From a895214d8fe4b515fbef15a7f919c5177543ac56 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sat, 29 Feb 2020 03:29:26 +0100
Subject: wireguard gateway works now (it is quite ugly though)

---
 .../gateway/templates/systemd-fix-default-gw.service.j2     | 12 ++++++++++++
 roles/wireguard/gateway/templates/systemd.network.j2        | 13 +++++++++++++
 2 files changed, 25 insertions(+)
 create mode 100644 roles/wireguard/gateway/templates/systemd-fix-default-gw.service.j2

(limited to 'roles/wireguard/gateway/templates')

diff --git a/roles/wireguard/gateway/templates/systemd-fix-default-gw.service.j2 b/roles/wireguard/gateway/templates/systemd-fix-default-gw.service.j2
new file mode 100644
index 00000000..d2d8a470
--- /dev/null
+++ b/roles/wireguard/gateway/templates/systemd-fix-default-gw.service.j2
@@ -0,0 +1,12 @@
+[Unit]
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/sbin/ip route add {{ item.value.default_gateway.outer }} via {{ ansible_default_ipv4.gateway }}
+ExecStop=/sbin/ip route del {{ item.value.default_gateway.outer }} via {{ ansible_default_ipv4.gateway }}
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/wireguard/gateway/templates/systemd.network.j2 b/roles/wireguard/gateway/templates/systemd.network.j2
index 8d8af966..6847aa6a 100644
--- a/roles/wireguard/gateway/templates/systemd.network.j2
+++ b/roles/wireguard/gateway/templates/systemd.network.j2
@@ -5,3 +5,16 @@ Name={{ item.key }}
 {% for addr in item.value.addresses %}
 Address={{ addr }}
 {% endfor %}
+{% if 'ip_masq' in item.value and item.value.ip_masq %}
+IPMasquerade=yes
+{% endif %}
+{% if 'default_gateway' in item.value %}
+
+[Route]
+Destination=0.0.0.0/1
+Gateway={{ item.value.default_gateway.inner }}
+
+[Route]
+Destination=128.0.0.0/1
+Gateway={{ item.value.default_gateway.inner }}
+{% endif %}
-- 
cgit v1.2.3