diff --git a/templates/desktop/network/wg0.netdev.j2 b/templates/desktop/network/wg0.netdev.j2 index 6f1c0dd..ffceef7 100644 --- a/templates/desktop/network/wg0.netdev.j2 +++ b/templates/desktop/network/wg0.netdev.j2 @@ -12,7 +12,9 @@ PrivateKeyFile={{ vpn_default.private_key_path }} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} -AllowedIPs={{ peer.allowd_ips }} +{% for ip in peer.allowed_ips %} +AllowedIPs={{ ip.address }} +{% endfor %} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} {% endif %} diff --git a/templates/desktop/network/wg0.network.j2 b/templates/desktop/network/wg0.network.j2 index 9253528..1787da4 100644 --- a/templates/desktop/network/wg0.network.j2 +++ b/templates/desktop/network/wg0.network.j2 @@ -7,3 +7,13 @@ Name={{ vpn_default.interface }} Address={{ vpn_default.ip }}/{{ vpn_default.subnet }} DNS={{ vpn_default.dns }} Domains={{ vpn_default.domains | join(' ') }} + +{% for peer in vpn_default.peers %} +{% for ip in peer.allowed_ips %} +{% if ip.create_route %} +[Route] +Destination={{ ip.address }} +Scope=link +{% endif %} +{% endfor %} +{% endfor %} diff --git a/templates/desktop/network/wg1.netdev.j2 b/templates/desktop/network/wg1.netdev.j2 index 104804f..13d86df 100644 --- a/templates/desktop/network/wg1.netdev.j2 +++ b/templates/desktop/network/wg1.netdev.j2 @@ -12,7 +12,9 @@ PrivateKeyFile={{ vpn_media.private_key_path }} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} -AllowedIPs={{ peer.allowd_ips }} +{% for ip in peer.allowed_ips %} +AllowedIPs={{ ip.address }} +{% endfor %} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} {% endif %} diff --git a/templates/desktop/network/wg1.network.j2 b/templates/desktop/network/wg1.network.j2 index 9a03d7b..8e462cc 100644 --- a/templates/desktop/network/wg1.network.j2 +++ b/templates/desktop/network/wg1.network.j2 @@ -7,3 +7,13 @@ Name={{ vpn_media.interface }} Address={{ vpn_media.ip }}/{{ vpn_media.subnet }} DNS={{ vpn_media.dns }} Domains={{ vpn_media.domains | join(' ') }} + +{% for peer in vpn_media.peers %} +{% for ip in peer.allowed_ips %} +{% if ip.create_route %} +[Route] +Destination = {{ ip.address }} +Scope = link +{% endif %} +{% endfor %} +{% endfor %} diff --git a/vars/desktop.yml b/vars/desktop.yml index d9646c5..e4cca6c 100644 --- a/vars/desktop.yml +++ b/vars/desktop.yml @@ -18,6 +18,7 @@ boot_configuration: disk: /dev/sdc partition: 1 +# TODO: scope variables to their destination file vpn_default: ip: '10.0.0.3' subnet: '24' @@ -25,6 +26,7 @@ vpn_default: dns: '10.0.0.1' domains: - ~vpn.fudiggity.nl + - ~transmission.fudiggity.nl public_key_path: '{{ vpn_config_dir }}/keys/public/default/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/desktop.key' @@ -32,7 +34,11 @@ vpn_default: peers: - name: 'zeus' - allowd_ips: '10.0.0.1/32' + allowed_ips: + - address: '10.0.0.0/24' + create_route: false + - address: '172.16.238.0/24' + create_route: true endpoint: 'fudiggity.nl:51902' public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' @@ -52,7 +58,9 @@ vpn_media: peers: - name: 'zeus-media' - allowd_ips: '10.0.1.1/32' + allowed_ips: + - address: '10.0.1.0/24' + create_route: false endpoint: 'fudiggity.nl:51903' public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk'