From 7c4dd0d3c2e1a483978577445ffad14e548ab769 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 3 Aug 2024 21:03:07 +0200 Subject: [PATCH] Add media vpn setup --- .../wireguard/{ => default}/desktop.key | 0 .../wireguard/{ => default}/desktop.pub | 0 .../wireguard/{ => default}/preshared.psk | 0 files/desktop/wireguard/media/desktop.key | 7 ++ files/desktop/wireguard/media/desktop.pub | 1 + files/desktop/wireguard/media/preshared.psk | 7 ++ .../laptop/wireguard/{ => default}/laptop.key | 0 .../laptop/wireguard/{ => default}/laptop.pub | 0 .../wireguard/{ => default}/preshared.psk | 0 files/laptop/wireguard/media/laptop.key | 7 ++ files/laptop/wireguard/media/laptop.pub | 1 + files/laptop/wireguard/media/preshared.psk | 7 ++ playbook.yml | 1 - tasks/network.yml | 41 ++++++++-- templates/desktop/network/wg0.netdev.j2 | 10 ++- templates/desktop/network/wg0.network.j2 | 6 +- templates/desktop/network/wg1.netdev.j2 | 24 ++++++ templates/desktop/network/wg1.network.j2 | 7 ++ templates/laptop/network/wg0.netdev.j2 | 10 ++- templates/laptop/network/wg0.network.j2 | 6 +- templates/laptop/network/wg1.netdev.j2 | 24 ++++++ templates/laptop/network/wg1.network.j2 | 7 ++ vars/desktop.yml | 81 ++++++++++++++----- vars/laptop.yml | 74 ++++++++++++----- vars/vpn.yml | 2 - 25 files changed, 257 insertions(+), 66 deletions(-) rename files/desktop/wireguard/{ => default}/desktop.key (100%) rename files/desktop/wireguard/{ => default}/desktop.pub (100%) rename files/desktop/wireguard/{ => default}/preshared.psk (100%) create mode 100644 files/desktop/wireguard/media/desktop.key create mode 100644 files/desktop/wireguard/media/desktop.pub create mode 100644 files/desktop/wireguard/media/preshared.psk rename files/laptop/wireguard/{ => default}/laptop.key (100%) rename files/laptop/wireguard/{ => default}/laptop.pub (100%) rename files/laptop/wireguard/{ => default}/preshared.psk (100%) create mode 100644 files/laptop/wireguard/media/laptop.key create mode 100644 files/laptop/wireguard/media/laptop.pub create mode 100644 files/laptop/wireguard/media/preshared.psk create mode 100644 templates/desktop/network/wg1.netdev.j2 create mode 100644 templates/desktop/network/wg1.network.j2 create mode 100644 templates/laptop/network/wg1.netdev.j2 create mode 100644 templates/laptop/network/wg1.network.j2 delete mode 100644 vars/vpn.yml diff --git a/files/desktop/wireguard/desktop.key b/files/desktop/wireguard/default/desktop.key similarity index 100% rename from files/desktop/wireguard/desktop.key rename to files/desktop/wireguard/default/desktop.key diff --git a/files/desktop/wireguard/desktop.pub b/files/desktop/wireguard/default/desktop.pub similarity index 100% rename from files/desktop/wireguard/desktop.pub rename to files/desktop/wireguard/default/desktop.pub diff --git a/files/desktop/wireguard/preshared.psk b/files/desktop/wireguard/default/preshared.psk similarity index 100% rename from files/desktop/wireguard/preshared.psk rename to files/desktop/wireguard/default/preshared.psk diff --git a/files/desktop/wireguard/media/desktop.key b/files/desktop/wireguard/media/desktop.key new file mode 100644 index 0000000..8782234 --- /dev/null +++ b/files/desktop/wireguard/media/desktop.key @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +62383364643761623739623632633261343735343465336235386336333234656631363432623535 +6562623634363937356137616131396264633161363461340a343432363362346664646161656563 +35623334326238326135646261666330666531633831656564396139666261623937626338386632 +3233333039623039640a383931633539363238326164643365316236326435643537303866373835 +66393465663364303134376566623736636664353031336537663036636462613766343739336331 +6438643538326533313433616438386165626537373162393430 diff --git a/files/desktop/wireguard/media/desktop.pub b/files/desktop/wireguard/media/desktop.pub new file mode 100644 index 0000000..640bf96 --- /dev/null +++ b/files/desktop/wireguard/media/desktop.pub @@ -0,0 +1 @@ +YDH5lZcxUHM4AU2ZxQrFqjDIV2Z7PSUQKMcYXLExV0E= diff --git