From d5210c0d1632cdbe58f2e1ec0a3e9c36b242df78 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 19 Nov 2022 11:53:33 +0100 Subject: ch-router: add wireguard remote interface (WIP) --- chaos-at-home/host_vars/ch-router.yml | 352 +++++++++++++------------ inventory/group_vars/chaos-at-home/network.yml | 8 +- inventory/host_vars/ch-router.yml | 45 +++- 3 files changed, 228 insertions(+), 177 deletions(-) diff --git a/chaos-at-home/host_vars/ch-router.yml b/chaos-at-home/host_vars/ch-router.yml index 2f1549ea..08e5e318 100644 --- a/chaos-at-home/host_vars/ch-router.yml +++ b/chaos-at-home/host_vars/ch-router.yml @@ -1,175 +1,179 @@ $ANSIBLE_VAULT;1.2;AES256;chaos-at-home -64633931303238633637396634333837396236613430623863336632633066323164333065616361 -3032336166306331353235343738383834373163313661630a356634363066346437356136646262 -31613961383561333663623966396434323461343439663333393733613831333138613938616230 -3731306334383337320a646233303262653436646462353536663961633134363539396437383232 -35346563653135373633323465333835393438633130353963356336623239323335383361623335 -36653939373530396232363761363662646633616563613331636261653031346138313834313262 -38366133323134373231656264366561313238383532336238663762623731313931663563313434 -63333164343063386231373636396464383737636232353061343830333837386134626639373335 -62356665663634323033646239326166343736663763336637303061656331636236613132636435 -35353930663263303534616636373934383832373239663639666563366431333733313561633863 -30386236343461633937326331366563353130366331613239636239333631613438396364356132 -62376462386262616632663561326332623266333331383061353633306562656363386434343263 -62396633323233663461316339613165363162653335333433376562656530656637663134653561 -65623439353239623533333935626635613465653166623737613336353637656232643339323831 -62316361663738643065653637316438313866323266616631383637386538343835653433623962 -63396132306363393962316431353464373733343637386339663663366462383933356461313263 -34393164656535313165303934366561613339653164323438373664656531636438313839323938 -65343462636564393863306364653733663537323430323839383337643138633436376430346366 -39623734356632613562313165663266313132323566353362316662616638393831363739613734 -61303664623532313466313833393030333063623464366133376237656664386237333935393536 -65356163643864633732626533383038663332366662396262353061383064333939643136386463 -35623330343462653635333232646266666537646337306562353836643436656161636534306537 -36386138386365363535623530393339353062343263663961326438633665663361316338633236 -31396239363431386234663965393838353330633366353034663136666566383731396233336261 -32623833623034353439343335626535373439353639386439353431356431353032336131386663 -34376662353737636633666162353533323638353739333664366239623863613039643535316634 -37333836666636343039636133346665666666303264623335333661636639303265356339623234 -65373762623430336135363932393233643931326562326232633464303662323062366236366431 -61343332356163333664353766383738623566323939383033343864363262356233613263653365 -38616532383536666339666439656562656332366465366333366637373166333737626231353762 -37336263666530636261393666636632653138623231363065623866653730396534346332303631 -33313838373562323331363961366461653233643662663064396261373365636366653539613734 -38373135656234303735363137373039643136633931643862663966346133666562313738353065 -34333032366435323238363964386537623062333730333461353261363937663839333137653463 -37303532616636643535623739643339666630656164636566633932323866613339393232386130 -35393132313336383839653835656132353238333136623339333332336462633261393462613864 -61386463633165643333333137306438613966303438323139616664666231613163323763623236 -38313839356636313632363963646262333837353064363965626565336135323661623930653165 -65306665363464313838383531643633663166643637636430336639356531363662373663383761 -62623365346132626664373262663931326534663032383961663530343633383332633965653339 -31363365316634613434623662303362643638323436303936656264653634343163363236653963 -35346535326464383261313338333165666336303832373631636431326564373662386439386234 -33643064616237383762353565373865353265323264653739333631366366643162363032643534 -32313736633666373664643266623365353564373238633463636634393736663631663738663566 -64356532353233613831336236343639343938313939333033306361633864633764346632373830 -37633866623138623763616634353135316466343639636132313764616237373038303661666162 -37366661643130633737363564353732396461323135323963656561333234306263356134386131 -66336430346333383239333132343431663161326163306337323535633735636234336261313765 -34343832303037313662323334383761393464656635383937613765633133353463393433653935 -33633132306166363030353933313037623863313566376636633162303163333635393437396365 -36326263303964376338663966386633396666623461653735616533346630656536323161353831 -62306237363235383431376535303430326634373831643032323532353235353965363530343134 -31663739323033663565656364643338613263306435393335393663386133366230353634666331 -39333138383038343738346230383230666136353231393063323031393839653632383438316337 -38346363313061613236656161646431376562383135366432356266333536396563383564356531 -39623831613731313634306430623930373837613935373030396334353435623038646331356363 -30386366376138303563313362353335393662353162316439616235643863363038336131343939 -32616231303137316536373237626462613066613461636566333334323532303733386636326635 -30323032336131656636383635396632346432393838653364343966383532623338636264323964 -32326263346537633264303533326537306337643433323662636435633334333737366532366363 -62363664356338316432373462313232643538363935393731303239313762343264656531633930 -38323731376436306465303864623134393066376337326432323263353937383336656431663035 -34653036643831373230653836613532613262373630363965636661333735633562633937346335 -32333833313634313737366236333931656231336238623037653935393462313961653465333838 -31663236623165313034613837393930303064323731393030643738306134313163353833373139 -61613832313236356638323864343262633737336261623365336163343932373565333266643939 -63626532653662356631303433356436386361323432303166313834343331663036663130316532 -39633730323539393833373361313764363338396239336430343565633637626336623664646461 -65626136613265343862383034323166346633343934363434313139613764656565633266656638 -34366566396439393839346630306636336236623739383835366565326566656436323732323762 -64623635303363616439313231376265366165663536356561613036333461333734323130363635 -34343964663331633934623632353531323564393234353630613838376332643964626264656137 -39333764383064313962323163363764343765316430633837633237313232313938333162643733 -62393663643565303238316266616363663866363230643238636632303465303339353165346461 -32383264373630303231306338653533373334626131613333663134663137646138383665663533 -37396432663064363335396431323338393334363939376332383632366464353332336366636361 -63643530633138306636393732323165633661363766663061363334656439393134306639386163 -63666339346162386636326538363464306232626262343866633838376331393765636561373464 -30663633383537386533616437636339636438653263343838363866626462323861363930656130 -39363236626637373361373839386530653030376664353431376138623366353337396432383034 -30346336383732626533383466353966336662323139386536623064616661633061336334303065 -34613439663932313337363930613366313232353631396463336432663735656466363337333837 -62363164363139623261336136353239643138306466383266633662356536363933303764343537 -37396366623030353334383532386137663438626266656238396430663338306132383034346334 -65363530613832353561663064626566313938313136363930316264346161386566613632376261 -38303034623339346530633832653362646163363832386633373934613861356336303333333663 -63363732643261376630623166623464613734626261386538306535616537383038626533333135 -30343162386239353165636539313963363365323435326166366364613931373936396237353263 -30346332626666393765333437633233663231646338343934313638303161373466383961383865 -33633037656130336264316139636536313962346338373562323263613038393866346461373333 -65633065393834623432376432386632353735383665353735653266373364346538653762666638 -66363630656530306265636261373438303761363034666139363035313063633562336464383363 -30643639356335626531343664313034356362663334343665373562333462353439323532396366 -30656239646363663938333266323433326466646234396236623533313930343463353634616233 -31613833383965363930356639393238303133636365363738616263636465396136376266336166 -63653632353936353764386437333338616134303764376434303239316366623364356230613764 -37623832663836366439666537323064373637343233343533356432366537623634643565623938 -65623965356436356162346335616435313332343437613961653064666461346662353061373238 -33323163373566356464386135626530313836356436326139343437646131613238633832336138 -37333636663738393134373335643665653932326633643436356363623139353065663861636239 -30633435653764393566656236313537633433363434386136643133663461636435353762363261 -65383039616231323539373262373734616664383766653339333736373866363865323531366136 -65383838636433666565343266383334653331323566306639666133313536623766306262393936 -38333863663430613833616161663135356633343862623830333234613664353334666331306264 -35396164326133383961323634303863363835653261653666626438633165323365306562636539 -33646334366362333337616134663632616263646631376665336262343631323031326638383339 -32663261646136356532613562366662396132393261353131313464316339646231366534623133 -37363538663830376631366636306564643631633536313562333634666235366562633431653834 -61616131363833303235643361623465666239666165636439623532373461373166326165343039 -34356338653061333661373838373833346266383232363766383633323532333534326130323937 -31666339346334636632613032663334643538636365653335333537323666636433303432653432 -37386630336534633839613535633036653065323565643030323130623261373364656137646633 -61363063316162613666626163333537643331366266383834666563613862633539306637373135 -31616632616431623766633062626333383361316565623231376135346632656335373737383532 -39666437363532336532363065336330643932363161373361383934613330393665353261313762 -35376230353431393139373137303763383664643931333433343534333730623638613038383862 -32343238316463336639376432636639613765356631363537353535646365383366373862613138 -31623163363839616665333033313765383735363831363264666330613261646636316436666565 -63376436363666343663656138623736353431303131646262663939393434623832303765396633 -66613365313330303736616137623935306335623834393939663933366463333139636437363831 -64336565363131653361313637613638356336353130303833666438326434386138343762656436 -38613639373733653733613838363866333561656432313839323562373330393461366330643132 -30333165376434383338343662653566616462653939353364376666346665663534656431333966 -38366364333662643731626366633737346439313232323036636237303166356661366464643265 -35313432323039623734323562356362646336363138363136373330656333323035353437363636 -62393464333063336237396438616165306631383466383164636237343330616239313662303636 -65346136383732646339663437363262626130366135303933393738343865653661613932366165 -62613432343033323961393162333530323735306366303837613736396634666634356364363265 -33323736346662336235653562636130383632613732646232366564656539353033343339386339 -66653365613432323266656538613739346437623265616335646266663063663331326538633034 -63666533373163343565386634346565636563313265393262306233623664343366666563623463 -30633563633565366638386232623831353766303435303531343366316362663465333561363663 -34356364363536303765333437663764613062666138343364346638383139653733333865636362 -63376638633166373762323534643563316238353531636330633734346166666232333536646535 -35303965316237623430656437663333383661343364646331336431303731643738656563366439 -39376438613263316163653037346165613639363935303062666634346561346337643431333464 -31326337636364383464643965663066633438336536613737356534623166323930333431333462 -33613737633163343431316161346564303938636232333830616161393434316166396334313437 -64633835666330616563633261343561626266636332653663343065303731663431303039373864 -63353862336463323766363535303766663265363735373039333965396565376335363739396332 -32376562623865393036633065383336306631656365353863333561336130643431356264636237 -38376430353034663736333265336538336665313834363934303164626237636166623763653564 -34613530383461323839636233303131343733396565393139313232663238663239353735663638 -63656361653663373031353634333530396439363735346532353037616135313466303436356439 -36653536383538326438323931626637313631303338303565616135616438616234653437353339 -62633035633762336233626235626463313432643236323035643466616364366339656432303937 -65616635626434653361636365333336353366306639656435623462653961356166666138653666 -38316536356463393934636661356436613537393439373062663164356566626562343233656135 -39623961343033333430616239316139666161336436383231636130643232353034666166663934 -37343431366464623161643766626534316162336231643366643835303730383061616237303232 -63343636316364656132316162323761353266313639363763333437336638376661636134383434 -37346466373937353634386561333064393630396664373234393038323533646139313439646130 -39323664376231323165613036383737363537356662653432663266376661366137356361373434 -66613034363534663536646238316332393433356134366464373365656661613538376632306633 -39636236663064306162316630303031336432303437396438343664306437636638616136393063 -31303865626538663063663939396239626231633265663632643437323963326137636237343336 -37393230343863393732313533623633386463323064613761633432613033653464333666333162 -61633065373336666638353730306130323634376638306261646330656665643463336663366333 -37303630353837303165313337303133616636326535373637343939656138623132323365653132 -61316238633937656239363461396433393265323163626164333962633730326634313338326432 -32643663643939396435623365356631343563636335643130663536353236386536366363653038 -37353739616634336366626662343537346466636662666435656637336137356265633362363139 -64343436633561373233636631653161313932343963323635656366653837646238386634313133 -38356637613933313663383465333063333639376231393731363732373131396139656434393861 -39333334353130303264333664316231633939626332666464386166343565343561626665623931 -33656639643838373232343636653036616530353863383237396336306131306163386130373838 -37333662646362373134633537343537643337666336336430303066343664623833623161393333 -39313065333363663338393633656538316564653437626130653537653636653230393139323632 -63356536383266306331383032643866353037323463663064626139303064326630396534393836 -37333739323933613839373434323737326236396431396439613461353539373739333830386264 -38393763366362646436663964323766626538653130303665633339613233656165333362616332 -61646134376434316630653935653763383136343832663936643438653433343237346266316635 -34613663303637643530363239323632613966313364383432616530313861333237623761346335 -6636646663356135346235636632326339346532353336346432 +61623135646434633139333663653234383662323332323635383364616164313361353732313564 +3966373630656632363436383361616661313761376531640a656632643131373664353061356630 +34653737356163646163633737323334323437366239333965356264386563376636633431306134 +6562373431626633330a383464663266333264666236656236363336613832373131363436366362 +39313939376636663532656337343537666339303961646236313133336236396162313465613563 +64616262623833363765636337336361623064303433386337343730376233366163386432373761 +62626231656465636237616161623363333061386233393233623966333361383136646235303361 +35346666346434393963623833636263636262323737306437363235356463393639363037393630 +61393738383935396636646138373262346366336231656161633137336236303731643934636434 +30646331626330656536663832346361333031643764313638623036336431356362386630633862 +35666663626131633066613238366333333637366130363237306232626566613330303136303632 +30313835343164303730306466623938376431393566646466313738396631343464366634316230 +34633661303966363935333330383363636161353637353330373664653463373233376338333331 +61626262356333623663316239383837643763336365353036326365626530643963666537663839 +30373861356437323738366661383935666131313338323137363832366436613932663031303666 +63353961613566623430333939393535636434643865363033613365653265386564363133353466 +62393635333032326338383362646463646437373330396633383330326137616235626333313261 +63643538623439313465626536666432366461353238346363313164313331333463666233343738 +35396230613237356337343736343337653435393233663663343030303963323037386236316133 +38363732356338616335383539333933343839396138323730393930393734633161363564613366 +31393333666464346538356431623039366232643133623164373639613030626639373966623435 +65663935666665373137386433313239663838303533383365363765666131323933393162343234 +64326665363964393032643663303431383134633038653561373864303730643835323939643034 +64363137356662356238643464393533616237316630323632616231323535316135323832383438 +66353136653063663764396237376661636231626364663236376333343931316163346632373234 +61613937626162373461363038363262333361633562386537653230386335633237313437616266 +65313761343763393565646236323133386564363464623234323236646466653537353239303937 +32383037613430333837653830346239393430653563663633333430386238636639333866666233 +32333864353465323363306565386433393761633836376466663931613630313562666336333465 +63323564373063643034386536363530326530306636393435316361326330393561363432356630 +39353464633438326237326364306661643765326432363562656264656637303564363530663937 +64333430376333646231373362333266613264623461643134653366613861646630326539626535 +36393030303330666461303561363365306237613833386632336538383934616336383064656365 +39663262653030396536393461376566376636613363383737343632633632333862343431363036 +30346435373337663662326334346635383138613064663034373236616135373562386136396166 +64366664373930393134353165663931343861623764393439663739613861663538346531326233 +30636334336637663262333730316639633265623133386165333336326333323236653935373836 +32343339356634626466616635613037623333393236326432616330356634363533313334376364 +66386661663636333936366437373238333332346434373839666339313931623831303539333133 +38316130666366373836353563353234333563666238626533326234363737373835336533326364 +65633062663938313731633730323962316465343730656164636364333264646663623463656264 +30353630636432646666333865616439373863313962373233353435663834366134353538326231 +31613136343164643366663835373437323835623735666164373632373963353338646561323663 +36376538363330343066363532656632323962383732376434636231313334616463366630383035 +61643430333937303832656664636537323239393231386630663236393036323230656466383463 +61646638613630653836316165666639396163666136616135393036633464303262323836393362 +61303438656634383134353831643530636431633637356138353132363232336662353664376664 +63643261383931626438646339323765666130363630333335346263376336326466343837353338 +37353333366231356566346230626334343664303462323536356431316130316265623363653238 +38633132636565373466346439356664323139313037393661626531396135306630363364623131 +36373637336334366465356331616461323933376262336339323236343261313562356463643763 +37323133623161623632636437646266323239363935613730623936663832333865353966393662 +37663031656438633165626334356335623862666563653535373662316232336631393831643865 +66633465386666353535653035393635326164343739363561343864313832326564393537653562 +63346239663339353938633366343563393565646633636166633563623063613735643563386562 +63636431366461333635316136633834646266363062353265363065633638636663643061396537 +33393836343465656564363161633739373163326237333932316636363131383835343830363131 +62366339396335626133343165663530623531636534643030343865313532623133336330656664 +33633436373733323336376162393830363937376662666535363863616564353562666562326563 +33326531613537386339353862633264393937326231396130383365326639666239663933343933 +35353464303461663032656363316437343031303039386163636330653730343863383964343338 +39613564653638366265306633353639626565373338396233656130383965383665346430366533 +64653739646163383833323165356136356631663637303464333463336638616234316134363733 +62663534366564663332353332356235393165643334393865313739633737633837636431373838 +61353366333864613564633634316438646336623164646130666235383962393930336366356430 +36653262366532336230333066666262633638393364306538343134343763666561623365333434 +36396261366634663031623436383331343438666237363136396463363330393230313362613437 +64653435656533353863613862663233306235356630623638613731643634346139303465336231 +61653534363130366235366561386266663961636263656137333531623235636462333932313135 +39663631333965646234323563643465373933633264306539326238356265613462343731346133 +36383866316462616535356232343736636239663835366435343034316265393664343535643632 +35316366633339656262623836616232316439376231646162306235306166393433323530373339 +61643362656232633331363036306534343136636164373630623633656437386237663361333935 +30303337353236613964666237353631303635363237623532356239303138663139363634656232 +65396539373566633164623437646164353038393666383666353064313235633562373162356662 +64393830353738626532373031666162383063653132646465353930636332343063346638326465 +62333862336235613738643732366664663033383330663534373337313139376438333638353934 +35656132303130643561383735623933303761323861643137333230333165313031633165633332 +35346132326534303032666439386137393064656230383835653662646264663630623737393264 +38313231643530343236366439383234633632613233323162346632613035383662633564643061 +63613638316337336164373866343264353531316362353666356564313533663035306432646139 +34353232643864666665306635636235643236356163623764353431333066613232363430326262 +38643764396235626663366465306364343761646665316239343736336530343636323565383563 +31613461653365353466333832633030666234323235393331333362613962366338363464346164 +61613065653662313431346431643466343736323430303766666165613630613662666464323636 +63346464363064643035663935653236633966623637396230313938363130663333383066633930 +61613733623931323330346466633936613338306136643831373133333161383238363864333438 +31313962643830653663323237636132393236616237643837363862313430366231646166663535 +30383137383662666338303132323235363162396137316166353334393763653230316465396265 +37363535366366636164323037343033306630363561366632316637343030366361333163316234 +31353466353233366265316434383032396464356465333333393061636633616366663864303638 +31376365343235363765363965316139623030343365373763643337303164646639396463303630 +39636236366562333065653339623562383631353263313266666134386137303735353736353565 +36626133303863333563626635376466386336303730376130656664313465616130306230623930 +62633536383133666238343638623731666165633234353231613937333036663233653765643261 +61306337376563616538653764366638633932333166646335636664373332373730633236623366 +65386439363166386536303238363062383639346462613063336162626430333138363331303935 +39643131396531373139383366303832333035636233656438633662343830306664623035396333 +61383730643831383765316638396635643030386536643336643239316464343065383737336135 +39363063653138383535343761626363313433366634636464326366363961663333316362383461 +30646237383764633536383730656334363036333965326533396432643137646632656462346265 +30653462383430666237336665343132623930653566626161336633363837653732353462623534 +36353733313165646331366635366634633430366531356230626534336235636538323830646338 +63643966393535636231643639653437616636656138373533313230366535646566306130623734 +35343233313637343739626435363362346665343335663238363733633562346637336337383261 +30303430643935633662373564613433306236326236303261306364666561336262633963666135 +33656430616163613966383530666461383337646432343637663163313737613039343536393139 +36373334343462636538383639343438333638616437353863373131633732616464663439316366 +66393839653764376561336331656233333436353666653437336532633037313437663762306234 +34393765306462363934336634306362666135636531356663653638353863363131623331326139 +65623131313664336164616239663066643137343166653236383061356263666465646565343363 +32663662316361643238383963656636636163386165626330356237343562656536353565643037 +66636535356463393633396663303335303839636532383937316132633563623462383264333363 +64316265613132616239613830363063633266356536393639636531373164383436363164636136 +30373236366130653437323263353462393234313864316564383063306665623165313666313762 +38616235333162306632656332346163383336306637616237623932313333303339386538376466 +38646438333730316331333535346238643963613238396534376531343462626639336364653363 +35363830643465653533393230643230373738356165623162636532626164303164653764396238 +33353637383232613934626339633736666239643839303430633462633231656438356339623232 +30333334363432323738396365333564306334613465333166633038333134363434313430373234 +65653331376130623635333437653962666338633964616562326333666165336338626166663666 +63356464316637623339326631316163346565393239333939353866306666343039353938326365 +61646434306637303961643136623564663831336130356237633932653464653664353238666231 +65626661396532333938623036636661313431313866646566346330636236376265353433383236 +30333166663433396563663136343738396236656437633763663133346639656534633265303035 +32366339353962663635353965303164333266393937316434336464663761646630326235386235 +35613439303934663166313532653163646130323930666461313135313034316434626363303338 +34653335646538353834643739373462653834636164363837663039373439323762373566616162 +33383366656439613033343739393239613034333362306263353039336638323565613236363263 +32326435616433343966376564616262366264643338396166643433633938306131633738313935 +33343035623039656436386133666566386461376664333338643162363863376161663265363835 +64653165633936666461376364333634376166393733323138363636306438613663356663323635 +37646636616166363562656333396361386332326630646334663831643632626661306238666362 +61626333326437383338663034353565366637356432306236653632323962386438383839396263 +37343235316333626535376330623766653566636436316635343734393534323064636634646537 +37336361326563363536356133343761313264633664356634643364633937656632303935646437 +39633736363463663239353034353638343739633333333939346263366663363436623137663734 +39336231366561333432303237383166616637656133383164626533333061346263353961616635 +31366562613834666263666363343036356534663866396537376165663066663932396433626533 +63343465663833346632303264646463656536313639653033333262303538623233663634373662 +38306339626663376161663739383139663731643462373666353662623839396133316230333366 +34343564323664393033623036653138663135376466393530616263633064303762333031326334 +65643863306362316633663863663132383631346132643934663232623938366566626434306636 +61613533333166376537633338636331366237323165643531663336346361343765666631303762 +39396436373065383935666335333933353534333032356334616533303634343234333234336235 +63303330313066623066373665643864616336333361356339303861663966373933366563353038 +66643939663136653934333964643362376361396133326136613038303134646661313639333637 +63336636316631313434376164623733303565386535613230336265366266316535616132393831 +33653635346462383464396461663934343635353561313462653732396164313732386138356437 +37393032316233313034626566633464396466393538313132313834303734396335383334363132 +65376363326562323135363939623361346232636637306136366162356166346538636163636537 +31353438363339383262396266653038613766646363636165326566666362306466613336623534 +63613838346336616531646363623030323131666639346231313366633464326565373938333339 +38343933333336646363616434373936643734643832653034383231393437396631333561666562 +32353864303961373730373933643934356538656432353135663066353732343563313861643438 +61373432383362323131613266346535653763373563343736626436646634636166633634393532 +34353830313935346131323564633031656133613366656662333933633338303463623137306561 +36393335303039383231626431323336306539653034396463386161363263356335373663653433 +64373531613864666532313865363262643866393332393137623363396666663265633639323639 +35373336383834656566366338366262393462323363336166323264343366383562613562633030 +64353339666438663964383932616366626534393034363466376166656262653464663066623731 +64323431313434626637383637373235653862643166323839356639616561653133373631623337 +32616333313262653435343266373861373964356362393035363563333637636238656365386134 +61343139326534303934636466393636666465663762666139383862343162326432316530396636 +66356366666339383938356461383737626630363463633035386132306439333862323336363135 +35393438386436346665656163333636346535333531386636633237313461613438383565363030 +64353338316639306337366638653234643830346639643438373665323335346639333230323737 +61616563383334663231643731353735323532626632393865623630636435323961366538653664 +32363339363661366462653139613637383832623337366536376136383162363438613462633135 +64643335343338613862383030346632383034363133313536323739383139323335393632313561 +39353366303564626635633632373364643230373931313466383765613436343535346537616564 +65303366393137383563386331323637646231383839373031373338373939316161393465313230 +34316631613231356337646330383632386438346266386361646631326535346237353661343666 +65333338376438326664343331313265613034626534373134653563666539643030333938616339 +30303236353934623965636635316165356532613536386230343062396664353034613935396539 +65646531343330643366323065316130623034363238376238336133383261656231666539373639 +33616431623939396166653135393136663031316332643039303135633731316663623833333661 +3337656135356335623238663030666364313038376335636234 diff --git a/inventory/group_vars/chaos-at-home/network.yml b/inventory/group_vars/chaos-at-home/network.yml index f461cc3c..0831d324 100644 --- a/inventory/group_vars/chaos-at-home/network.yml +++ b/inventory/group_vars/chaos-at-home/network.yml @@ -87,7 +87,6 @@ network_zones: ## legacy stuff ch-auth-legacy: 88 - mgmt: vlan: 42 prefix: 192.168.42.0/24 @@ -120,6 +119,13 @@ network_zones: offsets: ch-router: 2 + remote: + prefix: 192.168.51.0/24 + offsets: + ch-router: 1 + ch-pan: 2 + ch-mimas: 3 + network_services: ssh-jump: diff --git a/inventory/host_vars/ch-router.yml b/inventory/host_vars/ch-router.yml index c0165250..794ae485 100644 --- a/inventory/host_vars/ch-router.yml +++ b/inventory/host_vars/ch-router.yml @@ -45,6 +45,8 @@ openwrt_packages_add: - mtr - usbutils - openvpn-openssl + - kmod-wireguard + - wireguard-tools - iptraf-ng - prometheus-node-exporter-lua - prometheus-node-exporter-lua-nat_traffic @@ -156,9 +158,11 @@ openwrt_mixin: define nic_mgmt = eth2 define nic_internal = eth0 define nic_openvpn = extern0 + define nic_remote = remote define prefix_mgmt = {{ network_zones.mgmt.prefix }} define prefix_openvpn = 192.168.8.0/24 + define prefix_remote = 192.168.51.0/24 define prefixes_internal = { {{ network_zones.svc.prefix }}, {{ network_zones.lan.prefix }} } @@ -180,7 +184,7 @@ openwrt_mixin: ip protocol icmp accept ip6 nexthdr ipv6-icmp accept tcp dport { {{ ansible_port }} } accept - udp dport { openvpn } accept + udp dport { openvpn, 51820 } accept } chain input_openvpn { @@ -189,10 +193,16 @@ openwrt_mixin: tcp dport { {{ ansible_port }} } accept } + chain input_remote { + ip saddr != $prefix_remote drop + ip protocol icmp accept + tcp dport { {{ ansible_port }} } accept + } + chain input { type filter hook input priority filter; policy drop; ct state vmap { established: accept, related: accept, invalid: drop } - iifname vmap { lo: accept, $nic_mgmt: jump input_mgmt, $nic_internal: jump input_internal, $nic_magenta: jump input_magenta, $nic_openvpn: jump input_openvpn } + iifname vmap { lo: accept, $nic_mgmt: jump input_mgmt, $nic_internal: jump