Compare commits
2 commits
cbaded9f8a
...
c9eef4fc79
| Author | SHA1 | Date | |
|---|---|---|---|
|
c9eef4fc79 | ||
|
|
1c9c4e0902 |
5 changed files with 15 additions and 21 deletions
|
|
@ -9,12 +9,8 @@ repo.libs.wireguard.repo = repo
|
||||||
defaults = {
|
defaults = {
|
||||||
'apt': {
|
'apt': {
|
||||||
'packages': {
|
'packages': {
|
||||||
# 'linux-headers-amd64': {},
|
|
||||||
'wireguard': {
|
'wireguard': {
|
||||||
'backports': node.os_version < (11,),
|
'backports': node.os_version < (11,),
|
||||||
# 'needs': [
|
|
||||||
# 'pkg_apt:linux-headers-amd64',
|
|
||||||
# ],
|
|
||||||
'triggers': [
|
'triggers': [
|
||||||
'svc_systemd:systemd-networkd:restart',
|
'svc_systemd:systemd-networkd:restart',
|
||||||
],
|
],
|
||||||
|
|
@ -39,6 +35,9 @@ def s2s_peer_specific(metadata):
|
||||||
'id': repo.get_node(peer).metadata.get(f'id'),
|
'id': repo.get_node(peer).metadata.get(f'id'),
|
||||||
'ip': repo.get_node(peer).metadata.get(f'wireguard/my_ip'),
|
'ip': repo.get_node(peer).metadata.get(f'wireguard/my_ip'),
|
||||||
'endpoint': f'{repo.get_node(peer).hostname}:51820',
|
'endpoint': f'{repo.get_node(peer).hostname}:51820',
|
||||||
|
'route': [
|
||||||
|
str(ip_interface(repo.get_node(peer).metadata.get(f'wireguard/my_ip')).network),
|
||||||
|
],
|
||||||
}
|
}
|
||||||
for peer in metadata.get('wireguard/peers')
|
for peer in metadata.get('wireguard/peers')
|
||||||
},
|
},
|
||||||
|
|
@ -55,8 +54,11 @@ def client_peer_specific(metadata):
|
||||||
'clients': {
|
'clients': {
|
||||||
client: {
|
client: {
|
||||||
'id': client,
|
'id': client,
|
||||||
|
'route': [
|
||||||
|
str(ip_interface(conf['ip']).network),
|
||||||
|
]
|
||||||
}
|
}
|
||||||
for client in metadata.get('wireguard/clients')
|
for client, conf in metadata.get('wireguard/clients').items()
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
@ -73,11 +75,6 @@ def systemd_networkd_networks(metadata):
|
||||||
'Address': {
|
'Address': {
|
||||||
'Address': metadata.get('wireguard/my_ip'),
|
'Address': metadata.get('wireguard/my_ip'),
|
||||||
},
|
},
|
||||||
'Route': {
|
|
||||||
'Destination': str(ip_interface(metadata.get('wireguard/my_ip')).network),
|
|
||||||
'GatewayOnlink': 'yes',
|
|
||||||
'PreferredSource': str(ip_interface(metadata.get('network/internal/ipv4')).ip),
|
|
||||||
},
|
|
||||||
'Network': {
|
'Network': {
|
||||||
'DHCP': 'no',
|
'DHCP': 'no',
|
||||||
'IPForward': 'yes',
|
'IPForward': 'yes',
|
||||||
|
|
@ -87,15 +84,12 @@ def systemd_networkd_networks(metadata):
|
||||||
|
|
||||||
for peer, config in {
|
for peer, config in {
|
||||||
**metadata.get('wireguard/peers'),
|
**metadata.get('wireguard/peers'),
|
||||||
**metadata.get('wireguard/clients'),
|
|
||||||
}.items():
|
}.items():
|
||||||
for route in config.get('route', []):
|
for route in config.get('route', []):
|
||||||
network.update({
|
network.update({
|
||||||
f'Route#{peer}_{route}': {
|
f'Route#{peer}_{route}': {
|
||||||
'Destination': route,
|
'Destination': route,
|
||||||
'Gateway': str(ip_interface(config['ip']).ip),
|
'Gateway': str(ip_interface(metadata.get('wireguard/my_ip')).ip),
|
||||||
'GatewayOnlink': 'yes',
|
|
||||||
'PreferredSource': str(ip_interface(metadata.get('network/internal/ipv4')).ip),
|
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
@ -133,7 +127,7 @@ def systemd_networkd_netdevs(metadata):
|
||||||
'PublicKey': repo.libs.wireguard.pubkey(config['id']),
|
'PublicKey': repo.libs.wireguard.pubkey(config['id']),
|
||||||
'PresharedKey': repo.libs.wireguard.psk(config['id'], metadata.get('id')),
|
'PresharedKey': repo.libs.wireguard.psk(config['id'], metadata.get('id')),
|
||||||
'AllowedIPs': ', '.join([
|
'AllowedIPs': ', '.join([
|
||||||
str(ip_interface(config['ip']).ip),
|
# '172.30.0.0/24', # FIXME
|
||||||
*config.get('route', []),
|
*config.get('route', []),
|
||||||
]), # FIXME
|
]), # FIXME
|
||||||
'PersistentKeepalive': 30,
|
'PersistentKeepalive': 30,
|
||||||
|
|
|
||||||
|
|
@ -58,7 +58,7 @@
|
||||||
'ram': 16192,
|
'ram': 16192,
|
||||||
},
|
},
|
||||||
'wireguard': {
|
'wireguard': {
|
||||||
'my_ip': '172.30.0.2/24',
|
'my_ip': '172.30.0.2/32',
|
||||||
'peers': {
|
'peers': {
|
||||||
'htz.mails': {
|
'htz.mails': {
|
||||||
'route': [
|
'route': [
|
||||||
|
|
|
||||||
|
|
@ -162,13 +162,13 @@
|
||||||
},
|
},
|
||||||
'clients': {
|
'clients': {
|
||||||
'macbook': {
|
'macbook': {
|
||||||
'ip': '172.30.0.100/24',
|
'ip': '172.30.0.100/32',
|
||||||
},
|
},
|
||||||
'phone': {
|
'phone': {
|
||||||
'ip': '172.30.0.101/24',
|
'ip': '172.30.0.101/32',
|
||||||
},
|
},
|
||||||
'ipad': {
|
'ipad': {
|
||||||
'ip': '172.30.0.102/24',
|
'ip': '172.30.0.102/32',
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -31,7 +31,7 @@
|
||||||
# 'hostname': 'mail2.sublimity.de',
|
# 'hostname': 'mail2.sublimity.de',
|
||||||
# },
|
# },
|
||||||
'wireguard': {
|
'wireguard': {
|
||||||
'my_ip': '172.30.0.3/24',
|
'my_ip': '172.30.0.3/32',
|
||||||
'peers': {
|
'peers': {
|
||||||
'htz.mails': {
|
'htz.mails': {
|
||||||
'route': [
|
'route': [
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,7 @@
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'wireguard': {
|
'wireguard': {
|
||||||
'my_ip': '172.30.0.4/24',
|
'my_ip': '172.30.0.4/32',
|
||||||
'peers': {
|
'peers': {
|
||||||
'htz.mails': {
|
'htz.mails': {
|
||||||
'route': [
|
'route': [
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue