diff options
| author | Dmitry Ilvokhin <d@ilvokhin.com> | 2024-05-19 17:02:45 +0100 |
|---|---|---|
| committer | Dmitry Ilvokhin <d@ilvokhin.com> | 2024-05-19 17:02:45 +0100 |
| commit | b4a12dbbf4a4759bf24975ca9bfc5096c90ae8b6 (patch) | |
| tree | 48bc7a65415aa039c22575cf3c3919b5a4cea0f5 /roles/wgnet/templates | |
| parent | 588e86b33df631382027862ed06bfd11e989e01b (diff) | |
| download | infra-b4a12dbbf4a4759bf24975ca9bfc5096c90ae8b6.tar.gz infra-b4a12dbbf4a4759bf24975ca9bfc5096c90ae8b6.tar.bz2 infra-b4a12dbbf4a4759bf24975ca9bfc5096c90ae8b6.zip | |
Wireguard overlay network setup
Need to migrate away from networkd, because it can't add new wireguard
peers now out of the box without hacks.
[1]: https://github.com/systemd/systemd/issues/25547
Diffstat (limited to 'roles/wgnet/templates')
| -rw-r--r-- | roles/wgnet/templates/wg0.netdev.j2 | 18 | ||||
| -rw-r--r-- | roles/wgnet/templates/wg0.network.j2 | 6 |
2 files changed, 24 insertions, 0 deletions
diff --git a/roles/wgnet/templates/wg0.netdev.j2 b/roles/wgnet/templates/wg0.netdev.j2 new file mode 100644 index 0000000..d258010 --- /dev/null +++ b/roles/wgnet/templates/wg0.netdev.j2 @@ -0,0 +1,18 @@ +[NetDev] +Name=wg0 +Kind=wireguard +Description="Wireguard Overlay Network" + +[WireGuard] +ListenPort=51820 +PrivateKey={{ wireguard_private_key }} + +# flame +[WireGuardPeer] +PublicKey=YUuBBTKHXsD6tTzcAVWXakZffWKlGS5fAdx7zWSXtlI= +AllowedIPs=10.0.0.2/32 + +# water +[WireGuardPeer] +PublicKey=X0Gw37N+AUkZjiyZ9buZ8c2ZzFr+niX3FZjxlyqQq0Q= +AllowedIPs=10.0.0.3/32 diff --git a/roles/wgnet/templates/wg0.network.j2 b/roles/wgnet/templates/wg0.network.j2 new file mode 100644 index 0000000..2f578e5 --- /dev/null +++ b/roles/wgnet/templates/wg0.network.j2 @@ -0,0 +1,6 @@ +[Match] +Name=wg0 + +[Network] +Address={{ wgnet_ip }}/24 +IPMasquerade=ipv4 |