Add radicale to vpn config & use RouteTable directive

2025-04-06 19:30:16 +02:00 · 2025-04-06 19:30:16 +02:00 · 6b2c70f5da
commit 6b2c70f5da
parent 43f662f3ff
8 changed files with 51 additions and 71 deletions
--- a/host_vars/desktop/vpn.yml
+++ b/host_vars/desktop/vpn.yml
@ -1,49 +1,47 @@
 # TODO: scope variables to their destination file
 vpn_default:
-  ip: '10.0.0.3'
+  ip: 10.0.0.3
-  prefix: '24'
+  prefix: 24
-  interface: 'wg0'
+  interface: wg0
-  dns: '10.0.0.1'
+  dns: 10.0.0.1
  domains:
-    - ~vpn.{{ server_domain }}
+    - '~vpn.{{ server_domain }}'
-    - ~transmission.{{ server_domain }}
+    - '~transmission.{{ server_domain }}'
-    - ~syncthing.{{ server_domain }}
+    - '~syncthing.{{ server_domain }}'
    - '~radicale.{{ server_domain }}'
  public_key_path: '{{ vpn_config_dir }}/keys/public/default/desktop.pub'
  private_key_path: '{{ vpn_config_dir }}/keys/private/default/desktop.key'
  peers:
-    - name: 'fudiggity'
+    - name: fudiggity
      allowed_ips:
-        - address: '10.0.0.0/24'
+        - 10.0.0.0/24
-          create_route: false
+        - 172.16.238.0/24
-        - address: '172.16.238.0/24'
+        - 172.32.238.0/24
-          create_route: true
+        - 172.64.238.0/24
        - address: '172.32.238.0/24'
          create_route: true
      endpoint: '{{ server_domain }}:51902'
-      public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo='
+      public_key: CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=
      preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk'
-      preshared_key_source_path: 'files/personal/desktop/wireguard/default/preshared.psk'
+      preshared_key_source_path: files/personal/desktop/wireguard/default/preshared.psk
 vpn_media:
-  ip: '10.0.1.3'
+  ip: 10.0.1.3
-  prefix: '24'
+  prefix: 24
-  interface: 'wg1'
+  interface: wg1
-  dns: '10.0.1.1'
+  dns: 10.0.1.1
  domains:
    - '~media-vpn.{{ server_domain }}'
  public_key_path: '{{ vpn_config_dir }}/keys/public/media/desktop.pub'
  private_key_path: '{{ vpn_config_dir }}/keys/private/media/desktop.key'
-  private_key_source_path: 'files/personal/desktop/wireguard/media/desktop.key'
+  private_key_source_path: files/personal/desktop/wireguard/media/desktop.key
  peers:
-    - name: 'zeus-media'
+    - name: zeus-media
      allowed_ips:
-        - address: '10.0.1.0/24'
+        - 10.0.1.0/24
          create_route: false
      endpoint: '{{ server_domain }}:51903'
-      public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg='
+      public_key: EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=
      preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk'
-      preshared_key_source_path: 'files/personal/desktop/wireguard/media/preshared.psk'
+      preshared_key_source_path: files/personal/desktop/wireguard/media/preshared.psk
--- a/host_vars/xps/vpn.yml
+++ b/host_vars/xps/vpn.yml
@ -1,35 +1,34 @@
 vpn_default:
-  ip: '10.0.0.2'
+  ip: 10.0.0.2
-  prefix: '24'
+  prefix: 24
-  interface: 'wg0'
+  interface: wg0
-  dns: '10.0.0.1'
+  dns: 10.0.0.1
  domains:
    - '~vpn.{{ server_domain }}'
    - '~transmission.{{ server_domain }}'
    - '~syncthing.{{ server_domain }}'
    - '~radicale.{{ server_domain }}'
  public_key_path: '{{ vpn_config_dir }}/keys/public/default/laptop.pub'
  private_key_path: '{{ vpn_config_dir }}/keys/private/default/laptop.key'
  peers:
-    - name: 'fudiggity'
+    - name: fudiggity
      allowed_ips:
-        - address: '10.0.0.0/24'
+        - 10.0.0.0/24
-          create_route: false
+        - 172.16.238.0/24
-        - address: '172.16.238.0/24'
+        - 172.32.238.0/24
-          create_route: true
+        - 172.64.238.0/24
        - address: '172.32.238.0/24'
          create_route: true
      endpoint: '{{ server_domain }}:51902'
      public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo='
      preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk'
-      preshared_key_source_path: 'files/personal/xps/wireguard/default/preshared.psk'
+      preshared_key_source_path: files/personal/xps/wireguard/default/preshared.psk
 vpn_media:
-  ip: '10.0.1.2'
+  ip: 10.0.1.2
-  prefix: '24'
+  prefix: 24
-  interface: 'wg1'
+  interface: wg1
-  dns: '10.0.1.1'
+  dns: 10.0.1.1
  domains:
    - '~media-vpn.{{ server_domain }}'
@ -37,11 +36,10 @@ vpn_media:
  private_key_path: '{{ vpn_config_dir }}/keys/private/media/laptop.key'
  peers:
-    - name: 'fudiggity-media'
+    - name: fudiggity-media
      allowed_ips:
-        - address: '10.0.1.0/24'
+        - 10.0.1.0/24
          create_route: false
      endpoint: '{{ server_domain }}:51903'
-      public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg='
+      public_key: EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=
      preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk'
-      preshared_key_source_path: 'files/personal/xps/wireguard/media/preshared.psk'
+      preshared_key_source_path: files/personal/xps/wireguard/media/preshared.psk
--- a/templates/personal/desktop/network/wg0.netdev.j2
+++ b/templates/personal/desktop/network/wg0.netdev.j2
@ -7,13 +7,14 @@ Description=WireGuard tunnel {{ vpn_default.interface }}
 [WireGuard]
 PrivateKeyFile={{ vpn_default.private_key_path }}
 RouteTable=main
 {% for peer in vpn_default.peers %}
 [WireGuardPeer]
 PublicKey={{ peer.public_key }}
 PresharedKeyFile={{ peer.preshared_key_path }}
 {% for ip in peer.allowed_ips %}
-AllowedIPs={{ ip.address }}
+AllowedIPs={{ ip }}
 {% endfor %}
 {% if peer.endpoint %}
 Endpoint={{ peer.endpoint }}
--- a/templates/personal/desktop/network/wg0.network.j2
+++ b/templates/personal/desktop/network/wg0.network.j2
@ -7,13 +7,3 @@ Name={{ vpn_default.interface }}
 Address={{ vpn_default.ip }}/{{ vpn_default.prefix }}
 DNS={{ vpn_default.dns }}
 Domains={{ vpn_default.domains | join(' ') }}
 {% for peer in vpn_default.peers %}
 {% for ip in peer.allowed_ips %}
 {% if ip.create_route %}
 [Route]
 Destination={{ ip.address }}
 Scope=link
 {% endif %}
 {% endfor %}
 {% endfor %}
--- a/templates/personal/desktop/network/wg1.netdev.j2
+++ b/templates/personal/desktop/network/wg1.netdev.j2
@ -7,13 +7,14 @@ Description=WireGuard tunnel {{ vpn_media.interface }}
 [WireGuard]
 PrivateKeyFile={{ vpn_media.private_key_path }}
 RouteTable=main
 {% for peer in vpn_media.peers %}
 [WireGuardPeer]
 PublicKey={{ peer.public_key }}
 PresharedKeyFile={{ peer.preshared_key_path }}
 {% for ip in peer.allowed_ips %}
-AllowedIPs={{ ip.address }}
+AllowedIPs={{ ip }}
 {% endfor %}
 {% if peer.endpoint %}
 Endpoint={{ peer.endpoint }}
--- a/templates/personal/xps/network/wg0.netdev.j2
+++ b/templates/personal/xps/network/wg0.netdev.j2
@ -7,13 +7,14 @@ Description=WireGuard tunnel {{ vpn_default.interface }}
 [WireGuard]
 PrivateKeyFile={{ vpn_default.private_key_path }}
 RouteTable=main
 {% for peer in vpn_default.peers %}
 [WireGuardPeer]
 PublicKey={{ peer.public_key }}
 PresharedKeyFile={{ peer.preshared_key_path }}
 {% for ip in peer.allowed_ips %}
-AllowedIPs={{ ip.address }}
+AllowedIPs={{ ip }}
 {% endfor %}
 {% if peer.endpoint %}
 Endpoint={{ peer.endpoint }}
--- a/templates/personal/xps/network/wg0.network.j2
+++ b/templates/personal/xps/network/wg0.network.j2
@ -7,13 +7,3 @@ Name={{ vpn_default.interface }}
 Address={{ vpn_default.ip }}/{{ vpn_default.prefix }}
 DNS={{ vpn_default.dns }}
 Domains={{ vpn_default.domains | join(' ') }}
 {% for peer in vpn_default.peers %}
 {% for ip in peer.allowed_ips %}
 {% if ip.create_route %}
 [Route]
 Destination={{ ip.address }}
 Scope=link
 {% endif %}
 {% endfor %}
 {% endfor %}
--- a/templates/personal/xps/network/wg1.netdev.j2
+++ b/templates/personal/xps/network/wg1.netdev.j2
@ -7,13 +7,14 @@ Description=WireGuard tunnel {{ vpn_media.interface }}
 [WireGuard]
 PrivateKeyFile={{ vpn_media.private_key_path }}
 RouteTable=main
 {% for peer in vpn_media.peers %}
 [WireGuardPeer]
 PublicKey={{ peer.public_key }}
 PresharedKeyFile={{ peer.preshared_key_path }}
 {% for ip in peer.allowed_ips %}
-AllowedIPs={{ ip.address }}
+AllowedIPs={{ ip }}
 {% endfor %}
 {% if peer.endpoint %}
 Endpoint={{ peer.endpoint }}