wip

2021-06-29 02:32:58 +02:00 · 2021-06-29 02:32:58 +02:00 · ca5eb9d50b
commit ca5eb9d50b
parent ce341a4d08
4 changed files with 23 additions and 13 deletions
--- a/bundles/wireguard/metadata.py
+++ b/bundles/wireguard/metadata.py
@ -90,13 +90,16 @@ def systemd_networkd_netdevs(metadata):
        },
    }
    
-    for name, config in metadata.get('wireguard/peers').items():
+    for peer, config in metadata.get('wireguard/peers').items():
        netdev.update({
-            f'WireGuardPeer#{name}': {
+            f'WireGuardPeer#{peer}': {
                'Endpoint': config['endpoint'],
                'PublicKey': config['pubkey'],
                'PresharedKey': config['psk'],
-                'AllowedIPs': '0.0.0.0/0', # FIXME
+                'AllowedIPs': ', '.join([
+                    str(ip_interface(repo.get_node(peer).metadata.get(f'wireguard/my_ip')).ip),
+                    *config.get('route', []),
+                ]), # FIXME
                'PersistentKeepalive': 30,
            }
        })
--- a/nodes/home.server.py
+++ b/nodes/home.server.py
@ -31,11 +31,12 @@
            },
        },
        'wireguard': {
-            'my_ip': '172.30.0.1/24',
+            'my_ip': '172.30.0.2/24',
            'peers': {
                'htz.mails': {
                    'route': [
                        '10.0.10.0/24',
+                        '10.0.11.0/24',
                    ],
                },
            },
--- a/nodes/htz.mails.py
+++ b/nodes/htz.mails.py
@ -102,7 +102,7 @@
        },
        'wireguard': {
            # ip r add 10.0.0.0/24 via 172.19.136.2 dev wg0
-            'my_ip': '172.30.0.2/24',
+            'my_ip': '172.30.0.1/24',
            'peers': {
                'home.server': {
                    'route': [
@ -112,6 +112,9 @@
                    ],
                },
                'netcup.secondary': {
+                    'route': [
+                        '10.0.11.0/24',
+                    ],
                },
            },
        },
--- a/nodes/netcup.secondary.py
+++ b/nodes/netcup.secondary.py
@ -16,18 +16,21 @@
                'ipv6': '2a03:4000:7:534::2/64',
                'gateway6': 'fe80::1',
            },
+            'internal': {
+                'interface': 'eth1',
+                'ipv4': '10.0.11.2',
+            },
        },
        'wireguard': {
-            # 172.19.136.0/22 dev wg0 proto kernel scope link src 172.19.136.3
-            'my_ip': '172.30.0.1/24',
+            'my_ip': '172.30.0.3/24',
            'peers': {
                'htz.mails': {
-                    # 'route': [
-                    #     '10.0.0.0/24',
-                    #     '10.0.2.0/24',
-                    #     '10.0.9.0/24',
-                    #     '10.0.10.0/24',
-                    # ],
+                    'route': [
+                        '10.0.0.0/24',
+                        '10.0.2.0/24',
+                        '10.0.9.0/24',
+                        '10.0.10.0/24',
+                    ],
                },
            },
        },