From 76ec6dd2c3a56fac5f09943a9f7af9f4e2d17682 Mon Sep 17 00:00:00 2001 From: Patrick Spek Date: Fri, 5 Jan 2024 12:10:17 +0100 Subject: Update vpn-wireguard playbook --- data.d/vpn-wireguard/caeghi.tyil.net | 4 --- data.d/vpn-wireguard/hooks/post-up | 10 +++++++ data.d/vpn-wireguard/peers/caeghi.tyil.net | 4 +++ data.d/vpn-wireguard/peers/qohrei.tyil.net | 10 +++++++ data.d/vpn-wireguard/qohrei.tyil.net | 10 ------- playbooks.d/vpn-wireguard/playbook.bash | 46 +++++++++++++++++++++--------- 6 files changed, 56 insertions(+), 28 deletions(-) delete mode 100644 data.d/vpn-wireguard/caeghi.tyil.net create mode 100755 data.d/vpn-wireguard/hooks/post-up create mode 100644 data.d/vpn-wireguard/peers/caeghi.tyil.net create mode 100644 data.d/vpn-wireguard/peers/qohrei.tyil.net delete mode 100644 data.d/vpn-wireguard/qohrei.tyil.net diff --git a/data.d/vpn-wireguard/caeghi.tyil.net b/data.d/vpn-wireguard/caeghi.tyil.net deleted file mode 100644 index 2838c02..0000000 --- a/data.d/vpn-wireguard/caeghi.tyil.net +++ /dev/null @@ -1,4 +0,0 @@ -[Peer] -AllowedIPs = fd68:1e45:bc6c:4c7b::57:20:2/128 -Endpoint = [2a01:4f8:c010:ca5::1]:51820 -PublicKey = pD5smiNb4NmNVwAJholXYZ5BnxHKyN8nb3mmLAD0BEY= diff --git a/data.d/vpn-wireguard/hooks/post-up b/data.d/vpn-wireguard/hooks/post-up new file mode 100755 index 0000000..948a9a8 --- /dev/null +++ b/data.d/vpn-wireguard/hooks/post-up @@ -0,0 +1,10 @@ +#!/usr/bin/env bash + +# Ping all known hosts, as it seems that the wireguard interface comes up when +# only after it gets used on the machine itself. +while read -r addr; +do + ping -c 1 -q -w 1 "$addr" & +done < <(awk -F= '/vpn-wireguard.ip/ { print $NF }' /etc/bashtard/hosts.d/*) + +wait diff --git a/data.d/vpn-wireguard/peers/caeghi.tyil.net b/data.d/vpn-wireguard/peers/caeghi.tyil.net new file mode 100644 index 0000000..2838c02 --- /dev/null +++ b/data.d/vpn-wireguard/peers/caeghi.tyil.net @@ -0,0 +1,4 @@ +[Peer] +AllowedIPs = fd68:1e45:bc6c:4c7b::57:20:2/128 +Endpoint = [2a01:4f8:c010:ca5::1]:51820 +PublicKey = pD5smiNb4NmNVwAJholXYZ5BnxHKyN8nb3mmLAD0BEY= diff --git a/data.d/vpn-wireguard/peers/qohrei.tyil.net b/data.d/vpn-wireguard/peers/qohrei.tyil.net new file mode 100644 index 0000000..a0a2224 --- /dev/null +++ b/data.d/vpn-wireguard/peers/qohrei.tyil.net @@ -0,0 +1,10 @@ +[Peer] +<<<<<<< Updated upstream +AllowedIPs = fd68:1e45:bc6c:4c7b::57:50:1/128 +Endpoint = [2a01:4f9:c012:6273::1]:51820 +PublicKey = 4BGxVjgNlFKOlomQSfxfsQs7y7hLbcK7iQyBs7Cf5mk= +======= +AllowedIPs = fd68:1e45:bc6c:4c7b::/64 +Endpoint = [2a01:4f9:c012:6273::1]:52345 +PublicKey = LY+L8jGdQwn545m71oBazey1QdJliibz1ejf3wpMgy0= +>>>>>>> Stashed changes diff --git a/data.d/vpn-wireguard/qohrei.tyil.net b/data.d/vpn-wireguard/qohrei.tyil.net deleted file mode 100644 index a0a2224..0000000 --- a/data.d/vpn-wireguard/qohrei.tyil.net +++ /dev/null @@ -1,10 +0,0 @@ -[Peer] -<<<<<<< Updated upstream -AllowedIPs = fd68:1e45:bc6c:4c7b::57:50:1/128 -Endpoint = [2a01:4f9:c012:6273::1]:51820 -PublicKey = 4BGxVjgNlFKOlomQSfxfsQs7y7hLbcK7iQyBs7Cf5mk= -======= -AllowedIPs = fd68:1e45:bc6c:4c7b::/64 -Endpoint = [2a01:4f9:c012:6273::1]:52345 -PublicKey = LY+L8jGdQwn545m71oBazey1QdJliibz1ejf3wpMgy0= ->>>>>>> Stashed changes diff --git a/playbooks.d/vpn-wireguard/playbook.bash b/playbooks.d/vpn-wireguard/playbook.bash index