Apply changes from 8920ba56f3 to laptop configuration

2025-03-09 21:15:27 +01:00 · 2025-03-09 21:15:27 +01:00 · 1231d2bbae
commit 1231d2bbae
parent e72f7533eb
8 changed files with 45 additions and 15 deletions
--- a/templates/desktop/network/wg0.network.j2
+++ b/templates/desktop/network/wg0.network.j2
@ -4,7 +4,7 @@
 Name={{ vpn_default.interface }}

 [Network]
-Address={{ vpn_default.ip }}/{{ vpn_default.subnet }}
+Address={{ vpn_default.ip }}/{{ vpn_default.prefix }}
 DNS={{ vpn_default.dns }}
 Domains={{ vpn_default.domains | join(' ') }}

--- a/templates/desktop/network/wg1.network.j2
+++ b/templates/desktop/network/wg1.network.j2
@ -4,7 +4,7 @@
 Name={{ vpn_media.interface }}

 [Network]
-Address={{ vpn_media.ip }}/{{ vpn_media.subnet }}
+Address={{ vpn_media.ip }}/{{ vpn_media.prefix }}
 DNS={{ vpn_media.dns }}
 Domains={{ vpn_media.domains | join(' ') }}

--- a/templates/laptop/network/wg0.netdev.j2
+++ b/templates/laptop/network/wg0.netdev.j2
@ -12,7 +12,9 @@ PrivateKeyFile={{ vpn_default.private_key_path }}
 [WireGuardPeer]
 PublicKey={{ peer.public_key }}
 PresharedKeyFile={{ peer.preshared_key_path }}
-AllowedIPs={{ peer.allowd_ips }}
+{% for ip in peer.allowed_ips %}
+AllowedIPs={{ ip.address }}
+{% endfor %}
 {% if peer.endpoint %}
 Endpoint={{ peer.endpoint }}
 {% endif %}
--- a/templates/laptop/network/wg0.network.j2
+++ b/templates/laptop/network/wg0.network.j2
@ -4,6 +4,16 @@
 Name={{ vpn_default.interface }}

 [Network]
-Address={{ vpn_default.ip }}/{{ vpn_default.subnet }}
+Address={{ vpn_default.ip }}/{{ vpn_default.prefix }}
 DNS={{ vpn_default.dns }}
 Domains={{ vpn_default.domains | join(' ') }}
+
+{% for peer in vpn_default.peers %}
+{% for ip in peer.allowed_ips %}
+{% if ip.create_route %}
+[Route]
+Destination={{ ip.address }}
+Scope=link
+{% endif %}
+{% endfor %}
+{% endfor %}
--- a/templates/laptop/network/wg1.netdev.j2
+++ b/templates/laptop/network/wg1.netdev.j2
@ -12,7 +12,9 @@ PrivateKeyFile={{ vpn_media.private_key_path }}
 [WireGuardPeer]
 PublicKey={{ peer.public_key }}
 PresharedKeyFile={{ peer.preshared_key_path }}
-AllowedIPs={{ peer.allowd_ips }}
+{% for ip in peer.allowed_ips %}
+AllowedIPs={{ ip.address }}
+{% endfor %}
 {% if peer.endpoint %}
 Endpoint={{ peer.endpoint }}
 {% endif %}
--- a/templates/laptop/network/wg1.network.j2
+++ b/templates/laptop/network/wg1.network.j2
@ -4,6 +4,16 @@
 Name={{ vpn_media.interface }}

 [Network]
-Address={{ vpn_media.ip }}/{{ vpn_media.subnet }}
+Address={{ vpn_media.ip }}/{{ vpn_media.prefix }}
 DNS={{ vpn_media.dns }}
 Domains={{ vpn_media.domains | join(' ') }}
+
+{% for peer in vpn_media.peers %}
+{% for ip in peer.allowed_ips %}
+{% if ip.create_route %}
+[Route]
+Destination={{ ip.address }}
+Scope=link
+{% endif %}
+{% endfor %}
+{% endfor %}
--- a/vars/desktop.yml
+++ b/vars/desktop.yml
@ -21,7 +21,7 @@ boot_configuration:
 # TODO: scope variables to their destination file
 vpn_default:
  ip: '10.0.0.3'
-  subnet: '24'
+  prefix: '24'
  interface: 'wg0'
  dns: '10.0.0.1'
  domains:
@ -30,7 +30,6 @@ vpn_default:

  public_key_path: '{{ vpn_config_dir }}/keys/public/default/desktop.pub'
  private_key_path: '{{ vpn_config_dir }}/keys/private/default/desktop.key'
-  private_key_source_path: 'files/desktop/wireguard/default/desktop.key'

  peers:
    - name: 'zeus'
@ -46,7 +45,7 @@ vpn_default:

 vpn_media:
  ip: '10.0.1.3'
-  subnet: '24'
+  prefix: '24'
  interface: 'wg1'
  dns: '10.0.1.1'
  domains:
--- a/vars/laptop.yml
+++ b/vars/laptop.yml
@ -24,18 +24,23 @@ mkinitcpio_templates:

 vpn_default:
  ip: '10.0.0.2'
-  subnet: '24'
+  prefix: '24'
  interface: 'wg0'
  dns: '10.0.0.1'
  domains:
    - ~vpn.fudiggity.nl
+    - ~transmission.fudiggity.nl

  public_key_path: '{{ vpn_config_dir }}/keys/public/default/laptop.pub'
  private_key_path: '{{ vpn_config_dir }}/keys/private/default/laptop.key'

  peers:
    - name: 'zeus'
-      allowd_ips: '10.0.0.1/32'
+      allowed_ips:
+        - address: '10.0.0.0/24'
+          create_route: false
+        - address: '172.16.238.0/24'
+          create_route: true
      endpoint: 'fudiggity.nl:51902'
      public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo='
      preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk'
@ -43,7 +48,7 @@ vpn_default:

 vpn_media:
  ip: '10.0.1.2'
-  subnet: '24'
+  prefix: '24'
  interface: 'wg1'
  dns: '10.0.1.1'
  domains:
@ -54,7 +59,9 @@ vpn_media:

  peers:
    - name: 'zeus-media'
-      allowd_ips: '10.0.1.1/32'
+      allowed_ips:
+        - address: '10.0.1.0/24'
+          create_route: false
      endpoint: 'fudiggity.nl:51903'
      public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg='
      preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk'