From ca5eb9d50b31bad8373ea1cfb23ac9cff7393f57 Mon Sep 17 00:00:00 2001
From: mwiegand <mwiegand@seibert-media.net>
Date: Tue, 29 Jun 2021 02:32:58 +0200
Subject: [PATCH] wip

---
 bundles/wireguard/metadata.py |  9 ++++++---
 nodes/home.server.py          |  3 ++-
 nodes/htz.mails.py            |  5 ++++-
 nodes/netcup.secondary.py     | 19 +++++++++++--------
 4 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/bundles/wireguard/metadata.py b/bundles/wireguard/metadata.py
index 43a1984..fe9fd4d 100644
--- a/bundles/wireguard/metadata.py
+++ b/bundles/wireguard/metadata.py
@@ -90,13 +90,16 @@ def systemd_networkd_netdevs(metadata):
         },
     }
     
-    for name, config in metadata.get('wireguard/peers').items():
+    for peer, config in metadata.get('wireguard/peers').items():
         netdev.update({
-            f'WireGuardPeer#{name}': {
+            f'WireGuardPeer#{peer}': {
                 'Endpoint': config['endpoint'],
                 'PublicKey': config['pubkey'],
                 'PresharedKey': config['psk'],
-                'AllowedIPs': '0.0.0.0/0', # FIXME
+                'AllowedIPs': ', '.join([
+                    str(ip_interface(repo.get_node(peer).metadata.get(f'wireguard/my_ip')).ip),
+                    *config.get('route', []),
+                ]), # FIXME
                 'PersistentKeepalive': 30,
             }
         })
diff --git a/nodes/home.server.py b/nodes/home.server.py
index 16142fe..b35b73d 100644
--- a/nodes/home.server.py
+++ b/nodes/home.server.py
@@ -31,11 +31,12 @@
             },
         },
         'wireguard': {
-            'my_ip': '172.30.0.1/24',
+            'my_ip': '172.30.0.2/24',
             'peers': {
                 'htz.mails': {
                     'route': [
                         '10.0.10.0/24',
+                        '10.0.11.0/24',
                     ],
                 },
             },
diff --git a/nodes/htz.mails.py b/nodes/htz.mails.py
index 96fac7a..06303f3 100644
--- a/nodes/htz.mails.py
+++ b/nodes/htz.mails.py
@@ -102,7 +102,7 @@
         },
         'wireguard': {
             # ip r add 10.0.0.0/24 via 172.19.136.2 dev wg0
-            'my_ip': '172.30.0.2/24',
+            'my_ip': '172.30.0.1/24',
             'peers': {
                 'home.server': {
                     'route': [
@@ -112,6 +112,9 @@
                     ],
                 },
                 'netcup.secondary': {
+                    'route': [
+                        '10.0.11.0/24',
+                    ],
                 },
             },
         },
diff --git a/nodes/netcup.secondary.py b/nodes/netcup.secondary.py
index 8c9aa68..ff520e6 100644
--- a/nodes/netcup.secondary.py
+++ b/nodes/netcup.secondary.py
@@ -16,18 +16,21 @@
                 'ipv6': '2a03:4000:7:534::2/64',
                 'gateway6': 'fe80::1',
             },
+            'internal': {
+                'interface': 'eth1',
+                'ipv4': '10.0.11.2',
+            },
         },
         'wireguard': {
-            # 172.19.136.0/22 dev wg0 proto kernel scope link src 172.19.136.3
-            'my_ip': '172.30.0.1/24',
+            'my_ip': '172.30.0.3/24',
             'peers': {
                 'htz.mails': {
-                    # 'route': [
-                    #     '10.0.0.0/24',
-                    #     '10.0.2.0/24',
-                    #     '10.0.9.0/24',
-                    #     '10.0.10.0/24',
-                    # ],
+                    'route': [
+                        '10.0.0.0/24',
+                        '10.0.2.0/24',
+                        '10.0.9.0/24',
+                        '10.0.10.0/24',
+                    ],
                 },
             },
         },