a/files/desktop/wireguard/media/preshared.psk b/files/desktop/wireguard/media/preshared.psk new file mode 100644 index 0000000..8e41aac --- /dev/null +++ b/files/desktop/wireguard/media/preshared.psk @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +34303432393930626266313563613636343439623631633163656532363631313039386231623936 +3336636666626237316532346230303961323263613161320a383436636634376162353863386161 +36663064366461333335613633316630633335666335613464333863656536623230383262623733 +3065363835666231630a616362333233643637613762313437626366363365313831363661313336 +66373966656534646462653833343935623466613662333932666666366430663061366261396330 +3064636536643933613738356461313135363033633366396130 diff --git a/files/laptop/wireguard/laptop.key b/files/laptop/wireguard/default/laptop.key similarity index 100% rename from files/laptop/wireguard/laptop.key rename to files/laptop/wireguard/default/laptop.key diff --git a/files/laptop/wireguard/laptop.pub b/files/laptop/wireguard/default/laptop.pub similarity index 100% rename from files/laptop/wireguard/laptop.pub rename to files/laptop/wireguard/default/laptop.pub diff --git a/files/laptop/wireguard/preshared.psk b/files/laptop/wireguard/default/preshared.psk similarity index 100% rename from files/laptop/wireguard/preshared.psk rename to files/laptop/wireguard/default/preshared.psk diff --git a/files/laptop/wireguard/media/laptop.key b/files/laptop/wireguard/media/laptop.key new file mode 100644 index 0000000..939f255 --- /dev/null +++ b/files/laptop/wireguard/media/laptop.key @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +64663539393065396333623165623833636539633932306437363365656532343565643866616532 +6562373233633237623761376234336331373637393431380a386261306438393837633037383464 +64623965376138313665393239346138383230383565626264393635303835396537663865313237 +6431313635333030390a646466303961663932353830366235643762393039396531316465333837 +61613264356263616332633334386532303761353536663033373639626634396164623335626566 +3632373266313435646338343738656663356635623138623939 diff --git a/files/laptop/wireguard/media/laptop.pub b/files/laptop/wireguard/media/laptop.pub new file mode 100644 index 0000000..aec0b05 --- /dev/null +++ b/files/laptop/wireguard/media/laptop.pub @@ -0,0 +1 @@ +hI4rqlv2afs4RJkt5xR+dYxQODSd6lR0OqWJRlnQdjM= diff --git a/files/laptop/wireguard/media/preshared.psk b/files/laptop/wireguard/media/preshared.psk new file mode 100644 index 0000000..ca1d895 --- /dev/null +++ b/files/laptop/wireguard/media/preshared.psk @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +63643763346434313734663761386539393032613366626230373862643431613963633664353264 +6466616235653963643861643439633537656439363735330a366439356537386662353431643163 +33363830646433336366353363623835373639383663633837313030393162643931353331633133 +6534363438303261320a333364313534336465616336386337383935353631646361623866326232 +64373139636633393236303335396138326638333635663839663734346463303739646431353437 +3838653361383663633632363862306565643531353066623336 diff --git a/playbook.yml b/playbook.yml index 4c280b9..58b39da 100644 --- a/playbook.yml +++ b/playbook.yml @@ -28,5 +28,4 @@ vars_files: - 'vars/main.yml' - 'vars/gpg.yml' - - 'vars/vpn.yml' - 'vars/mpd.yml' diff --git a/tasks/network.yml b/tasks/network.yml index 9cda432..c03e12e 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -12,8 +12,10 @@ mode: '0644' state: directory loop: - - '{{ vpn_private_key_path }}' - - '{{ vpn_public_key_path }}' + - '{{ vpn_default.private_key_path }}' + - '{{ vpn_default.public_key_path }}' + - '{{ vpn_media.private_key_path }}' + - '{{ vpn_media.public_key_path }}' - name: copy wireguard credentials become: true @@ -25,12 +27,20 @@ mode: '0640' loop: - { - dest: '{{ vpn_public_key_path }}', - src: 'files/{{ platform }}/wireguard/{{ platform }}.pub', + dest: '{{ vpn_default.public_key_path }}', + src: 'files/{{ platform }}/wireguard/default/{{ platform }}.pub', } - { - dest: '{{ vpn_private_key_path }}', - src: 