diff --git a/templates/desktop/network/wg0.network.j2 b/templates/desktop/network/wg0.network.j2 index 1787da4..515a71a 100644 --- a/templates/desktop/network/wg0.network.j2 +++ b/templates/desktop/network/wg0.network.j2 @@ -4,7 +4,7 @@ Name={{ vpn_default.interface }} [Network] -Address={{ vpn_default.ip }}/{{ vpn_default.subnet }} +Address={{ vpn_default.ip }}/{{ vpn_default.prefix }} DNS={{ vpn_default.dns }} Domains={{ vpn_default.domains | join(' ') }} diff --git a/templates/desktop/network/wg1.network.j2 b/templates/desktop/network/wg1.network.j2 index 8e462cc..40d3650 100644 --- a/templates/desktop/network/wg1.network.j2 +++ b/templates/desktop/network/wg1.network.j2 @@ -4,7 +4,7 @@ Name={{ vpn_media.interface }} [Network] -Address={{ vpn_media.ip }}/{{ vpn_media.subnet }} +Address={{ vpn_media.ip }}/{{ vpn_media.prefix }} DNS={{ vpn_media.dns }} Domains={{ vpn_media.domains | join(' ') }} @@ -12,8 +12,8 @@ Domains={{ vpn_media.domains | join(' ') }} {% for ip in peer.allowed_ips %} {% if ip.create_route %} [Route] -Destination = {{ ip.address }} -Scope = link +Destination={{ ip.address }} +Scope=link {% endif %} {% endfor %} {% endfor %} diff --git a/templates/laptop/network/wg0.netdev.j2 b/templates/laptop/network/wg0.netdev.j2 index 6f1c0dd..ffceef7 100644 --- a/templates/laptop/network/wg0.netdev.j2 +++ b/templates/laptop/network/wg0.netdev.j2 @@ -12,7 +12,9 @@ PrivateKeyFile={{ vpn_default.private_key_path }} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} -AllowedIPs={{ peer.allowd_ips }} +{% for ip in peer.allowed_ips %} +AllowedIPs={{ ip.address }} +{% endfor %} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} {% endif %} diff --git a/templates/laptop/network/wg0.network.j2 b/templates/laptop/network/wg0.network.j2 index 9253528..515a71a 100644 --- a/templates/laptop/network/wg0.network.j2 +++ b/templates/laptop/network/wg0.network.j2 @@ -4,6 +4,16 @@ Name={{ vpn_default.interface }} [Network] -Address={{ vpn_default.ip }}/{{ vpn_default.subnet }} +Address={{ vpn_default.ip }}/{{ vpn_default.prefix }} DNS={{ vpn_default.dns }} Domains={{ vpn_default.domains | join(' ') }} + +{% for peer in vpn_default.peers %} +{% for ip in peer.allowed_ips %} +{% if ip.create_route %} +[Route] +Destination={{ ip.address }} +Scope=link +{% endif %} +{% endfor %} +{% endfor %} diff --git a/templates/laptop/network/wg1.netdev.j2 b/templates/laptop/network/wg1.netdev.j2 index 104804f..13d86df 100644 --- a/templates/laptop/network/wg1.netdev.j2 +++ b/templates/laptop/network/wg1.netdev.j2 @@ -12,7 +12,9 @@ PrivateKeyFile={{ vpn_media.private_key_path }} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} -AllowedIPs={{ peer.allowd_ips }} +{% for ip in peer.allowed_ips %} +AllowedIPs={{ ip.address }} +{% endfor %} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} {% endif %} diff --git a/templates/laptop/network/wg1.network.j2 b/templates/laptop/network/wg1.network.j2 index 9a03d7b..40d3650 100644 --- a/templates/laptop/network/wg1.network.j2 +++ b/templates/laptop/network/wg1.network.j2 @@ -4,6 +4,16 @@ Name={{ vpn_media.interface }} [Network] -Address={{ vpn_media.ip }}/{{ vpn_media.subnet }} +Address={{ vpn_media.ip }}/{{ vpn_media.prefix }} DNS={{ vpn_media.dns }} Domains={{ vpn_media.domains | join(' ') }} + +{% for peer in vpn_media.peers %} +{% for ip in peer.allowed_ips %} +{% if ip.create_route %} +[Route] +Destination={{ ip.address }} +Scope=link +{% endif %} +{% endfor %} +{% endfor %} diff --git a/vars/desktop.yml b/vars/desktop.yml index e4cca6c..6a22f27 100644 --- a/vars/desktop.yml +++ b/vars/desktop.yml @@ -21,7 +21,7 @@ boot_configuration: # TODO: scope variables to their destination file vpn_default: ip: '10.0.0.3' - subnet: '24' + prefix: '24' interface: 'wg0' dns: '10.0.0.1' domains: @@ -30,7 +30,6 @@ vpn_default: public_key_path: '{{ vpn_config_dir }}/keys/public/default/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/desktop.key' - private_key_source_path: 'files/desktop/wireguard/default/desktop.key' peers: - name: 'zeus' @@ -46,7 +45,7 @@ vpn_default: vpn_media: ip: '10.0.1.3' - subnet: '24' + prefix: '24' interface: 'wg1' dns: '10.0.1.1' domains: diff --git a/vars/laptop.yml b/vars/laptop.yml index cba4fa9..cc46761 100644 --- a/vars/laptop.yml +++ b/vars/laptop.yml @@ -24,18 +24,23 @@ mkinitcpio_templates: vpn_default: ip: '10.0.0.2' - subnet: '24' + prefix: '24' interface: 'wg0' dns: '10.0.0.1' domains: - ~vpn.fudiggity.nl + - ~transmission.fudiggity.nl public_key_path: '{{ vpn_config_dir }}/keys/public/default/laptop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/laptop.key' peers: - name: 'zeus' - allowd_ips: '10.0.0.1/32' + allowed_ips: + - address: '10.0.0.0/24' + create_route: false + - address: '172.16.238.0/24' + create_route: true endpoint: 'fudiggity.nl:51902' public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' @@ -43,7 +48,7 @@ vpn_default: vpn_media: ip: '10.0.1.2' - subnet: '24' + prefix: '24' interface: 'wg1' dns: '10.0.1.1' domains: @@ -54,7 +59,9 @@ vpn_media: peers: - name: 'zeus-media' - allowd_ips: '10.0.1.1/32' + allowed_ips: + - address: '10.0.1.0/24' + create_route: false endpoint: 'fudiggity.nl:51903' public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk'