Add radicale to vpn config & use RouteTable directive

2025-04-06 19:30:16 +02:00 · 2025-04-06 19:30:16 +02:00 · 6b2c70f5da
commit 6b2c70f5da
parent 43f662f3ff
8 changed files with 51 additions and 71 deletions
--- a/host_vars/desktop/vpn.yml
+++ b/host_vars/desktop/vpn.yml
@ -1,49 +1,47 @@
 # TODO: scope variables to their destination file
 vpn_default:
-  ip: '10.0.0.3'
-  prefix: '24'
-  interface: 'wg0'
-  dns: '10.0.0.1'
+  ip: 10.0.0.3
+  prefix: 24
+  interface: wg0
+  dns: 10.0.0.1
  domains:
-    - ~vpn.{{ server_domain }}
-    - ~transmission.{{ server_domain }}
-    - ~syncthing.{{ server_domain }}
+    - '~vpn.{{ server_domain }}'
+    - '~transmission.{{ server_domain }}'
+    - '~syncthing.{{ server_domain }}'
+    - '~radicale.{{ server_domain }}'

  public_key_path: '{{ vpn_config_dir }}/keys/public/default/desktop.pub'
  private_key_path: '{{ vpn_config_dir }}/keys/private/default/desktop.key'

  peers:
-    - name: 'fudiggity'
+    - name: fudiggity
      allowed_ips:
-        - address: '10.0.0.0/24'
-          create_route: false
-        - address: '172.16.238.0/24'
-          create_route: true
-        - address: '172.32.238.0/24'
-          create_route: true
+        - 10.0.0.0/24
+        - 172.16.238.0/24
+        - 172.32.238.0/24
+        - 172.64.238.0/24
      endpoint: '{{ server_domain }}:51902'
-      public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo='
+      public_key: CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=
      preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk'
-      preshared_key_source_path: 'files/personal/desktop/wireguard/default/preshared.psk'
+      preshared_key_source_path: files/personal/desktop/wireguard/default/preshared.psk

 vpn_media:
-  ip: '10.0.1.3'
-  prefix: '24'
-  interface: 'wg1'
-  dns: '10.0.1.1'
+  ip: 10.0.1.3
+  prefix: 24
+  interface: wg1
+  dns: 10.0.1.1
  domains:
    - '~media-vpn.{{ server_domain }}'

  public_key_path: '{{ vpn_config_dir }}/keys/public/media/desktop.pub'
  private_key_path: '{{ vpn_config_dir }}/keys/private/media/desktop.key'
-  private_key_source_path: 'files/personal/desktop/wireguard/media/desktop.key'
+  private_key_source_path: files/personal/desktop/wireguard/media/desktop.key

  peers:
-    - name: 'zeus-media'
+    - name: zeus-media
      allowed_ips:
-        - address: '10.0.1.0/24'
-          create_route: false
+        - 10.0.1.0/24
      endpoint: '{{ server_domain }}:51903'
-      public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg='
+      public_key: EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=
      preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk'
-      preshared_key_source_path: 'files/personal/desktop/wireguard/media/preshared.psk'
+      preshared_key_source_path: files/personal/desktop/wireguard/media/preshared.psk
--- a/host_vars/xps/vpn.yml
+++ b/host_vars/xps/vpn.yml
@ -1,35 +1,34 @@
 vpn_default:
-  ip: '10.0.0.2'
-  prefix: '24'
-  interface: 'wg0'
-  dns: '10.0.0.1'
+  ip: 10.0.0.2
+  prefix: 24
+  interface: wg0
+  dns: 10.0.0.1
  domains:
    - '~vpn.{{ server_domain }}'
    - '~transmission.{{ server_domain }}'
    - '~syncthing.{{ server_domain }}'
+    - '~radicale.{{ server_domain }}'

  public_key_path: '{{ vpn_config_dir }}/keys/public/default/laptop.pub'
  private_key_path: '{{ vpn_config_dir }}/keys/private/default/laptop.key'

  peers:
-    - name: 'fudiggity'
+    - name: fudiggity
      allowed_ips:
-        - address: '10.0.0.0/24'
-          create_route: false
-        - address: '172.16.238.0/24'
-          create_route: true
-        - address: '172.32.238.0/24'
-          create_route: true
+        - 10.0.0.0/24
+        - 172.16.238.0/24
+        - 172.32.238.0/24
+        - 172.64.238.0/24
      endpoint: '{{ server_domain }}:51902'
      public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo='
      preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk'
-      preshared_key_source_path: 'files/personal/xps/wireguard/default/preshared.psk'
+      preshared_key_source_path: files/personal/xps/wireguard/default/preshared.psk

 vpn_media:
-  ip: '10.0.1.2'
-  prefix: '24'
-  interface: 'wg1'
-  dns: '10.0.1.1'
+  ip: 10.0.1.2
+  prefix: 24
+  interface: wg1
+  dns: 10.0.1.1
  domains:
    - '~media-vpn.{{ server_domain }}'

@ -37,11 +36,10 @@ vpn_media:
  private_key_path: '{{ vpn_config_dir }}/keys/private/media/laptop.key'

  peers:
-    - name: 'fudiggity-media'
+    - name: fudiggity-media
      allowed_ips:
-        - address: '10.0.1.0/24'
-          create_route: false
+        - 10.0.1.0/24
      endpoint: '{{ server_domain }}:51903'
-      public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg='
+      public_key: EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=
      preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk'
-      preshared_key_source_path: 'files/personal/xps/wireguard/media/preshared.psk'
+      preshared_key_source_path: files/personal/xps/wireguard/media/preshared.psk