From 18cc7010e1b1c0ea1672acc618d8b78c23ffd765 Mon Sep 17 00:00:00 2001
From: Patrick Spek <p.spek@tyil.nl>
Date: Wed, 13 Mar 2024 10:16:23 +0100
Subject: Add PersistentKeepalive to vpn-wireguard

---
 data.d/vpn-wireguard/peers/faiwoo.tyil.net | 1 +
 data.d/vpn-wireguard/peers/jaomox.tyil.net | 1 +
 data.d/vpn-wireguard/peers/mieshu.tyil.net | 1 +
 data.d/vpn-wireguard/peers/nouki.tyil.net  | 1 +
 data.d/vpn-wireguard/peers/qohrei.tyil.net | 1 +
 data.d/vpn-wireguard/peers/ricui.tyil.net  | 1 +
 defaults                                   | 1 +
 playbooks.d/vpn-wireguard/playbook.bash    | 1 +
 playbooks.d/vpn-wireguard/share/peer       | 1 +
 9 files changed, 9 insertions(+)

diff --git a/data.d/vpn-wireguard/peers/faiwoo.tyil.net b/data.d/vpn-wireguard/peers/faiwoo.tyil.net
index 3c01dd7..a0d9b00 100644
--- a/data.d/vpn-wireguard/peers/faiwoo.tyil.net
+++ b/data.d/vpn-wireguard/peers/faiwoo.tyil.net
@@ -2,3 +2,4 @@
 AllowedIPs = fd68:1058:1992:3381:0:1:1:2/128,10.58.1.2/32
 Endpoint = [2a01:4f9:c010:e20c::1]:51820
 PublicKey = VFum7R3gltUKMhx8XHDYpPHJzVmgb9cuYSKyIEyOKkc=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/jaomox.tyil.net b/data.d/vpn-wireguard/peers/jaomox.tyil.net
index 6f78a38..d5ca415 100644
--- a/data.d/vpn-wireguard/peers/jaomox.tyil.net
+++ b/data.d/vpn-wireguard/peers/jaomox.tyil.net
@@ -2,3 +2,4 @@
 AllowedIPs = fd68:1058:1992:3381:0:3:3:1/128,10.58.3.1/32
 Endpoint = [163.172.218.246]:51820
 PublicKey = gn9hMP+0mljBktybTlPDMI+/QIWNyk1lKO46o8cY82A=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/mieshu.tyil.net b/data.d/vpn-wireguard/peers/mieshu.tyil.net
index 9ea63ed..edd7dbc 100644
--- a/data.d/vpn-wireguard/peers/mieshu.tyil.net
+++ b/data.d/vpn-wireguard/peers/mieshu.tyil.net
@@ -2,3 +2,4 @@
 AllowedIPs = fd68:1058:1992:3381:0:3:3317:2/128,10.58.3.2/32
 Endpoint = [2a10:3781:2453:1:7aaf:8ff:fe7a:9ba8]:51820
 PublicKey = gY8H+0sKzjr1hGLtsF+dTJsTM746k3Ufw6BczudRMmQ=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/nouki.tyil.net b/data.d/vpn-wireguard/peers/nouki.tyil.net
index a1cd8db..4204ccf 100644
--- a/data.d/vpn-wireguard/peers/nouki.tyil.net
+++ b/data.d/vpn-wireguard/peers/nouki.tyil.net
@@ -2,3 +2,4 @@
 AllowedIPs = fd68:1057:1992:3381:0:2:3317:1/128,10.58.2.1/32
 Endpoint = [2a10:3781:2453:1:c8cb:d1a:bc0:dc38]:51820
 PublicKey = geCOglWhIHapf8V/5GuQglEcSJhBqUAP6GKOkZqC9Rg=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/qohrei.tyil.net b/data.d/vpn-wireguard/peers/qohrei.tyil.net
index 35a3cdf..9ad882b 100644
--- a/data.d/vpn-wireguard/peers/qohrei.tyil.net
+++ b/data.d/vpn-wireguard/peers/qohrei.tyil.net
@@ -2,3 +2,4 @@
 AllowedIPs = fd68:1058:1992:3381:0:1:1:1/128,10.58.1.1/32
 Endpoint = [2a01:4f9:c012:6273::1]:51820
 PublicKey = 944GFpkZnrVRziBBR1ST52PDwuFjW/XfXwggmLH46E8=
+PersistentKeepalive = 10
diff --git a/data.d/vpn-wireguard/peers/ricui.tyil.net b/data.d/vpn-wireguard/peers/ricui.tyil.net
index 1b621fb..41ad9f9 100644
--- a/data.d/vpn-wireguard/peers/ricui.tyil.net
+++ b/data.d/vpn-wireguard/peers/ricui.tyil.net
@@ -2,3 +2,4 @@
 AllowedIPs = fd68:1058:1992:3381:0:1:1:3/128,10.58.1.3/32
 Endpoint = [2a01:4f8:1c1b:67d7::1]:51820
 PublicKey = sEMRuNGxTLUsUocC9Oq2WSpuBTFjHBdssaSNXCzmx0Y=
+PersistentKeepalive = 10
diff --git a/defaults b/defaults
index b5d3bda..50fdd15 100644
--- a/defaults
+++ b/defaults
@@ -50,6 +50,7 @@ nftables.input.state.related.policy=accept
 seaweedfs-master.replication=100
 vpn-tinc.name=tyilnet
 vpn-wireguard.interface=tyilnet1058
+vpn-wireguard.keepalive=10
 www-blog.generator=hugo
 www-blog.path=/var/www/nl.tyil.www
 www-blog.repository=https://git.tyil.nl/blog
diff --git a/playbooks.d/vpn-wireguard/playbook.bash b/playbooks.d/vpn-wireguard/playbook.bash
index c78906c..734761d 100644
--- a/playbooks.d/vpn-wireguard/playbook.bash
+++ b/playbooks.d/vpn-wireguard/playbook.bash
@@ -33,6 +33,7 @@ playbook_add() {
 		endpoint="$(config "$BASHTARD_PLAYBOOK.endpoint")" \
 		ipv4="$(config "$BASHTARD_PLAYBOOK.ipv4")" \
 		ipv6="$(config "$BASHTARD_PLAYBOOK.ipv6")" \
+		keepalive="$(config "$BASHTARD_PLAYBOOK.keepalive" "0")" \
 		port="$(config "$BASHTARD_PLAYBOOK.port" "51820")" \
 		pubkey="$(wg pubkey < "$data/privkey")" \
 		> "$data/peers/${BASHTARD_PLATFORM[fqdn]}"
diff --git a/playbooks.d/vpn-wireguard/share/peer b/playbooks.d/vpn-wireguard/share/peer
index 5dfc3dd..9a95e38 100644
--- a/playbooks.d/vpn-wireguard/share/peer
+++ b/playbooks.d/vpn-wireguard/share/peer
@@ -2,3 +2,4 @@
 AllowedIPs = ${ipv6}/128,${ipv4}/32
 Endpoint = [${endpoint}]:${port}
 PublicKey = ${pubkey}
+PersistentKeepalive = ${keepalive}
-- 
cgit v1.1