'files/{{ platform }}/wireguard/{{ platform }}.key', + dest: '{{ vpn_default.private_key_path }}', + src: 'files/{{ platform }}/wireguard/default/{{ platform }}.key', + } + - { + dest: '{{ vpn_media.public_key_path }}', + src: 'files/{{ platform }}/wireguard/media/{{ platform }}.pub', + } + - { + dest: '{{ vpn_media.private_key_path }}', + src: 'files/{{ platform }}/wireguard/media/{{ platform }}.key', } - name: copy wireguard preshared keys @@ -41,7 +51,7 @@ owner: root group: systemd-network mode: '0640' - loop: '{{ vpn_peers }}' + loop: '{{ vpn_default.peers + vpn_media.peers }}' - block: - name: setup desktop network configuration @@ -65,6 +75,15 @@ src: 'templates/desktop/network/wg0.netdev.j2', dest: '/etc/systemd/network/40-wg0.netdev', } + - { + src: 'templates/desktop/network/wg1.network.j2', + dest: '/etc/systemd/network/40-wg1.network', + } + - { + src: 'templates/desktop/network/wg1.netdev.j2', + dest: '/etc/systemd/network/40-wg1.netdev', + } + - name: remove leftover configuration files become: true file: @@ -101,6 +120,14 @@ src: 'templates/laptop/network/wg0.netdev.j2', dest: '/etc/systemd/network/40-wg0.netdev', } + - { + src: 'templates/laptop/network/wg1.network.j2', + dest: '/etc/systemd/network/40-wg1.network', + } + - { + src: 'templates/laptop/network/wg1.netdev.j2', + dest: '/etc/systemd/network/40-wg1.netdev', + } - name: remove leftover configuration files become: true diff --git a/templates/desktop/network/wg0.netdev.j2 b/templates/desktop/network/wg0.netdev.j2 index 2397e90..788c88f 100644 --- a/templates/desktop/network/wg0.netdev.j2 +++ b/templates/desktop/network/wg0.netdev.j2 @@ -1,13 +1,15 @@ +# {{ ansible_managed }} + [NetDev] -Name={{ vpn_interface }} +Name={{ vpn_default.interface }} Kind=wireguard -Description=WireGuard tunnel {{ vpn_interface }} +Description=WireGuard tunnel {{ vpn_default.interface }} [WireGuard] # PrivateKeyFile option does not seem to work, perhaps a bug? -PrivateKey={{ vpn_private_key }} +PrivateKey={{ vpn_default.private_key }} -{% for peer in vpn_peers %} +{% for peer in vpn_default.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} # PresharedKeyFile option does not seem to work, perhaps a bug? diff --git a/templates/desktop/network/wg0.network.j2 b/templates/desktop/network/wg0.network.j2 index 4a5a6e2..4dbb494 100644 --- a/templates/desktop/network/wg0.network.j2 +++ b/templates/desktop/network/wg0.network.j2 @@ -1,5 +1,7 @@ +# {{ ansible_managed }} + [Match] -Name={{ vpn_interface }} +Name={{ vpn_default.interface }} [Network] -Address={{ vpn_ip }}/{{ vpn_subnet }} +Address={{ vpn_default.ip }}/{{ vpn_default.subnet }} diff --git a/templates/desktop/network/wg1.netdev.j2 b/templates/desktop/network/wg1.netdev.j2 new file mode 100644 index 0000000..1917cb6 --- /dev/null +++ b/templates/desktop/network/wg1.netdev.j2 @@ -0,0 +1,24 @@ +# {{ ansible_managed }} + +[NetDev] +Name={{ vpn_media.interface }} +Kind=wireguard +Description=WireGuard tunnel {{ vpn_media.interface }} + +[WireGuard] +# PrivateKeyFile option does not seem to work, perhaps a bug? +PrivateKey={{ vpn_media.private_key }} + +{% for peer in vpn_media.peers %} +[WireGuardPeer] +PublicKey={{ peer.public_key }} +# PresharedKeyFile option does not seem to work, perhaps a bug? +PresharedKey={{ peer.preshared_key }} +AllowedIPs={{ peer.allowd_ips }} +{% if peer.endpoint %} +Endpoint={{ peer.endpoint }} +{% endif %} +{% if not loop.last %} + +{% endif %} +{% endfor %} diff --git a/templates/desktop/network/wg1.network.j2 b/templates/desktop/network/wg1.network.j2 new file mode 100644 index 0000000..3f8e7a1 --- /dev/null +++ b/templates/desktop/network/wg1.network.