From 76ec6dd2c3a56fac5f09943a9f7af9f4e2d17682 Mon Sep 17 00:00:00 2001 From: Patrick Spek Date: Fri, 5 Jan 2024 12:10:17 +0100 Subject: Update vpn-wireguard playbook --- playbooks.d/vpn-wireguard/playbook.bash | 46 +++++++++++++++++++++++---------- 1 file changed, 32 insertions(+), 14 deletions(-) (limited to 'playbooks.d') diff --git a/playbooks.d/vpn-wireguard/playbook.bash b/playbooks.d/vpn-wireguard/playbook.bash index c3f93cd..e54eff4 100644 --- a/playbooks.d/vpn-wireguard/playbook.bash +++ b/playbooks.d/vpn-wireguard/playbook.bash @@ -6,8 +6,10 @@ BASHTARD_PLAYBOOK_VARS[$BASHTARD_PLAYBOOK.ip]="required" playbook_add() { local data + local interface data="$(playbook_path "data")" + interface="$(config "$BASHTARD_PLAYBOOK.interface" "wg0")" pkg install wireguard @@ -15,7 +17,7 @@ playbook_add() { # the private key is not included if [[ ! -d "$data" ]] then - mkdir -pv -- "$data" + mkdir -pv -- "$data" "$data/hooks" "$data/peers" cat <<-EOF >> "$data/.gitignore" privkey EOF @@ -30,26 +32,30 @@ playbook_add() { ip="$(config "$BASHTARD_PLAYBOOK.ip")" \ port="$(config "$BASHTARD_PLAYBOOK.port" "51820")" \ pubkey="$(wg pubkey < "$data/privkey")" \ - > "$data/${BASHTARD_PLATFORM[fqdn]}" + > "$data/peers/${BASHTARD_PLATFORM[fqdn]}" # Run the sync stage to make sure all the configuration files are written as # desired playbook_sync - # TODO: Enable the wireguard interface - systemctl enable --now wg-quick@wg$(config "$BASTHARD_PLAYBOOK.interface_id" "0").service + # Enable the wireguard interface + systemctl enable --now "wg-quick@$interface.service" } playbook_sync() { local data local wgconf + local interface data="$(playbook_path "data")" - wgconf="$(config "fs.etcdir")/wireguard/wg$(config "$BASHTARD_PLAYBOOK.interface_id" "0").conf" + interface="$(config "$BASHTARD_PLAYBOOK.interface" "wg0")" + wgconf="$(config "fs.etcdir")/wireguard/$interface.conf" # Create the wireguard config directory mkdir -pv "$(config "fs.etcdir")/wireguard" + info "$BASHTARD_PLAYBOOK" "Generating wireguard configuration at $wgconf" + # Write the Interface section file_template "interface" \ ip="$(config "$BASHTARD_PLAYBOOK.ip")" \ @@ -57,28 +63,40 @@ playbook_sync() { privkey="$(cat "$data/privkey")" \ > "$wgconf" - info "$BASHTARD_PLAYBOOK" "Generating wireguard configuration at $wgconf" + if [[ -f "$data/hooks/post-up" ]] + then + printf "PostUp = %s\n" "$data/hooks/post-up" >> "$wgconf" + fi + + if [[ -f "$data/hooks/pre-down" ]] + then + printf "PreDown = %s\n" "$data/hooks/pre-down" >> "$wgconf" + fi # Include peerfiles for all other machines - for path in "$data"/* + for path in "$data/peers"/* do local peer="$(basename "$path")" - [[ "$peer" == "privkey" ]] && continue + # Skip the machine itself, as it needs not peer with itself [[ "$peer" == "${BASHTARD_PLATFORM[fqdn]}" ]] && continue - # Append all peers, but prepend them with newlines so the resulting file - # looks a little nicer + # Append peerfile, but add a newline in there to make the + # resulting configuration file a little nicer printf "\n" >> "$wgconf" cat "$path" >> "$wgconf" done - # TODO: Refresh the wireguard interface - systemctl reload wg-quick@wg$(config "$BASTHARD_PLAYBOOK.interface_id" "0").service + # Refresh the wireguard interface + systemctl reload "wg-quick@$interface.service" } playbook_del() { - systemctl disable --now wg-quick@wg$(config "$BASTHARD_PLAYBOOK.interface_id" "0").service - rm -f -- "$(config "fs.etcdir")/wireguard/wg$(config "$BASHTARD_PLAYBOOK.interface_id" "0").conf" + local interface + + interface="$(config "$BASHTARD_PLAYBOOK.interface" "wg0")" + + systemctl disable --now "wg-quick@$interface.service" + rm -f -- "$(config "fs.etcdir")/wireguard/$interface.conf" pkg uninstall wireguard } -- cgit v1.1