wip
This commit is contained in:
mwiegand
parent
71af674827
commit
f756cedcaf
4 changed files with 23 additions and 21 deletions
|
|
@ -7,11 +7,11 @@ from bundlewrap.metadata import atomic
|
||||||
defaults = {
|
defaults = {
|
||||||
'apt': {
|
'apt': {
|
||||||
'packages': {
|
'packages': {
|
||||||
'linux-headers-generic': {},
|
'linux-headers-amd64': {},
|
||||||
'wireguard': {
|
'wireguard': {
|
||||||
'backports': True,
|
'backports': True,
|
||||||
'needs': [
|
'needs': [
|
||||||
'pkg_apt:linux-headers-generic',
|
'pkg_apt:linux-headers-amd64',
|
||||||
],
|
],
|
||||||
'triggers': [
|
'triggers': [
|
||||||
'svc_systemd:systemd-networkd:restart',
|
'svc_systemd:systemd-networkd:restart',
|
||||||
|
|
@ -29,13 +29,17 @@ defaults = {
|
||||||
'systemd-networkd/networks',
|
'systemd-networkd/networks',
|
||||||
)
|
)
|
||||||
def systemd_networkd_networks(metadata):
|
def systemd_networkd_networks(metadata):
|
||||||
wg0 = {
|
network = {
|
||||||
'Match': {
|
'Match': {
|
||||||
'Name': 'wg0',
|
'Name': 'wg0',
|
||||||
},
|
},
|
||||||
'Address': {
|
'Address': {
|
||||||
'Address': metadata.get('wireguard/my_ip'),
|
'Address': metadata.get('wireguard/my_ip'),
|
||||||
},
|
},
|
||||||
|
'Route': {
|
||||||
|
'Destination': str(ip_interface(metadata.get('wireguard/my_ip')).network),
|
||||||
|
'GatewayOnlink': 'yes',
|
||||||
|
},
|
||||||
'Network': {
|
'Network': {
|
||||||
'DHCP': 'no',
|
'DHCP': 'no',
|
||||||
'IPForward': 'yes',
|
'IPForward': 'yes',
|
||||||
|
|
@ -45,15 +49,15 @@ def systemd_networkd_networks(metadata):
|
||||||
}
|
}
|
||||||
|
|
||||||
for peer, config in metadata.get('wireguard/peers').items():
|
for peer, config in metadata.get('wireguard/peers').items():
|
||||||
wg0.update({
|
# network.update({
|
||||||
f'Route#{peer}': {
|
# f'Route#{peer}': {
|
||||||
'Destination': str(ip_interface(repo.get_node(peer).metadata.get(f'wireguard/my_ip')).ip),
|
# 'Destination': str(ip_interface(repo.get_node(peer).metadata.get(f'wireguard/my_ip')).ip),
|
||||||
'Gateway': str(ip_interface(metadata.get('wireguard/my_ip')).ip),
|
# 'Gateway': str(ip_interface(metadata.get('wireguard/my_ip')).ip),
|
||||||
'GatewayOnlink': 'yes',
|
# 'GatewayOnlink': 'yes',
|
||||||
}
|
# }
|
||||||
})
|
# })
|
||||||
for route in config.get('route', []):
|
for route in config.get('route', []):
|
||||||
wg0.update({
|
network.update({
|
||||||
f'Route#{peer}_{route}': {
|
f'Route#{peer}_{route}': {
|
||||||
'Destination': route,
|
'Destination': route,
|
||||||
'Gateway': str(ip_interface(repo.get_node(peer).metadata.get(f'wireguard/my_ip')).ip),
|
'Gateway': str(ip_interface(repo.get_node(peer).metadata.get(f'wireguard/my_ip')).ip),
|
||||||
|
|
@ -64,7 +68,7 @@ def systemd_networkd_networks(metadata):
|
||||||
return {
|
return {
|
||||||
'systemd-networkd': {
|
'systemd-networkd': {
|
||||||
'networks': {
|
'networks': {
|
||||||
'wg0': wg0,
|
'wireguard': network,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
@ -74,7 +78,7 @@ def systemd_networkd_networks(metadata):
|
||||||
'systemd-networkd/netdevs',
|
'systemd-networkd/netdevs',
|
||||||
)
|
)
|
||||||
def systemd_networkd_netdevs(metadata):
|
def systemd_networkd_netdevs(metadata):
|
||||||
wg0 = {
|
netdev = {
|
||||||
'NetDev': {
|
'NetDev': {
|
||||||
'Name': 'wg0',
|
'Name': 'wg0',
|
||||||
'Kind': 'wireguard',
|
'Kind': 'wireguard',
|
||||||
|
|
@ -87,7 +91,7 @@ def systemd_networkd_netdevs(metadata):
|
||||||
}
|
}
|
||||||
|
|
||||||
for name, config in metadata.get('wireguard/peers').items():
|
for name, config in metadata.get('wireguard/peers').items():
|
||||||
wg0.update({
|
netdev.update({
|
||||||
f'WireGuardPeer#{name}': {
|
f'WireGuardPeer#{name}': {
|
||||||
'Endpoint': config['endpoint'],
|
'Endpoint': config['endpoint'],
|
||||||
'PublicKey': config['pubkey'],
|
'PublicKey': config['pubkey'],
|
||||||
|
|
@ -100,7 +104,7 @@ def systemd_networkd_netdevs(metadata):
|
||||||
return {
|
return {
|
||||||
'systemd-networkd': {
|
'systemd-networkd': {
|
||||||
'netdevs': {
|
'netdevs': {
|
||||||
'wg0': wg0,
|
'wireguard': netdev,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -31,7 +31,7 @@
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'wireguard': {
|
'wireguard': {
|
||||||
'my_ip': '172.19.136.1/22',
|
'my_ip': '172.30.0.1/24',
|
||||||
'peers': {
|
'peers': {
|
||||||
'htz.mails': {
|
'htz.mails': {
|
||||||
'route': [
|
'route': [
|
||||||
|
|
|
||||||
|
|
@ -102,7 +102,7 @@
|
||||||
},
|
},
|
||||||
'wireguard': {
|
'wireguard': {
|
||||||
# ip r add 10.0.0.0/24 via 172.19.136.2 dev wg0
|
# ip r add 10.0.0.0/24 via 172.19.136.2 dev wg0
|
||||||
'my_ip': '172.19.136.2/22',
|
'my_ip': '172.30.0.2/24',
|
||||||
'peers': {
|
'peers': {
|
||||||
'home.server': {
|
'home.server': {
|
||||||
'route': [
|
'route': [
|
||||||
|
|
@ -112,9 +112,6 @@
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
'netcup.secondary': {
|
'netcup.secondary': {
|
||||||
'route': [
|
|
||||||
'46.38.240.0/22',
|
|
||||||
],
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,8 @@
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'wireguard': {
|
'wireguard': {
|
||||||
'my_ip': '172.19.136.3/22',
|
# 172.19.136.0/22 dev wg0 proto kernel scope link src 172.19.136.3
|
||||||
|
'my_ip': '172.30.0.3/24',
|
||||||
'peers': {
|
'peers': {
|
||||||
'htz.mails': {
|
'htz.mails': {
|
||||||
'route': [
|
'route': [
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue