7 +14,7 @@ sortable_client_routes = [ ip_interface(server_node.metadata.get('network/internal/ipv4')).network, ] for peer in server_node.metadata.get('wireguard/s2s').values(): - for network in peer.get('route'): + for network in peer['allowed_ips']: sortable_client_routes.append(ip_network(network)) client_routes = [ @@ -25,14 +25,14 @@ client_routes = [ print( f'''[Interface] -PrivateKey = {repo.libs.wireguard.privkey(data['id'])} +PrivateKey = {repo.libs.wireguard.privkey(data['peer_id'])} ListenPort = 51820 -Address = {data['ip']} +Address = {data['peer_ip']} DNS = 8.8.8.8 [Peer] PublicKey = {repo.libs.wireguard.pubkey(server_node.metadata.get('id'))} -PresharedKey = {repo.libs.wireguard.psk(data['id'], server_node.metadata.get('id'))} +PresharedKey = {repo.libs.wireguard.psk(data['peer_id'], server_node.metadata.get('id'))} AllowedIPs = {', '.join(str(client_route) for client_route in client_routes)} Endpoint = {ip_interface(server_node.metadata.get('network/external/ipv4')).ip}:51820 PersistentKeepalive = 10''' diff --git a/bundles/wireguard/metadata.py b/bundles/wireguard/metadata.py index c8180d9..63ddd62 100644 --- a/bundles/wireguard/metadata.py +++ b/bundles/wireguard/metadata.py @@ -32,10 +32,10 @@ def s2s_peer_specific(metadata): 'wireguard': { 's2s': { s2s: { - 'id': repo.get_node(s2s).metadata.get(f'id'), - 'ip': repo.get_node(s2s).metadata.get(f'wireguard/my_ip'), + 'peer_id': repo.get_node(s2s).metadata.get(f'id'), + 'peer_ip': repo.get_node(s2s).metadata.get(f'wireguard/my_ip'), 'endpoint': f'{repo.get_node(s2s).hostname}:51820', - 'route': [ + 'allowed_ips': [ str(ip_interface(repo.get_node(s2s).metadata.get(f'wireguard/my_ip')).network), ], } @@ -53,10 +53,10 @@ def client_peer_specific(metadata): 'wireguard': { 'clients': { client: { - 'id': client, - 'route': [ - str(ip_interface(conf['ip']).network), - ] + 'peer_id': client, + 'allowed_ips': [ + str(ip_interface(conf['peer_ip']).network), + ], } for client, conf in metadata.get('wireguard/clients').items() }, @@ -83,7 +83,7 @@ def systemd_networkd_networks(metadata): } for peer, config in metadata.get('wireguard/s2s').items(): - for route in config.get('route', []): + for route in config.get('allowed_ips', []): network.update({ f'Route#{peer}_{route}': { 'Destination': route, @@ -122,12 +122,9 @@ def systemd_networkd_netdevs(metadata): }.items(): netdev.update({ f'WireGuardPeer#{peer}': { - 'PublicKey': repo.libs.wireguard.pubkey(config['id']), - 'PresharedKey': repo.libs.wireguard.psk(config['id'], metadata.get('id')), - 'AllowedIPs': ', '.join([ - # '172.30.0.0/24', # FIXME - *config.get('route', []), - ]), # FIXME + 'PublicKey': repo.libs.wireguard.pubkey(config['peer_id']), + 'PresharedKey': repo.libs.wireguard.psk(config['peer_id'], metadata.get('id')), + 'AllowedIPs': ', '.join(config.get('allowed_ips', [])), 'PersistentKeepalive': 30, } }) diff --git a/nodes/home.server.py b/nodes/home.server.py index 092d388..7193fff 100644 --- a/nodes/home.server.py +++ b/nodes/home.server.py @@ -61,7 +61,7 @@ 'my_ip': '172.30.0.2/32', 's2s': { 'htz.mails': { - 'route': [ + 'allowed_ips': [ '10.0.10.0/24', '10.0.11.0/24', '10.0.20.0/24', diff --git a/nodes/htz.mails.py b/nodes/htz.mails.py index 7ec0110..2ba2435 100644 --- a/nodes/htz.mails.py +++ b/nodes/htz.mails.py @@ -143,32 +143,32 @@ 'my_ip': '172.30.0.1/24', 's2s': { 'home.server': { - 'route': [ + 'allowed_ips': [ '10.0.0.0/24', '10.0.2.0/24', '10.0.9.0/24', ], }, 'netcup.secondary': { - 'route': [ + 'allowed_ips': [ '10.0.11.0/24', ], }, 'wb.offsite-backups': { - 'route': [ + 'allowed_ips': [ '192.168.178.0/24', ], }, }, 'clients': { 'macbook': { - 'ip': '172.30.0.100/32', + 'peer_ip': '172.30.0.100/32', }, 'phone': { - 'ip': '172.30.0.101/32', + 'peer_ip': '172.30.0.101/32', }, 'ipad': { - 'ip': '172.30.0.102/32', + 'peer_ip': '172.30.0.102/32', }, }, }, diff --git a/nodes/netcup.secondary.py b/nodes/netcup.secondary.py index 76b359a..6c42029 100644 --- a/nodes/netcup.secondary.py +++ b/nodes/netcup.secondary.py @@ -34,7 +34,7 @@ 'my_ip': '172.30.0.3/32', 's2s': { 'htz.mails': { - 'route': [ + 'allowed_ips': [ '10.0.0.0/24', '10.0.2.0/24', '10.0.9.0/24', diff --git a/nodes/wb.offsite-backups.py b/nodes/wb.offsite-backups.py index 874e9ce..f2abc89 100644 --- a/nodes/wb.offsite-backups.py +++ b/nodes/wb.offsite-backups.py @@ -25,7 +25,7 @@ 'my_ip': '172.30.0.4/32', 's2s': { 'htz.mails': { - 'route': [ + 'allowed_ips': [ '10.0.0.0/24', '10.0.2.0/24', '10.0.9.0/24',