From b4a12dbbf4a4759bf24975ca9bfc5096c90ae8b6 Mon Sep 17 00:00:00 2001
From: Dmitry Ilvokhin <d@ilvokhin.com>
Date: Sun, 19 May 2024 17:02:45 +0100
Subject: Wireguard overlay network setup

Need to migrate away from networkd, because it can't add new wireguard
peers now out of the box without hacks.

[1]: https://github.com/systemd/systemd/issues/25547
---
 roles/wgnet/templates/wg0.netdev.j2  | 18 ++++++++++++++++++
 roles/wgnet/templates/wg0.network.j2 |  6 ++++++
 2 files changed, 24 insertions(+)
 create mode 100644 roles/wgnet/templates/wg0.netdev.j2
 create mode 100644 roles/wgnet/templates/wg0.network.j2

(limited to 'roles/wgnet/templates')

diff --git a/roles/wgnet/templates/wg0.netdev.j2 b/roles/wgnet/templates/wg0.netdev.j2
new file mode 100644
index 0000000..d258010
--- /dev/null
+++ b/roles/wgnet/templates/wg0.netdev.j2
@@ -0,0 +1,18 @@
+[NetDev]
+Name=wg0
+Kind=wireguard
+Description="Wireguard Overlay Network"
+
+[WireGuard]
+ListenPort=51820
+PrivateKey={{ wireguard_private_key }}
+
+# flame
+[WireGuardPeer]
+PublicKey=YUuBBTKHXsD6tTzcAVWXakZffWKlGS5fAdx7zWSXtlI=
+AllowedIPs=10.0.0.2/32
+
+# water
+[WireGuardPeer]
+PublicKey=X0Gw37N+AUkZjiyZ9buZ8c2ZzFr+niX3FZjxlyqQq0Q=
+AllowedIPs=10.0.0.3/32
diff --git a/roles/wgnet/templates/wg0.network.j2 b/roles/wgnet/templates/wg0.network.j2
new file mode 100644
index 0000000..2f578e5
--- /dev/null
+++ b/roles/wgnet/templates/wg0.network.j2
@@ -0,0 +1,6 @@
+[Match]
+Name=wg0
+
+[Network]
+Address={{ wgnet_ip }}/24
+IPMasquerade=ipv4
-- 
cgit v1.2.3-70-g09d2