input_internal, $nic_magenta: jump input_magenta, $nic_openvpn: jump input_openvpn, $nic_remote: jump input_remote } } @@ -203,6 +213,8 @@ openwrt_mixin: iif $nic_internal ip saddr $prefixes_internal oif $nic_magenta accept iif $nic_internal ip saddr $prefixes_internal oifname $nic_openvpn ip daddr $prefix_openvpn accept iifname $nic_openvpn ip saddr $prefix_openvpn oif $nic_internal ip daddr $prefixes_internal accept + iif $nic_internal ip saddr $prefixes_internal oifname $nic_remote ip daddr $prefix_remote accept + iifname $nic_remote ip saddr $prefix_remote oif $nic_internal ip daddr $prefixes_internal accept ## TODO: review allowed connections {% for name, svc in network_services.items() %} iif $nic_magenta oif $nic_internal ip daddr {{ svc.addr }} tcp dport { {{ svc.ports | join(', ') }} } accept comment "Service: {{ name }}" {% endfor %} @@ -341,6 +353,35 @@ openwrt_uci: netmask: "{{ network_zones.lan.prefix | ansible.utils.ipaddr('netmask') }}" gateway: "{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ansible.utils.ipaddr('address') }}" + - name: interface 'remote' + options: + proto: wireguard + private_key: "{{ vault_wireguard_remote_private_key }}" + listen_port: 51820 + addresses: + - "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets[inventory_hostname]) }}" + nohostroute: 1 + + - name: wireguard_remote 'ch-pan' + options: + public_key: "" ## TODO + # preshared_key: "" + endpoint_host: "{{ hostvars['ch-pan'].network.primary.address | ansible.utils.ipaddr('address') }}" + endpoint_port: 51820 + allowed_ips: + - "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets['ch-pan']) }}" + persistent_keepalive: 60 + + - name: wireguard_remote 'ch-mimas' + options: + public_key: "" ## TODO + # preshared_key: "" + endpoint_host: "{{ hostvars['ch-mimas'].external_ip }}" + endpoint_port: 51820 + allowed_ips: + - "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets['ch-mimas']) }}" + persistent_keepalive: 60 + sqm: - name: queue 'magenta' options: -- cgit v1.2.3 From a3d24a441d4293139314338c472fc5c6013408b5 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 20 Nov 2022 21:21:14 +0100 Subject: wireguard modules are in mainline linux since a while now... --- roles/network/wireguard/base/tasks/main.yml | 52 ++++++++++++++++------------- 1 file changed, 29 insertions(+), 23 deletions(-) diff --git a/roles/network/wireguard/base/tasks/main.yml b/roles/network/wireguard/base/tasks/main.yml index 4d60150d..f096801c 100644 --- a/roles/network/wireguard/base/tasks/main.yml +++ b/roles/network/wireguard/base/tasks/main.yml @@ -4,30 +4,36 @@ import_role: name: apt-repo/spreadspace -- name: install dkms - import_role: - name: prepare-dkms +- name: install wireguard modules via dkms (legacy systems only) + when: (ansible_distribution == 'Debian' and (ansible_distribution_major_version | int) < 11) or (ansible_distribution == 'Ubuntu' and (ansible_distribution_major_version | int) < 22) + block: + - name: install dkms + import_role: + name: prepare-dkms -- name: install wireguard packages - apt: - name: - - wireguard-dkms - - wireguard-tools - state: present + - name: install wireguard-dkms package + apt: + name: wireguard-dkms + state: present -- name: check if module is available for the currently running kernel - command: modprobe --dry-run wireguard - check_mode: no - register: wireguard_module_available - failed_when: false - changed_when: false + - name: check if module is available for the currently running kernel + command: modprobe --dry-run wireguard + check_mode: no + register: wireguard_module_available + failed_when: false + changed_when: false -- name: rebuild wireguard module - when: wireguard_module_available.rc != 0 - command: dpkg-reconfigure wireguard-dkms + - name: rebuild wireguard module + when: wireguard_module_available.rc != 0 + command: dpkg-reconfigure wireguard-dkms -- name: check again if module is available for the currently running kernel - when: wireguard_module_available.rc != 0 - command: modprobe --dry-run wireguard - check_mode: no - changed_when: false + - name: check again if module is available for the currently running kernel + when: wireguard_module_available.rc != 0 + command: modprobe --dry-run wireguard + check_mode: no + changed_when: false + +- name: install wireguard tools + apt: + name: wireguard-tools + state: present -- cgit v1.2.3 From d4fc7adc43f356759adb21f881e542b6159b6624 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 20 Nov 2022 21:36:51 +0100 Subject: wireguard roles: some more cleanups and fixes --- inventory/host_vars/ele-gwhetzner.yml | 8 ++++---- inventory/host_vars/s2-thetys.yml | 16 ++++++++-------- .../wireguard/gateway/templates/nftables.rules.j2 | 2 +- roles/network/wireguard/p2p/defaults/main.yml | 18 +++++++++--------- .../network/wireguard/p2p/templates/systemd.netdev.j2 | 18 ++++++++++-------- 5 files changed, 32 insertions(+), 30 deletions(-) diff --git a/inventory/host_vars/ele-gwhetzner.yml b/inventory/host_vars/ele-gwhetzner.yml index aa9cc7b3..d3faf0cf 100644 --- a/inventory/host_vars/ele-gwhetzner.yml +++ b/inventory/host_vars/ele-gwhetzner.yml @@ -87,7 +87,7 @@ wireguard_p2p_interface: addresses: - 192.168.123.1/30 -wireguard_p2p_peer: - pub_key: "RDNeaG06AUkEZqEr/v3zTidroGfTBTsXluOx2ArITyE=" - allowed_ips: - - 192.168.123.2/32 +wireguard_p2p_peers: + - pub_key: "RDNeaG06AUkEZqEr/v3zTidroGfTBTsXluOx2ArITyE=" + allowed_ips: + - 192.168.123.2/32 diff --git a/inventory/host_vars/s2-thetys.yml b/inventory/host_vars/s2-thetys.yml index 689c124b..d373ff63 100644 --- a/inventory/host_vars/s2-thetys.yml +++ b/inventory/host_vars/s2-thetys.yml @@ -85,11 +85,11 @@ wireguard_p2p_interface: addresses: - 192.168.123.2/30 -wireguard_p2p_peer: - pub_key: "r/pFU+OOHmSZUJPSA15emuCQhC/MvLnmfx5o5MPl7yo=" - keepalive_interval: 10 - endpoint: - host: 178.63.180.138 - port: 51920 - allowed_ips: - - 192.168.123.1/32 +wireguard_p2p_peers: + - pub_key: "r/pFU+OOHmSZUJPSA15emuCQhC/MvLnmfx5o5MPl7yo=" + keepalive_interval: 10 + endpoint: + host: 178.63.180.138 + port: 51920 + allowed_ips: + - 192.168.123.1/32 diff --git a/roles/network/wireguard/gateway/templates/nftables.rules.j2 b/roles/network/wireguard/gateway/templates/nftables.rules.j2 index fcf4a21b..501b1d0b 100644 --- a/roles/network/wireguard/gateway/templates/nftables.rules.j2 +++ b/roles/network/wireguard/gateway/templates/nftables.rules.j2 @@ -4,7 +4,7 @@ table ip nat { chain wireguard-gateway-{{ item.key }}-snat { type nat hook postrouting priority 100; policy accept; - ip saddr { {{ item.value.addresses | map('ipaddr', 'network/prefix') | join(', ') }} } oifname {{ item.value.ip_snat.interface }} snat to {{ item.value.ip_snat.to }} + ip saddr { {{ item.value.addresses | map('ansible.utils.ipaddr', 'network/prefix') | join(', ') }} } oifname {{ item.value.ip_snat.interface }} snat to {{ item.value.ip_snat.to }} } } {% endif %} diff --git a/roles/network/wireguard/p2p/defaults/main.yml b/roles/network/wireguard/p2p/defaults/main.yml index 9d93b810..cb8d6f18 100644 --- a/roles/network/wireguard/p2p/defaults/main.yml +++ b/roles/network/wireguard/p2p/defaults/main.yml @@ -7,12 +7,12 @@ # addresses: # - 192.168.123.254/24 -# wireguard_p2p_peer: -# pub_key: public_key_of_peer -# keepalive_interval: 10 -# endpoint: -# host: 5.6.7.8 -# port: 1234 -# allowed_ips: -# - 192.168.255.3/32 -# - 192.168.123.0/24 +# wireguard_p2p_peers: +# - pub_key: public_key_of_peer +# keepalive_interval: 10 +# endpoint: +# host: 5.6.7.8 +# port: 1234 +# allowed_ips: +# - 192.168.255.3/32 +# - 192.168.123.0/24 diff --git a/roles/network/wireguard/p2p/templates/systemd.netdev.j2 b/roles/network/wireguard/p2p/templates/systemd.netdev.j2 index 04abfa1d..336fdfb2 100644 --- a/roles/network/wireguard/p2p/templates/systemd.netdev.j2 +++ b/roles/network/wireguard/p2p/templates/systemd.netdev.j2 @@ -12,15 +12,17 @@ PrivateKey={{ wireguard_p2p_interface.priv_key }} ListenPort={{ wireguard_p2p_interface.listen_port }} {% endif %} +{% for peer in wireguard_p2p_peers %} [WireGuardPeer] -PublicKey={{ wireguard_p2p_peer.pub_key }} -{% for ip in wireguard_p2p_peer.allowed_ips %} +PublicKey={{ peer.pub_key }} +{% for ip in peer.allowed_ips %} AllowedIPs={{ ip }} +{% endfor %} +{% if 'endpoint' in peer %} +Endpoint={{ peer.endpoint.host }}:{{ peer.endpoint.port | default(51820) }} +{% endif %} +{% if 'keepalive_interval' in peer %} +PersistentKeepalive={{ peer.keepalive_interval }} +{% endif %} {% endfor %} -{% if 'endpoint' in wireguard_p2p_peer %} -Endpoint={{ wireguard_p2p_peer.endpoint.host }}:{{ wireguard_p2p_peer.endpoint.port | default(51820) }} -{% endif %} -{% if 'keepalive_interval' in wireguard_p2p_peer %} -PersistentKeepalive={{ wireguard_p2p_peer.keepalive_interval }} -{% endif %} -- cgit v1.2.3 From 0f6cabbae37d2750a1841d2e1abd07eca064af29 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 20 Nov 2022 23:30:00 +0100 Subject: add wireguard-based remote vpn connections to ch-(pan|mimas) --- chaos-at-home/ch-mimas.yml | 2 ++ chaos-at-home/ch-pan.yml | 2 ++ inventory/host_vars/ch-mimas.yml | 23 ++++++++++++++++++++++ inventory/host_vars/ch-pan.yml | 23 ++++++++++++++++++++++ inventory/host_vars/ch-router.yml | 19 +++++++++--------- roles/network/wireguard/p2p/defaults/main.yml | 9 ++++++--- roles/network/wireguard/p2p/tasks/main.yml | 16 ++++++++++++++- .../wireguard/p2p/templates/systemd.netdev.j2 | 4 ++++ .../wireguard/p2p/templates/systemd.network.j2 | 6 ++++++ 9 files changed, 91 insertions(+), 13 deletions(-) diff --git a/chaos-at-home/ch-mimas.yml b/chaos-at-home/ch-mimas.yml index 178f9093..8aee418f 100644 --- a/chaos-at-home/ch-mimas.yml +++ b/chaos-at-home/ch-mimas.yml @@ -19,6 +19,8 @@ roles: - role: storage/zfs/pools - role: storage/zfs/sanoid + - role: network/wireguard/base + - role: network/wireguard/p2p - role: network/bind - role: acmetool/base - role: apt-repo/spreadspace diff --git a/chaos-at-home/ch-pan.yml b/chaos-at-home/ch-pan.yml index 93871234..6edd32fc 100644 --- a/chaos-at-home/ch-pan.yml +++ b/chaos-at-home/ch-pan.yml @@ -11,6 +11,8 @@ - name: Payload Setup hosts: ch-pan roles: + - role: network/wireguard/base + - role: network/wireguard/p2p - role: network/bind - role: dyndns/server - role: acmetool/base diff --git a/inventory/host_vars/ch-mimas.yml b/inventory/host_vars/ch-mimas.yml index 2bafafe1..32db8f65 100644 --- a/inventory/host_vars/ch-mimas.yml +++ b/inventory/host_vars/ch-mimas.yml @@ -47,6 +47,29 @@ zfs_sanoid_modules: process_children_only: yes +wireguard_p2p_interface: + name: remote0 + description: connection to chaos-at-home internal services + listen_port: 51820 + addresses: + - "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets[inventory_hostname]) }}" + static_routes: + - dest: "{{ network_zones.svc.prefix }}" + gw: "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets['ch-router']) | ansible.utils.ipaddr('address') }}" + - dest: "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ansible.utils.ipaddr('address') }}/32" + gw: "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets['ch-router']) | ansible.utils.ipaddr('address') }}" + +wireguard_p2p_peers: + - pub_key: "9pUDet+les5aI9UnHHVgyw95hNBxlAX8DBCxTjigpEI=" + endpoint: + host: "{{ network_zones.magenta.prefix | ansible.utils.ipaddr(network_zones.magenta.offsets['ch-router']) | ansible.utils.ipaddr('address') }}" + port: 51820 + allowed_ips: + - "{{ network_zones.remote.prefix }}" + - "{{ network_zones.svc.prefix }}" + - "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ansible.utils.ipaddr('address') }}/32" + + bind_option_empty_zones_enable: no bind_option_allow_transfer: [] bind_option_allow_recursion: diff --git a/inventory/host_vars/ch-pan.yml b/inventory/host_vars/ch-pan.yml index 9f18ed93..5beabb31 100644 --- a/inventory/host_vars/ch-pan.yml +++ b/inventory/host_vars/ch-pan.yml @@ -41,6 +41,29 @@ sshd_allowusers_host: "{{ admin_users_host + ['dyndns'] }}" ntp_variant: systemd-timesyncd +wireguard_p2p_interface: + name: remote0 + description: connection to chaos-at-home internal services + listen_port: 51820 + addresses: + - "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets[inventory_hostname]) }}" + static_routes: + - dest: "{{ network_zones.svc.prefix }}" + gw: "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets['ch-router']) | ansible.utils.ipaddr('address') }}" + - dest: "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ansible.utils.ipaddr('address') }}/32" + gw: "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets['ch-router']) | ansible.utils.ipaddr('address') }}" + +wireguard_p2p_peers: + - pub_key: "9pUDet+les5aI9UnHHVgyw95hNBxlAX8DBCxTjigpEI=" + endpoint: + host: "{{ network_zones.magenta.prefix | ansible.utils.ipaddr(network_zones.magenta.offsets['ch-router']) | ansible.utils.ipaddr('address') }}" + port: 51820 + allowed_ips: + - "{{ network_zones.remote.prefix }}" + - "{{ network_zones.svc.prefix }}" + - "{{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ansible.utils.ipaddr('address') }}/32" + + nginx_server_names_hash_bucket_size: 64 acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}" diff --git a/inventory/host_vars/ch-router.yml b/inventory/host_vars/ch-router.yml index 794ae485..ce4ed984 100644 --- a/inventory/host_vars/ch-router.yml +++ b/inventory/host_vars/ch-router.yml @@ -163,8 +163,9 @@ openwrt_mixin: define prefix_mgmt = {{ network_zones.mgmt.prefix }} define prefix_openvpn = 192.168.8.0/24 define prefix_remote = 192.168.51.0/24 + define prefix_svc = {{ network_zones.svc.prefix }} define prefixes_internal = { {{ network_zones.svc.prefix }}, {{ network_zones.lan.prefix }} } - + define ip_prometheus_legacy = {{ network_zones.lan.prefix | ansible.utils.ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ansible.utils.ipaddr('address') }} table inet global { ## INPUT @@ -213,8 +214,8 @@ openwrt_mixin: iif $nic_internal ip saddr $prefixes_internal oif $nic_magenta accept iif $nic_internal ip saddr $prefixes_internal oifname $nic_openvpn ip daddr $prefix_openvpn accept iifname $nic_openvpn ip saddr $prefix_openvpn oif $nic_internal ip daddr $prefixes_internal accept - iif $nic_internal ip saddr $prefixes_internal oifname $nic_remote ip daddr $prefix_remote accept - iifname $nic_remote ip saddr $prefix_remote oif $nic_internal ip daddr $prefixes_internal accept ## TODO: review allowed connections + iif $nic_internal ip saddr { $prefix_svc, $ip_prometheus_legacy } oifname $nic_remote ip daddr $prefix_remote accept + iifname $nic_remote ip saddr $prefix_remote oif $nic_internal ip daddr { $prefix_svc, $ip_prometheus_legacy } accept {% for name, svc in network_services.items() %} iif $nic_magenta oif $nic_internal ip daddr {{ svc.addr }} tcp dport { {{ svc.ports | join(', ') }} } accept comment "Service: {{ name }}" {% endfor %} @@ -362,24 +363,24 @@ openwrt_uci: - "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets[inventory_hostname]) }}" nohostroute: 1 - - name: wireguard_remote 'ch-pan' + - name: wireguard_remote 'pan' options: - public_key: "" ## TODO + public_key: "sd/OqiO0hktuJ3FvIBnM8RJpqG0lkN7wWJjdKbU1TSw=" # preshared_key: "" endpoint_host: "{{ hostvars['ch-pan'].network.primary.address | ansible.utils.ipaddr('address') }}" endpoint_port: 51820 allowed_ips: - - "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets['ch-pan']) }}" + - "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets['ch-pan']) | ansible.utils.ipaddr('address') }}" persistent_keepalive: 60 - - name: wireguard_remote 'ch-mimas' + - name: wireguard_remote 'mimas' options: - public_key: "" ## TODO + public_key: "ZpvJ3Myn/FSJTqsEkNB5AQaVAuTqfFFCAqLomkeZV3g=" # preshared_key: "" endpoint_host: "{{ hostvars['ch-mimas'].external_ip }}" endpoint_port: 51820 allowed_ips: - - "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets['ch-mimas']) }}" + - "{{ network_zones.remote.prefix | ansible.utils.ipaddr(network_zones.remote.offsets['ch-mimas']) | ansible.utils.ipaddr('address') }}" persistent_keepalive: 60 sqm: diff --git a/roles/network/wireguard/p2p/defaults/main.yml b/roles/network/wireguard/p2p/defaults/main.yml index cb8d6f18..68000a83 100644 --- a/roles/network/wireguard/p2p/defaults/main.yml +++ b/roles/network/wireguard/p2p/defaults/main.yml @@ -5,7 +5,10 @@ # priv_key: secret # listen_port: 1234 # addresses: -# - 192.168.123.254/24 +# - 192.168.255.254/24 +# static_routes: +# - dest: 192.168.123.0/24 +# gw: 192.168.255.3 # wireguard_p2p_peers: # - pub_key: public_key_of_peer @@ -14,5 +17,5 @@ # host: 5.6.7.8 # port: 1234 # allowed_ips: -# - 192.168.255.3/32 -# - 192.168.123.0/24 +# - 192.168.255.3/32 +# - 192.168.123.0/24 diff --git a/roles/network/wireguard/p2p/tasks/main.yml b/roles/network/wireguard/p2p/tasks/main.yml index 78cfaf43..c1c21263 100644 --- a/roles/network/wireguard/p2p/tasks/main.yml +++ b/roles/network/wireguard/p2p/tasks/main.yml @@ -1,4 +1,18 @@ --- +- name: autogenerate wireguard private key file + when: "'priv_key' not in wireguard_p2p_interface" + block: + - name: generate private key + shell: + cmd: "umask 0027; wg genkey > '/etc/systemd/network/{{ wireguard_p2p_interface.name }}.privkey'" + creates: "/etc/systemd/network/{{ wireguard_p2p_interface.name }}.privkey" + + - name: make sure systemd-netword can read the private key file + file: + path: "/etc/systemd/network/{{ wireguard_p2p_interface.name }}.privkey" + mode: 0640 + group: systemd-network + - name: install wireguard interfaces (netdev) template: src: systemd.netdev.j2 @@ -13,7 +27,7 @@ dest: "/etc/systemd/network/{{ wireguard_p2p_interface.name }}.network" notify: restart systemd-networkd -- name: enable systemd-networkd +- name: make sure systemd-networkd is enabled systemd: name: systemd-networkd enabled: yes diff --git a/roles/network/wireguard/p2p/templates/systemd.netdev.j2 b/roles/network/wireguard/p2p/templates/systemd.netdev.j2 index 336fdfb2..3e73f474 100644 --- a/roles/network/wireguard/p2p/templates/systemd.netdev.j2 +++ b/roles/network/wireguard/p2p/templates/systemd.netdev.j2 @@ -7,7 +7,11 @@ Description={{ wireguard_p2p_interface.description }} [WireGuard] +{% if 'priv_key' in wireguard_p2p_interface %} PrivateKey={{ wireguard_p2p_interface.priv_key }} +{% else %} +PrivateKeyFile=/etc/systemd/network/{{ wireguard_p2p_interface.name }}.privkey +{% endif %} {% if 'listen_port' in wireguard_p2p_interface %} ListenPort={{ wireguard_p2p_interface.listen_port }} {% endif %} diff --git a/roles/network/wireguard/p2p/templates/systemd.network.j2 b/roles/network/wireguard/p2p/templates/systemd.network.j2 index 3d1e2431..e40e610b 100644 --- a/roles/network/wireguard/p2p/templates/systemd.network.j2 +++ b/roles/network/wireguard/p2p/templates/systemd.network.j2 @@ -5,3 +5,9 @@ Name={{ wireguard_p2p_interface.name }} {% for addr in wireguard_p2p_interface.addresses %} Address={{ addr }} {% endfor %} +{% for route in wireguard_p2p_interface.static_routes | default([]) %} + +[Route] +Destination={{ route.dest }} +Gateway={{ route.gw }} +{% endfor %} -- cgit v1.2.3