From da9620ed0709be25b4ced254ca0f131f637bcfe6 Mon Sep 17 00:00:00 2001
From: Dmitry Ilvokhin <d@ilvokhin.com>
Date: Mon, 27 May 2024 10:45:25 +0100
Subject: Add wgvpn role for WireGuard VPN

---
 roles/wgvpn/templates/wg1.conf.j2 | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 roles/wgvpn/templates/wg1.conf.j2

(limited to 'roles/wgvpn/templates')

diff --git a/roles/wgvpn/templates/wg1.conf.j2 b/roles/wgvpn/templates/wg1.conf.j2
new file mode 100644
index 0000000..8a930ac
--- /dev/null
+++ b/roles/wgvpn/templates/wg1.conf.j2
@@ -0,0 +1,17 @@
+[Interface]
+PrivateKey = {{ wireguard_private_key }}
+Address = 10.0.1.1/24
+ListenPort = 51821
+
+PostUp = iptables -A FORWARD -i %i -j ACCEPT
+PostUp = iptables -A FORWARD -o %i -j ACCEPT
+PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+
+PostDown = iptables -D FORWARD -i %i -j ACCEPT;
+PostDown = iptables -D FORWARD -o %i -j ACCEPT;
+PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+
+# earth
+[Peer]
+PublicKey = HhBhDQmGzltIGQOn+clbRIkQt7ocPAuqsUS+ytinIwU=
+AllowedIPs = 10.0.1.2/32
-- 
cgit v1.2.3-70-g09d2