diff options
| author | binary <me@rgoncalves.se> | 2020-11-12 14:29:49 +0100 |
|---|---|---|
| committer | binary <me@rgoncalves.se> | 2020-11-12 14:29:49 +0100 |
| commit | b419094cda74405eb4cbb8b7031b53cd2f347566 (patch) | |
| tree | e3e6de54517612ebc96a6d3804848637562103a4 /roles/wireguard/templates | |
| parent | 9007e995ed14f92af8fe57fbe9ced0047d2a5634 (diff) | |
| download | infrastructure-b419094cda74405eb4cbb8b7031b53cd2f347566.tar.gz | |
Refactor and cleanup old roles
Diffstat (limited to 'roles/wireguard/templates')
| -rw-r--r-- | roles/wireguard/templates/dcontroller.conf.j2 | 19 | ||||
| -rw-r--r-- | roles/wireguard/templates/host.conf.j2 | 15 | ||||
| -rw-r--r-- | roles/wireguard/templates/hostname.tun0.j2 | 9 |
3 files changed, 43 insertions, 0 deletions
diff --git a/roles/wireguard/templates/dcontroller.conf.j2 b/roles/wireguard/templates/dcontroller.conf.j2 new file mode 100644 index 0000000..c1fd887 --- /dev/null +++ b/roles/wireguard/templates/dcontroller.conf.j2 @@ -0,0 +1,19 @@ + +# wireguard client configuration ~~ /etc/wireguard/*.conf +# managed by Ansible +{% set dcontroller_keys = lookup("file", wg_dcontroller_keys).splitlines() %} + +[Interface] +#Address = {{ ip.in }}, fd00::1/128 +ListenPort = 53 +PrivateKey = {{ dcontroller_keys[0] }} + +{% for host in groups["all"] if hostvars[host].ansible_host != _i.dcontroller %} +{% set host = hostvars[host] %} +{% set host_keys = lookup("file", wg_dir + "/" + host.ansible_host + ".keys").splitlines() %} +# {{ host.ansible_host }} +[Peer] +PublicKey = {{ host_keys[1] }} +AllowedIPs = {{ host.ip.in }}/32, fd00:10:10::{{ host.ip.in.split('.')[3] }}/128 + +{% endfor %} diff --git a/roles/wireguard/templates/host.conf.j2 b/roles/wireguard/templates/host.conf.j2 new file mode 100644 index 0000000..c25d937 --- /dev/null +++ b/roles/wireguard/templates/host.conf.j2 @@ -0,0 +1,15 @@ + +# wireguard client configuration ~~ /etc/wireguard/*.conf +# managed by Ansible +{% set host_keys = lookup("file", wg_host_keys).splitlines() %} +{% set dcontroller_keys = lookup("file", wg_dcontroller_keys).splitlines() %} + +[Interface] +Address = {{ ip.in }} +PrivateKey = {{ host_keys[0] }} + +[Peer] +PublicKey = {{ dcontroller_keys[1] }} +Endpoint = {{ hostvars[_i.dcontroller].ip.out }}:53 +AllowedIPs = 0.0.0.0/0, ::/0 +PersistentKeepalive = 25 diff --git a/roles/wireguard/templates/hostname.tun0.j2 b/roles/wireguard/templates/hostname.tun0.j2 new file mode 100644 index 0000000..3903ccb --- /dev/null +++ b/roles/wireguard/templates/hostname.tun0.j2 @@ -0,0 +1,9 @@ +inet 10.10.0.1 255.255.255.0 +inet6 fd00:10:10::1 +!/usr/local/bin/wireguard-go -f tun0 & +!/bin/sleep 2 +!/usr/local/bin/wg setconf tun0 /etc/wireguard/{{ _i.dcontroller }}.conf +!/bin/sleep 2 +!/sbin/route add -inet 10.10.0.0/24 10.10.0.1 +!/bin/sleep 2 +!/sbin/route add -inet6 fd00:10:10::/64 fd00:10:10::1 |