Add transmission route configuration

tasks/mpd.yml

@@ -17,7 +17,7 @@
   ansible.builtin.file:
     path: '{{ item.path }}'
     state: '{{ item.state }}'
-    mode: '0644'
+    mode: '0755'
   loop:
     - path: '{{ mpd_configuration_dir }}'
       state: 'directory'
@@ -34,8 +34,6 @@
   ansible.builtin.file:
     path: '{{ item.path }}'
     state: '{{ item.state }}'
-    mode: '0644'
-    recurse: '{{ item.path is directory }}'
   loop:
     - path: '{{ mpd_configuration_dir }}/log'
       state: 'absent'
@@ -50,7 +48,7 @@
   ansible.builtin.template:
     src: '{{ item.src }}'
     dest: '{{ item.dest }}'
-    mode: '0644'
+    mode: '0755'
   loop:
     - src: 'templates/mpd/mpd.conf.j2'
       dest: '{{ mpd_configuration_dir }}/mpd.conf'

templates/desktop/network/wg0.netdev.j2

@@ -12,7 +12,9 @@ PrivateKeyFile={{ vpn_default.private_key_path }}
 [WireGuardPeer]
 PublicKey={{ peer.public_key }}
 PresharedKeyFile={{ peer.preshared_key_path }}
-AllowedIPs={{ peer.allowd_ips }}
+{% for ip in peer.allowed_ips %}
+AllowedIPs={{ ip.address }}
+{% endfor %}
 {% if peer.endpoint %}
 Endpoint={{ peer.endpoint }}
 {% endif %}

templates/desktop/network/wg0.network.j2

@@ -7,3 +7,13 @@ Name={{ vpn_default.interface }}
 Address={{ vpn_default.ip }}/{{ vpn_default.subnet }}
 DNS={{ vpn_default.dns }}
 Domains={{ vpn_default.domains | join(' ') }}
+
+{% for peer in vpn_default.peers %}
+{% for ip in peer.allowed_ips %}
+{% if ip.create_route %}
+[Route]
+Destination={{ ip.address }}
+Scope=link
+{% endif %}
+{% endfor %}
+{% endfor %}

templates/desktop/network/wg1.netdev.j2

@@ -12,7 +12,9 @@ PrivateKeyFile={{ vpn_media.private_key_path }}
 [WireGuardPeer]
 PublicKey={{ peer.public_key }}
 PresharedKeyFile={{ peer.preshared_key_path }}
-AllowedIPs={{ peer.allowd_ips }}
+{% for ip in peer.allowed_ips %}
+AllowedIPs={{ ip.address }}
+{% endfor %}
 {% if peer.endpoint %}
 Endpoint={{ peer.endpoint }}
 {% endif %}

templates/desktop/network/wg1.network.j2

@@ -7,3 +7,13 @@ Name={{ vpn_media.interface }}
 Address={{ vpn_media.ip }}/{{ vpn_media.subnet }}
 DNS={{ vpn_media.dns }}
 Domains={{ vpn_media.domains | join(' ') }}
+
+{% for peer in vpn_media.peers %}
+{% for ip in peer.allowed_ips %}
+{% if ip.create_route %}
+[Route]
+Destination = {{ ip.address }}
+Scope = link
+{% endif %}
+{% endfor %}
+{% endfor %}

vars/desktop.yml

@@ -18,6 +18,7 @@ boot_configuration:
   disk: /dev/sdc
   partition: 1
 
+# TODO: scope variables to their destination file
 vpn_default:
   ip: '10.0.0.3'
   subnet: '24'
@@ -25,6 +26,7 @@ vpn_default:
   dns: '10.0.0.1'
   domains:
     - ~vpn.fudiggity.nl
+    - ~transmission.fudiggity.nl
 
   public_key_path: '{{ vpn_config_dir }}/keys/public/default/desktop.pub'
   private_key_path: '{{ vpn_config_dir }}/keys/private/default/desktop.key'
@@ -32,7 +34,11 @@ vpn_default:
 
   peers:
     - name: 'zeus'
-      allowd_ips: '10.0.0.1/32'
+      allowed_ips:
+        - address: '10.0.0.0/24'
+          create_route: false
+        - address: '172.16.238.0/24'
+          create_route: true
       endpoint: 'fudiggity.nl:51902'
       public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo='
       preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk'
@@ -52,7 +58,9 @@ vpn_media:
 
   peers:
     - name: 'zeus-media'
-      allowd_ips: '10.0.1.1/32'
+      allowed_ips:
+        - address: '10.0.1.0/24'
+          create_route: false
       endpoint: 'fudiggity.nl:51903'
       public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg='
       preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk'