diff options
| author | Patrick Spek <p.spek@tyil.nl> | 2024-01-05 12:10:17 +0100 |
|---|---|---|
| committer | Patrick Spek <p.spek@tyil.nl> | 2024-01-05 12:10:17 +0100 |
| commit | 76ec6dd2c3a56fac5f09943a9f7af9f4e2d17682 (patch) | |
| tree | 2bd72013c7cb8215f804514152e98e922fcd6083 | |
| parent | dad6d287dbb30f0984bfab7be9b489e27dcfefc5 (diff) | |
Update vpn-wireguard playbook
| -rwxr-xr-x | data.d/vpn-wireguard/hooks/post-up | 10 | ||||
| -rw-r--r-- | data.d/vpn-wireguard/peers/caeghi.tyil.net (renamed from data.d/vpn-wireguard/caeghi.tyil.net) | 0 | ||||
| -rw-r--r-- | data.d/vpn-wireguard/peers/qohrei.tyil.net (renamed from data.d/vpn-wireguard/qohrei.tyil.net) | 0 | ||||
| -rw-r--r-- | playbooks.d/vpn-wireguard/playbook.bash | 46 |
4 files changed, 42 insertions, 14 deletions
diff --git a/data.d/vpn-wireguard/hooks/post-up b/data.d/vpn-wireguard/hooks/post-up new file mode 100755 index 0000000..948a9a8 --- /dev/null +++ b/data.d/vpn-wireguard/hooks/post-up @@ -0,0 +1,10 @@ +#!/usr/bin/env bash + +# Ping all known hosts, as it seems that the wireguard interface comes up when +# only after it gets used on the machine itself. +while read -r addr; +do + ping -c 1 -q -w 1 "$addr" & +done < <(awk -F= '/vpn-wireguard.ip/ { print $NF }' /etc/bashtard/hosts.d/*) + +wait diff --git a/data.d/vpn-wireguard/caeghi.tyil.net b/data.d/vpn-wireguard/peers/caeghi.tyil.net index 2838c02..2838c02 100644 --- a/data.d/vpn-wireguard/caeghi.tyil.net +++ b/data.d/vpn-wireguard/peers/caeghi.tyil.net diff --git a/data.d/vpn-wireguard/qohrei.tyil.net b/data.d/vpn-wireguard/peers/qohrei.tyil.net index a0a2224..a0a2224 100644 --- a/data.d/vpn-wireguard/qohrei.tyil.net +++ b/data.d/vpn-wireguard/peers/qohrei.tyil.net diff --git a/playbooks.d/vpn-wireguard/playbook.bash b/playbooks.d/vpn-wireguard/playbook.bash index c3f93cd..e54eff4 100644 --- a/playbooks.d/vpn-wireguard/playbook.bash +++ b/playbooks.d/vpn-wireguard/playbook.bash @@ -6,8 +6,10 @@ BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.ip]="required" playbook_add() { local data + local interface data="$(playbook_path "data")" + interface="$(config "$BASHTARD_PLAYBOOK.interface" "wg0")" pkg install wireguard @@ -15,7 +17,7 @@ playbook_add() { # the private key is not included if [[ ! -d "$data" ]] then - mkdir -pv -- "$data" + mkdir -pv -- "$data" "$data/hooks" "$data/peers" cat <<-EOF >> "$data/.gitignore" privkey EOF @@ -30,26 +32,30 @@ playbook_add() { ip="$(config "$BASHTARD_PLAYBOOK.ip")" \ port="$(config "$BASHTARD_PLAYBOOK.port" "51820")" \ pubkey="$(wg pubkey < "$data/privkey")" \ - > "$data/${BASHTARD_PLATFORM[fqdn]}" + > "$data/peers/${BASHTARD_PLATFORM[fqdn]}" # Run the sync stage to make sure all the configuration files are written as # desired playbook_sync - # TODO: Enable the wireguard interface - systemctl enable --now wg-quick@wg$(config "$BASTHARD_PLAYBOOK.interface_id" "0").service + # Enable the wireguard interface + systemctl enable --now "wg-quick@$interface.service" } playbook_sync() { local data local wgconf + local interface data="$(playbook_path "data")" - wgconf="$(config "fs.etcdir")/wireguard/wg$(config "$BASHTARD_PLAYBOOK.interface_id" "0").conf" + interface="$(config "$BASHTARD_PLAYBOOK.interface" "wg0")" + wgconf="$(config "fs.etcdir")/wireguard/$interface.conf" # Create the wireguard config directory mkdir -pv "$(config "fs.etcdir")/wireguard" + info "$BASHTARD_PLAYBOOK" "Generating wireguard configuration at $wgconf" + # Write the Interface section file_template "interface" \ ip="$(config "$BASHTARD_PLAYBOOK.ip")" \ @@ -57,28 +63,40 @@ playbook_sync() { privkey="$(cat "$data/privkey")" \ > "$wgconf" - info "$BASHTARD_PLAYBOOK" "Generating wireguard configuration at $wgconf" + if [[ -f "$data/hooks/post-up" ]] + then + printf "PostUp = %s\n" "$data/hooks/post-up" >> "$wgconf" + fi + + if [[ -f "$data/hooks/pre-down" ]] + then + printf "PreDown = %s\n" "$data/hooks/pre-down" >> "$wgconf" + fi # Include peerfiles for all other machines - for path in "$data"/* + for path in "$data/peers"/* do local peer="$(basename "$path")" - [[ "$peer" == "privkey" ]] && continue + # Skip the machine itself, as it needs not peer with itself [[ "$peer" == "${BASHTARD_PLATFORM[fqdn]}" ]] && continue - # Append all peers, but prepend them with newlines so the resulting file - # looks a little nicer + # Append peerfile, but add a newline in there to make the + # resulting configuration file a little nicer printf "\n" >> "$wgconf" cat "$path" >> "$wgconf" done - # TODO: Refresh the wireguard interface - systemctl reload wg-quick@wg$(config "$BASTHARD_PLAYBOOK.interface_id" "0").service + # Refresh the wireguard interface + systemctl reload "wg-quick@$interface.service" } playbook_del() { - systemctl disable --now wg-quick@wg$(config "$BASTHARD_PLAYBOOK.interface_id" "0").service - rm -f -- "$(config "fs.etcdir")/wireguard/wg$(config "$BASHTARD_PLAYBOOK.interface_id" "0").conf" + local interface + + interface="$(config "$BASHTARD_PLAYBOOK.interface" "wg0")" + + systemctl disable --now "wg-quick@$interface.service" + rm -f -- "$(config "fs.etcdir")/wireguard/$interface.conf" pkg uninstall wireguard } |