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} + +[Match] +Name={{ vpn_media.interface }} + +[Network] +Address={{ vpn_media.ip }}/{{ vpn_media.subnet }} diff --git a/templates/laptop/network/wg0.netdev.j2 b/templates/laptop/network/wg0.netdev.j2 index 2397e90..788c88f 100644 --- a/templates/laptop/network/wg0.netdev.j2 +++ b/templates/laptop/network/wg0.netdev.j2 @@ -1,13 +1,15 @@ +# {{ ansible_managed }} + [NetDev] -Name={{ vpn_interface }} +Name={{ vpn_default.interface }} Kind=wireguard -Description=WireGuard tunnel {{ vpn_interface }} +Description=WireGuard tunnel {{ vpn_default.interface }} [WireGuard] # PrivateKeyFile option does not seem to work, perhaps a bug? -PrivateKey={{ vpn_private_key }} +PrivateKey={{ vpn_default.private_key }} -{% for peer in vpn_peers %} +{% for peer in vpn_default.peers %} [WireGuardPeer] PublicKey={{ peer.public_key }} # PresharedKeyFile option does not seem to work, perhaps a bug? diff --git a/templates/laptop/network/wg0.network.j2 b/templates/laptop/network/wg0.network.j2 index 4a5a6e2..4dbb494 100644 --- a/templates/laptop/network/wg0.network.j2 +++ b/templates/laptop/network/wg0.network.j2 @@ -1,5 +1,7 @@ +# {{ ansible_managed }} + [Match] -Name={{ vpn_interface }} +Name={{ vpn_default.interface }} [Network] -Address={{ vpn_ip }}/{{ vpn_subnet }} +Address={{ vpn_default.ip }}/{{ vpn_default.subnet }} diff --git a/templates/laptop/network/wg1.netdev.j2 b/templates/laptop/network/wg1.netdev.j2 new file mode 100644 index 0000000..1917cb6 --- /dev/null +++ b/templates/laptop/network/wg1.netdev.j2 @@ -0,0 +1,24 @@ +# {{ ansible_managed }} + +[NetDev] +Name={{ vpn_media.interface }} +Kind=wireguard +Description=WireGuard tunnel {{ vpn_media.interface }} + +[WireGuard] +# PrivateKeyFile option does not seem to work, perhaps a bug? +PrivateKey={{ vpn_media.private_key }} + +{% for peer in vpn_media.peers %} +[WireGuardPeer] +PublicKey={{ peer.public_key }} +# PresharedKeyFile option does not seem to work, perhaps a bug? +PresharedKey={{ peer.preshared_key }} +AllowedIPs={{ peer.allowd_ips }} +{% if peer.endpoint %} +Endpoint={{ peer.endpoint }} +{% endif %} +{% if not loop.last %} + +{% endif %} +{% endfor %} diff --git a/templates/laptop/network/wg1.network.j2 b/templates/laptop/network/wg1.network.j2 new file mode 100644 index 0000000..3f8e7a1 --- /dev/null +++ b/templates/laptop/network/wg1.network.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} + +[Match] +Name={{ vpn_media.interface }} + +[Network] +Address={{ vpn_media.ip }}/{{ vpn_media.subnet }} diff --git a/vars/desktop.yml b/vars/desktop.yml index 5ef0d4a..c79fa20 100644 --- a/vars/desktop.yml +++ b/vars/desktop.yml @@ -1,27 +1,64 @@ platform_packages: [] -vpn_ip: '10.0.0.3' -vpn_subnet: '24' +vpn_default: + ip: '10.0.0.3' + subnet: '24' + interface: 'wg0' -vpn_public_key_path: '/etc/wireguard/keys/public/desktop.pub' -vpn_private_key_path: '/etc/wireguard/keys/private/desktop.key' + public_key_path: '/etc/wireguard/keys/public/default/desktop.pub' + private_key_path: '/etc/wireguard/keys/private/default/desktop.key' + + private_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 65386334366166306164363464633364383935313739373730373139663139373964336665636264 + 3563663038313039363230623266393164646164373739620a623536633631643231633938613461 + 63366239333230663531306333383962353937353736663336343434663633303232386531353832 + 6434633935333538650a613065306239333031656362356165326136333131356135383436326561 + 62303035386634636333353664373231633434656538303866386262353139363439363435346637 + 6637363334623133376134306165626564343864633032613763 -vpn_private_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 65386334366166306164363464633364383935313739373730373139663139373964336665636264 - 3563663038313039363230623266393164646164373739620a623536633631643231633938613461 - 63366239333230663531306333383962353937353736663336343434663633303232386531353832 - 6434633935333538650a613065306239333031656362356165326136333131356135383436326561 - 62303035386634636333353664373231633434656538303866386262353139363439363435346637 - 6637363334623133376134306165626564343864633032613763 + peers: + - { + name: 'zeus', + allowd_ips: '10.0.0.1/32', + endpoint: 'fudiggity.nl:51902', + public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', + preshared_key_path: '/etc/wireguard/keys/private/default/preshared-zeus.psk', + preshared_key_source_path: 