diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..2a8b491 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,26 @@ +stages: + - lint + - test + +cache: + key: $CI_COMMIT_REF_SLUG + paths: + - .cache/pip + - node_modules/ + +lint: + stage: lint + image: node:lts + before_script: + - npm install + script: + - npx prettier '**/*.yml' --check + +syntax-test: + stage: test + image: python:3.7 + before_script: + - pip install ansible --quiet + - ansible-galaxy install --role-file requirements.yml --roles-path ./roles + script: + - ansible-playbook playbook.yml --syntax-check diff --git a/.prettierrc.yml b/.prettierrc.yml new file mode 100644 index 0000000..0cb31e6 --- /dev/null +++ b/.prettierrc.yml @@ -0,0 +1,5 @@ +singleQuote: true +printWidth: 90 +tabWidth: 2 +useTabs: false +bracketSpacing: true diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 0000000..0db7ba2 --- /dev/null +++ b/package-lock.json @@ -0,0 +1,33 @@ +{ + "name": "development", + "lockfileVersion": 2, + "requires": true, + "packages": { + "": { + "dependencies": { + "prettier": "^2.6.2" + } + }, + "node_modules/prettier": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.6.2.tgz", + "integrity": "sha512-PkUpF+qoXTqhOeWL9fu7As8LXsIUZ1WYaJiY/a7McAQzxjk82OF0tibkFXVCDImZtWxbvojFjerkiLb0/q8mew==", + "bin": { + "prettier": "bin-prettier.js" + }, + "engines": { + "node": ">=10.13.0" + }, + "funding": { + "url": "https://github.com/prettier/prettier?sponsor=1" + } + } + }, + "dependencies": { + "prettier": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.6.2.tgz", + "integrity": "sha512-PkUpF+qoXTqhOeWL9fu7As8LXsIUZ1WYaJiY/a7McAQzxjk82OF0tibkFXVCDImZtWxbvojFjerkiLb0/q8mew==" + } + } +} diff --git a/package.json b/package.json new file mode 100644 index 0000000..e1f5891 --- /dev/null +++ b/package.json @@ -0,0 +1,5 @@ +{ + "dependencies": { + "prettier": "^2.6.2" + } +} diff --git a/templates/desktop/network/wg0.network.j2 b/templates/desktop/network/wg0.network.j2 index 515a71a..1787da4 100644 --- a/templates/desktop/network/wg0.network.j2 +++ b/templates/desktop/network/wg0.network.j2 @@ -4,7 +4,7 @@ Name={{ vpn_default.interface }} [Network] -Address={{ vpn_default.ip }}/{{ vpn_default.prefix }} +Address={{ vpn_default.ip }}/{{ vpn_default.subnet }} DNS={{ vpn_default.dns }} Domains={{ vpn_default.domains | join(' ') }} diff --git a/templates/desktop/network/wg1.network.j2 b/templates/desktop/network/wg1.network.j2 index 40d3650..8e462cc 100644 --- a/templates/desktop/network/wg1.network.j2 +++ b/templates/desktop/network/wg1.network.j2 @@ -4,7 +4,7 @@ Name={{ vpn_media.interface }} [Network] -Address={{ vpn_media.ip }}/{{ vpn_media.prefix }} +Address={{ vpn_media.ip }}/{{ vpn_media.subnet }} DNS={{ vpn_media.dns }} Domains={{ vpn_media.domains | join(' ') }} @@ -12,8 +12,8 @@ Domains={{ vpn_media.domains | join(' ') }} {% for ip in peer.allowed_ips %} {% if ip.create_route %} [Route] -Destination={{ ip.address }} -Scope=link +Destination = {{ ip.address }} +Scope = link {% endif %} {% endfor %} {% endfor %} diff --git a/templates/laptop/network/wg0.netdev.j2 b/templates/laptop/network/wg0.netdev.j2 index ffceef7..6f1c0dd 100644 --- a/templates/laptop/network/wg0.netdev.j2 +++ b/templates/laptop/network/wg0.netdev.j2 @@ -12,9 +12,7 @@ PrivateKeyFile={{ vpn_default.private_key_path }} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} -{% for ip in peer.allowed_ips %} -AllowedIPs={{ ip.address }} -{% endfor %} +AllowedIPs={{ peer.allowd_ips }} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} {% endif %} diff --git a/templates/laptop/network/wg0.network.j2 b/templates/laptop/network/wg0.network.j2 index 515a71a..9253528 100644 --- a/templates/laptop/network/wg0.network.j2 +++ b/templates/laptop/network/wg0.network.j2 @@ -4,16 +4,6 @@ Name={{ vpn_default.interface }} [Network] -Address={{ vpn_default.ip }}/{{ vpn_default.prefix }} +Address={{ vpn_default.ip }}/{{ vpn_default.subnet }} DNS={{ vpn_default.dns }} Domains={{ vpn_default.domains | join(' ') }} - -{% for peer in vpn_default.peers %} -{% for ip in peer.allowed_ips %} -{% if ip.create_route %} -[Route] -Destination={{ ip.address }} -Scope=link -{% endif %} -{% endfor %} -{% endfor %} diff --git a/templates/laptop/network/wg1.netdev.j2 b/templates/laptop/network/wg1.netdev.j2 index 13d86df..104804f 100644 --- a/templates/laptop/network/wg1.netdev.j2 +++ b/templates/laptop/network/wg1.netdev.j2 @@ -12,9 +12,7 @@ PrivateKeyFile={{ vpn_media.private_key_path }} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} -{% for ip in peer.allowed_ips %} -AllowedIPs={{ ip.address }} -{% endfor %} +AllowedIPs={{ peer.allowd_ips }} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} {% endif %} diff --git a/templates/laptop/network/wg1.network.j2 b/templates/laptop/network/wg1.network.j2 index 40d3650..9a03d7b 100644 --- a/templates/laptop/network/wg1.network.j2 +++ b/templates/laptop/network/wg1.network.j2 @@ -4,16 +4,6 @@ Name={{ vpn_media.interface }} [Network] -Address={{ vpn_media.ip }}/{{ vpn_media.prefix }} +Address={{ vpn_media.ip }}/{{ vpn_media.subnet }} DNS={{ vpn_media.dns }} Domains={{ vpn_media.domains | join(' ') }} - -{% for peer in vpn_media.peers %} -{% for ip in peer.allowed_ips %} -{% if ip.create_route %} -[Route] -Destination={{ ip.address }} -Scope=link -{% endif %} -{% endfor %} -{% endfor %} diff --git a/vars/desktop.yml b/vars/desktop.yml index 6a22f27..e4cca6c 100644 --- a/vars/desktop.yml +++ b/vars/desktop.yml @@ -21,7 +21,7 @@ boot_configuration: # TODO: scope variables to their destination file vpn_default: ip: '10.0.0.3' - prefix: '24' + subnet: '24' interface: 'wg0' dns: '10.0.0.1' domains: @@ -30,6 +30,7 @@ vpn_default: public_key_path: '{{ vpn_config_dir }}/keys/public/default/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/desktop.key' + private_key_source_path: 'files/desktop/wireguard/default/desktop.key' peers: - name: 'zeus' @@ -45,7 +46,7 @@ vpn_default: vpn_media: ip: '10.0.1.3' - prefix: '24' + subnet: '24' interface: 'wg1' dns: '10.0.1.1' domains: diff --git a/vars/laptop.yml b/vars/laptop.yml index cc46761..cba4fa9 100644 --- a/vars/laptop.yml +++ b/vars/laptop.yml @@ -24,23 +24,18 @@ mkinitcpio_templates: vpn_default: ip: '10.0.0.2' - prefix: '24' + subnet: '24' interface: 'wg0' dns: '10.0.0.1' domains: - ~vpn.fudiggity.nl - - ~transmission.fudiggity.nl public_key_path: '{{ vpn_config_dir }}/keys/public/default/laptop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/laptop.key' peers: - name: 'zeus' - allowed_ips: - - address: '10.0.0.0/24' - create_route: false - - address: '172.16.238.0/24' - create_route: true + allowd_ips: '10.0.0.1/32' endpoint: 'fudiggity.nl:51902' public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' @@ -48,7 +43,7 @@ vpn_default: vpn_media: ip: '10.0.1.2' - prefix: '24' + subnet: '24' interface: 'wg1' dns: '10.0.1.1' domains: @@ -59,9 +54,7 @@ vpn_media: peers: - name: 'zeus-media' - allowed_ips: - - address: '10.0.1.0/24' - create_route: false + allowd_ips: '10.0.1.1/32' endpoint: 'fudiggity.nl:51903' public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk'