diff --git a/host_vars/desktop/vpn.yml b/host_vars/desktop/vpn.yml index 887ccdf..ffcd439 100644 --- a/host_vars/desktop/vpn.yml +++ b/host_vars/desktop/vpn.yml @@ -1,49 +1,47 @@ # TODO: scope variables to their destination file vpn_default: - ip: '10.0.0.3' - prefix: '24' - interface: 'wg0' - dns: '10.0.0.1' + ip: 10.0.0.3 + prefix: 24 + interface: wg0 + dns: 10.0.0.1 domains: - - ~vpn.{{ server_domain }} - - ~transmission.{{ server_domain }} - - ~syncthing.{{ server_domain }} + - '~vpn.{{ server_domain }}' + - '~transmission.{{ server_domain }}' + - '~syncthing.{{ server_domain }}' + - '~radicale.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/default/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/desktop.key' peers: - - name: 'fudiggity' + - name: fudiggity allowed_ips: - - address: '10.0.0.0/24' - create_route: false - - address: '172.16.238.0/24' - create_route: true - - address: '172.32.238.0/24' - create_route: true + - 10.0.0.0/24 + - 172.16.238.0/24 + - 172.32.238.0/24 + - 172.64.238.0/24 endpoint: '{{ server_domain }}:51902' - public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' + public_key: CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo= preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' - preshared_key_source_path: 'files/personal/desktop/wireguard/default/preshared.psk' + preshared_key_source_path: files/personal/desktop/wireguard/default/preshared.psk vpn_media: - ip: '10.0.1.3' - prefix: '24' - interface: 'wg1' - dns: '10.0.1.1' + ip: 10.0.1.3 + prefix: 24 + interface: wg1 + dns: 10.0.1.1 domains: - '~media-vpn.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/media/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/media/desktop.key' - private_key_source_path: 'files/personal/desktop/wireguard/media/desktop.key' + private_key_source_path: files/personal/desktop/wireguard/media/desktop.key peers: - - name: 'zeus-media' + - name: zeus-media allowed_ips: - - address: '10.0.1.0/24' - create_route: false + - 10.0.1.0/24 endpoint: '{{ server_domain }}:51903' - public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=' + public_key: EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg= preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk' - preshared_key_source_path: 'files/personal/desktop/wireguard/media/preshared.psk' + preshared_key_source_path: files/personal/desktop/wireguard/media/preshared.psk diff --git a/host_vars/xps/vpn.yml b/host_vars/xps/vpn.yml index 1a2eab2..5d4c0ac 100644 --- a/host_vars/xps/vpn.yml +++ b/host_vars/xps/vpn.yml @@ -1,35 +1,34 @@ vpn_default: - ip: '10.0.0.2' - prefix: '24' - interface: 'wg0' - dns: '10.0.0.1' + ip: 10.0.0.2 + prefix: 24 + interface: wg0 + dns: 10.0.0.1 domains: - '~vpn.{{ server_domain }}' - '~transmission.{{ server_domain }}' - '~syncthing.{{ server_domain }}' + - '~radicale.{{ server_domain }}' public_key_path: '{{ vpn_config_dir }}/keys/public/default/laptop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/laptop.key' peers: - - name: 'fudiggity' + - name: fudiggity allowed_ips: - - address: '10.0.0.0/24' - create_route: false - - address: '172.16.238.0/24' - create_route: true - - address: '172.32.238.0/24' - create_route: true + - 10.0.0.0/24 + - 172.16.238.0/24 + - 172.32.238.0/24 + - 172.64.238.0/24 endpoint: '{{ server_domain }}:51902' public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' - preshared_key_source_path: 'files/personal/xps/wireguard/default/preshared.psk' + preshared_key_source_path: files/personal/xps/wireguard/default/preshared.psk vpn_media: - ip: '10.0.1.2' - prefix: '24' - interface: 'wg1' - dns: '10.0.1.1' + ip: 10.0.1.2 + prefix: 24 + interface: wg1 + dns: 10.0.1.1 domains: - '~media-vpn.{{ server_domain }}' @@ -37,11 +36,10 @@ vpn_media: private_key_path: '{{ vpn_config_dir }}/keys/private/media/laptop.key' peers: - - name: 'fudiggity-media' + - name: fudiggity-media allowed_ips: - - address: '10.0.1.0/24' - create_route: false + - 10.0.1.0/24 endpoint: '{{ server_domain }}:51903' - public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=' + public_key: EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg= preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk' - preshared_key_source_path: 'files/personal/xps/wireguard/media/preshared.psk' + preshared_key_source_path: files/personal/xps/wireguard/media/preshared.psk diff --git a/templates/personal/desktop/network/wg0.netdev.j2 b/templates/personal/desktop/network/wg0.netdev.j2 index ffceef7..db08b4e 100644 --- a/templates/personal/desktop/network/wg0.netdev.j2 +++ b/templates/personal/desktop/network/wg0.netdev.j2 @@ -7,13 +7,14 @@ Description=WireGuard tunnel {{ vpn_default.interface }} [WireGuard] PrivateKeyFile={{ vpn_default.private_key_path }} +RouteTable=main {% for peer in vpn_default.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} {% for ip in peer.allowed_ips %} -AllowedIPs={{ ip.address }} +AllowedIPs={{ ip }} {% endfor %} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} diff --git a/templates/personal/desktop/network/wg0.network.j2 b/templates/personal/desktop/network/wg0.network.j2 index 515a71a..36beed3 100644 --- a/templates/personal/desktop/network/wg0.network.j2 +++ b/templates/personal/desktop/network/wg0.network.j2 @@ -7,13 +7,3 @@ Name={{ vpn_default.interface }} Address={{ vpn_default.ip }}/{{ vpn_default.prefix }} DNS={{ vpn_default.dns }} Domains={{ vpn_default.domains | join(' ') }} - -{% for peer in vpn_default.peers %} -{% for ip in peer.allowed_ips %} -{% if ip.create_route %} -[Route] -Destination={{ ip.address }} -Scope=link -{% endif %} -{% endfor %} -{% endfor %} diff --git a/templates/personal/desktop/network/wg1.netdev.j2 b/templates/personal/desktop/network/wg1.netdev.j2 index 13d86df..5fbc9f9 100644 --- a/templates/personal/desktop/network/wg1.netdev.j2 +++ b/templates/personal/desktop/network/wg1.netdev.j2 @@ -7,13 +7,14 @@ Description=WireGuard tunnel {{ vpn_media.interface }} [WireGuard] PrivateKeyFile={{ vpn_media.private_key_path }} +RouteTable=main {% for peer in vpn_media.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} {% for ip in peer.allowed_ips %} -AllowedIPs={{ ip.address }} +AllowedIPs={{ ip }} {% endfor %} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} diff --git a/templates/personal/xps/network/wg0.netdev.j2 b/templates/personal/xps/network/wg0.netdev.j2 index ffceef7..db08b4e 100644 --- a/templates/personal/xps/network/wg0.netdev.j2 +++ b/templates/personal/xps/network/wg0.netdev.j2 @@ -7,13 +7,14 @@ Description=WireGuard tunnel {{ vpn_default.interface }} [WireGuard] PrivateKeyFile={{ vpn_default.private_key_path }} +RouteTable=main {% for peer in vpn_default.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} {% for ip in peer.allowed_ips %} -AllowedIPs={{ ip.address }} +AllowedIPs={{ ip }} {% endfor %} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} diff --git a/templates/personal/xps/network/wg0.network.j2 b/templates/personal/xps/network/wg0.network.j2 index 515a71a..36beed3 100644 --- a/templates/personal/xps/network/wg0.network.j2 +++ b/templates/personal/xps/network/wg0.network.j2 @@ -7,13 +7,3 @@ Name={{ vpn_default.interface }} Address={{ vpn_default.ip }}/{{ vpn_default.prefix }} DNS={{ vpn_default.dns }} Domains={{ vpn_default.domains | join(' ') }} - -{% for peer in vpn_default.peers %} -{% for ip in peer.allowed_ips %} -{% if ip.create_route %} -[Route] -Destination={{ ip.address }} -Scope=link -{% endif %} -{% endfor %} -{% endfor %} diff --git a/templates/personal/xps/network/wg1.netdev.j2 b/templates/personal/xps/network/wg1.netdev.j2 index 13d86df..5fbc9f9 100644 --- a/templates/personal/xps/network/wg1.netdev.j2 +++ b/templates/personal/xps/network/wg1.netdev.j2 @@ -7,13 +7,14 @@ Description=WireGuard tunnel {{ vpn_media.interface }} [WireGuard] PrivateKeyFile={{ vpn_media.private_key_path }} +RouteTable=main {% for peer in vpn_media.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} {% for ip in peer.allowed_ips %} -AllowedIPs={{ ip.address }} +AllowedIPs={{ ip }} {% endfor %} {% if peer.endpoint %} Endpoint={{ peer.endpoint }}