'files/desktop/wireguard/default/preshared.psk', + preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n363333633336613939306632323163396239303739366135393232396134393266623939613534326238393638333137383235313039623264343932303038330a633934373638363966306533346235326234663464313963356238623064666430303030643533666536393662316237333463336462376366343335363131350a333135366239633765633136316133653535336661666461666365636233656165666635663037386666323931643265623233366133623237663734623661623661316436396465343866363266393565653237636136626536353630383263", + } -vpn_peers: - - { - name: 'zeus', - allowd_ips: '10.0.0.1/32', - endpoint: 'fudiggity.nl:51902', - public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', - preshared_key_path: '/etc/wireguard/keys/private/preshared-zeus.psk', - preshared_key_source_path: 'files/desktop/wireguard/preshared.psk', - preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n363333633336613939306632323163396239303739366135393232396134393266623939613534326238393638333137383235313039623264343932303038330a633934373638363966306533346235326234663464313963356238623064666430303030643533666536393662316237333463336462376366343335363131350a333135366239633765633136316133653535336661666461666365636233656165666635663037386666323931643265623233366133623237663734623661623661316436396465343866363266393565653237636136626536353630383263", - } +vpn_media: + ip: '10.0.1.3' + subnet: '24' + interface: 'wg1' + + public_key_path: '/etc/wireguard/keys/public/media/desktop.pub' + private_key_path: '/etc/wireguard/keys/private/media/desktop.key' + + private_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 62396362373339306463343330346431613538383236663666386135383864303835616161336662 + 6633313937313261313033323361383866313639643733650a363730393538623463313362343133 + 34643530303832393530666239636263353435353031316166366638666132323034313662653334 + 3238313161363632380a356464626364656465616231346463366632386635353861303934653036 + 34363436616334386463353463303537346234346666366631333634393733613164636466633137 + 3265386536663664626236343062336662373638656435303966 + + peers: + - { + name: 'zeus-media', + allowd_ips: '10.0.1.1/32', + endpoint: 'fudiggity.nl:51903', + public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=', + preshared_key_path: '/etc/wireguard/keys/private/media/preshared-zeus.psk', + preshared_key_source_path: 'files/laptop/wireguard/media/preshared.psk', + preshared_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 30613935653234316531633935306432343432343266346236383330393030346337313765346333 + 6366303237376564346131623662323066316435613737610a303439333438656663626334313134 + 32623138656664336462643835386435326536313734333535336534656565393934356438313062 + 3561656264663365390a303239613536393539636464656466373531623664633637663937333438 + 65663837353931373436613964633139396531653834386364383666336361376435383965643061 + 6233633761343562386534316336613062626236313833643066, + } diff --git a/vars/laptop.yml b/vars/laptop.yml index fa0e5b9..98d1d88 100644 --- a/vars/laptop.yml +++ b/vars/laptop.yml @@ -5,28 +5,58 @@ platform_packages: - nvidia-utils - lib32-nvidia-utils -vpn_ip: '10.0.0.2' -vpn_subnet: '24' +vpn_default: + ip: '10.0.0.2' + subnet: '24' + interface: 'wg0' -vpn_public_key_path: '/etc/wireguard/keys/public/laptop.pub' -vpn_private_key_path: '/etc/wireguard/keys/private/laptop.key' + public_key_path: '/etc/wireguard/keys/public/default/laptop.pub' + private_key_path: '/etc/wireguard/keys/private/default/laptop.key' -vpn_private_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 36393066313764386361376662376266623331313765373666616334356362656332653838346330 - 3435643261333262653139636537326164356164373566310a633233623031336437303236636266 - 61616165376631353433353463313532643564343664346335363835306430386364303635343432 - 3864343464666566310a363563613039333465336164323833316436393236666433333163666137 - 33656632343262373463306438333764393031623666393161356539636663346331613539396637 - 3631363333623539636561366436613861363932323966666238 + private_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 36393066313764386361376662376266623331313765373666616334356362656332653838346330 + 3435643261333262653139636537326164356164373566310a633233623031336437303236636266 + 61616165376631353433353463313532643564343664346335363835306430386364303635343432 + 3864343464666566310a363563613039333465336164323833316436393236666433333163666137 + 33656632343262373463306438333764393031623666393161356539636663346331613539396637 + 3631363333623539636561366436613861363932323966666238 -vpn_peers: - - { - name: 'zeus', - allowd_ips: '10.0.0.1/32', - endpoint: 'fudiggity.nl:51902', - public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', - preshared_key_path: '/etc/wireguard/keys/private/preshared-zeus.psk', - preshared_key_source_path: 'files/laptop/wireguard/preshared.psk', - preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n376463366339376639373237363632363836653266353534343331333831646366373430333163383838313835613565646466653139666337626237313737300a333761383466626637336164363235643861643865653536663433373762343637303334613862373663626663616138333964386333373633643431326233370a386664366238633533356235613332373630353731306233623364623239353564313631373061393535336532393439343432373435336538666334666335633737633030386438616566376131646662316464333765636331343262663437", - } + peers: + - { + name: 'zeus', + allowd_ips: '10.0.0.1/32', + endpoint: 'fudiggity.nl:51902', + public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=', + preshared_key_path: '/etc/wireguard/keys/private/default/preshared-zeus.psk', + preshared_key_source_path: 'files/laptop/wireguard/default/preshared.psk', + preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n376463366339376639373237363632363836653266353534343331333831646366373430333163383838313835613565646466653139666337626237313737300a333761383466626637336164363235643861643865653536663433373762343637303334613862373663626663616138333964386333373633643431326233370a386664366238633533356235613332373630353731306233623364623239353564313631373061393535336532393439343432373435336538666334666335633737633030386438616566376131646662316464333765636331343262663437", + } + +vpn_media: + ip: '10.0.1.2' + subnet: '24' + interface: 'wg1' + + public_key_path: '/etc/wireguard/keys/public/media/laptop.pub' + private_key_path: '/etc/wireguard/keys/private/media/laptop.key' + + private_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 38343933313031343230346232633837346332656163303561323038643935343638333231633032 + 3035633565326130363666393631616333653638386564360a373863366364353632383031316561 + 35306566623237613565653465316566336439613064653934316536333062366163383435313366 + 6130633630376639330a366230386435643736353664623435316334666639653836393531623463 + 30336435613761616132656138303263396263336564323865356538353661366439333538343961 + 6164353934636536333433326332383830353034343437646563 + + peers: + - { + name: 'zeus-media', + allowd_ips: '10.0.1.1/32', + endpoint: 'fudiggity.nl:51903', + public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=', + preshared_key_path: '/etc/wireguard/keys/private/media/preshared-zeus.psk', + preshared_key_source_path: 'files/laptop/wireguard/media/preshared.psk', + preshared_key: !vault "$ANSIBLE_VAULT;1.1;AES256\r\n666536333463333939313365343734313533633132396662336665643462336164373034666265623061373463396462333162323666323565636265663861310a623766653463613036663530653763376638643566323439636236656239663064646135323337333365653039343836303935316335383831643764663366360a656639303535666430643838343465356530633162383336663633346433346465376236366265656335636438323133643064356462313166323633623634323836363032626463376239373330356533336537633139643461316235366534" + } diff --git a/vars/vpn.yml b/vars/vpn.yml deleted file mode 100644 index 194c351..0000000 --- a/vars/vpn.yml +++ /dev/null @@ -1,2 +0,0 @@ -vpn_interface: 'wg0' -vpn_protocol: 'udp'