c3f93cd..e54eff4 100644 --- a/playbooks.d/vpn-wireguard/playbook.bash +++ b/playbooks.d/vpn-wireguard/playbook.bash @@ -6,8 +6,10 @@ BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.ip]="required" playbook_add() { local data + local interface data="$(playbook_path "data")" + interface="$(config "$BASHTARD_PLAYBOOK.interface" "wg0")" pkg install wireguard @@ -15,7 +17,7 @@ playbook_add() { # the private key is not included if [[ ! -d "$data" ]] then - mkdir -pv -- "$data" + mkdir -pv -- "$data" "$data/hooks" "$data/peers" cat <<-EOF >> "$data/.gitignore" privkey EOF @@ -30,26 +32,30 @@ playbook_add() { ip="$(config "$BASHTARD_PLAYBOOK.ip")" \ port="$(config "$BASHTARD_PLAYBOOK.port" "51820")" \ pubkey="$(wg pubkey < "$data/privkey")" \ - > "$data/${BASHTARD_PLATFORM[fqdn]}" + > "$data/peers/${BASHTARD_PLATFORM[fqdn]}" # Run the sync stage to make sure all the configuration files are written as # desired playbook_sync - # TODO: Enable the wireguard interface - systemctl enable --now wg-quick@wg$(config "$BASTHARD_PLAYBOOK.interface_id" "0").service + # Enable the wireguard interface + systemctl enable --now "wg-quick@$interface.service" } playbook_sync() { local data local wgconf + local interface data="$(playbook_path "data")" - wgconf="$(config "fs.etcdir")/wireguard/wg$(config "$BASHTARD_PLAYBOOK.interface_id" "0").conf" + interface="$(config "$BASHTARD_PLAYBOOK.interface" "wg0")" + wgconf="$(config "fs.etcdir")/wireguard/$interface.conf" # Create the wireguard config directory mkdir -pv "$(config "fs.etcdir")/wireguard" + info "$BASHTARD_PLAYBOOK" "Generating wireguard configuration at $wgconf" + # Write the Interface section file_template "interface" \ ip="$(config "$BASHTARD_PLAYBOOK.ip")" \ @@ -57,28 +63,40 @@ playbook_sync() { privkey="$(cat "$data/privkey")" \ > "$wgconf" - info "$BASHTARD_PLAYBOOK" "Generating wireguard configuration at $wgconf" + if [[ -f "$data/hooks/post-up" ]] + then + printf "PostUp = %s\n" "$data/hooks/post-up" >> "$wgconf" + fi + + if [[ -f "$data/hooks/pre-down" ]] + then + printf "PreDown = %s\n" "$data/hooks/pre-down" >> "$wgconf" + fi # Include peerfiles for all other machines - for path in "$data"/* + for path in "$data/peers"/* do local peer="$(basename "$path")" - [[ "$peer" == "privkey" ]] && continue + # Skip the machine itself, as it needs not peer with itself [[ "$peer" == "${BASHTARD_PLATFORM[fqdn]}" ]] && continue - # Append all peers, but prepend them with newlines so the resulting file - # looks a little nicer + # Append peerfile, but add a newline in there to make the + # resulting configuration file a little nicer printf "\n" >> "$wgconf" cat "$path" >> "$wgconf" done - # TODO: Refresh the wireguard interface - systemctl reload wg-quick@wg$(config "$BASTHARD_PLAYBOOK.interface_id" "0").service + # Refresh the wireguard interface + systemctl reload "wg-quick@$interface.service" } playbook_del() { - systemctl disable --now wg-quick@wg$(config "$BASTHARD_PLAYBOOK.interface_id" "0").service - rm -f -- "$(config "fs.etcdir")/wireguard/wg$(config "$BASHTARD_PLAYBOOK.interface_id" "0").conf" + local interface + + interface="$(config "$BASHTARD_PLAYBOOK.interface" "wg0")" + + systemctl disable --now "wg-quick@$interface.service" + rm -f -- "$(config "fs.etcdir")/wireguard/$interface.conf" pkg uninstall wireguard } -- cgit v1.1