diff --git a/tasks/mpd.yml b/tasks/mpd.yml index 08de7d4..569a263 100644 --- a/tasks/mpd.yml +++ b/tasks/mpd.yml @@ -17,7 +17,7 @@ ansible.builtin.file: path: '{{ item.path }}' state: '{{ item.state }}' - mode: '0755' + mode: '0644' loop: - path: '{{ mpd_configuration_dir }}' state: 'directory' @@ -34,6 +34,8 @@ ansible.builtin.file: path: '{{ item.path }}' state: '{{ item.state }}' + mode: '0644' + recurse: '{{ item.path is directory }}' loop: - path: '{{ mpd_configuration_dir }}/log' state: 'absent' @@ -48,7 +50,7 @@ ansible.builtin.template: src: '{{ item.src }}' dest: '{{ item.dest }}' - mode: '0755' + mode: '0644' loop: - src: 'templates/mpd/mpd.conf.j2' dest: '{{ mpd_configuration_dir }}/mpd.conf' diff --git a/templates/desktop/network/wg0.netdev.j2 b/templates/desktop/network/wg0.netdev.j2 index ffceef7..6f1c0dd 100644 --- a/templates/desktop/network/wg0.netdev.j2 +++ b/templates/desktop/network/wg0.netdev.j2 @@ -12,9 +12,7 @@ PrivateKeyFile={{ vpn_default.private_key_path }} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} -{% for ip in peer.allowed_ips %} -AllowedIPs={{ ip.address }} -{% endfor %} +AllowedIPs={{ peer.allowd_ips }} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} {% endif %} diff --git a/templates/desktop/network/wg0.network.j2 b/templates/desktop/network/wg0.network.j2 index 1787da4..9253528 100644 --- a/templates/desktop/network/wg0.network.j2 +++ b/templates/desktop/network/wg0.network.j2 @@ -7,13 +7,3 @@ Name={{ vpn_default.interface }} Address={{ vpn_default.ip }}/{{ vpn_default.subnet }} DNS={{ vpn_default.dns }} Domains={{ vpn_default.domains | join(' ') }} - -{% for peer in vpn_default.peers %} -{% for ip in peer.allowed_ips %} -{% if ip.create_route %} -[Route] -Destination={{ ip.address }} -Scope=link -{% endif %} -{% endfor %} -{% endfor %} diff --git a/templates/desktop/network/wg1.netdev.j2 b/templates/desktop/network/wg1.netdev.j2 index 13d86df..104804f 100644 --- a/templates/desktop/network/wg1.netdev.j2 +++ b/templates/desktop/network/wg1.netdev.j2 @@ -12,9 +12,7 @@ PrivateKeyFile={{ vpn_media.private_key_path }} [WireGuardPeer] PublicKey={{ peer.public_key }} PresharedKeyFile={{ peer.preshared_key_path }} -{% for ip in peer.allowed_ips %} -AllowedIPs={{ ip.address }} -{% endfor %} +AllowedIPs={{ peer.allowd_ips }} {% if peer.endpoint %} Endpoint={{ peer.endpoint }} {% endif %} diff --git a/templates/desktop/network/wg1.network.j2 b/templates/desktop/network/wg1.network.j2 index 8e462cc..9a03d7b 100644 --- a/templates/desktop/network/wg1.network.j2 +++ b/templates/desktop/network/wg1.network.j2 @@ -7,13 +7,3 @@ Name={{ vpn_media.interface }} Address={{ vpn_media.ip }}/{{ vpn_media.subnet }} DNS={{ vpn_media.dns }} Domains={{ vpn_media.domains | join(' ') }} - -{% for peer in vpn_media.peers %} -{% for ip in peer.allowed_ips %} -{% if ip.create_route %} -[Route] -Destination = {{ ip.address }} -Scope = link -{% endif %} -{% endfor %} -{% endfor %} diff --git a/vars/desktop.yml b/vars/desktop.yml index e4cca6c..d9646c5 100644 --- a/vars/desktop.yml +++ b/vars/desktop.yml @@ -18,7 +18,6 @@ boot_configuration: disk: /dev/sdc partition: 1 -# TODO: scope variables to their destination file vpn_default: ip: '10.0.0.3' subnet: '24' @@ -26,7 +25,6 @@ vpn_default: dns: '10.0.0.1' domains: - ~vpn.fudiggity.nl - - ~transmission.fudiggity.nl public_key_path: '{{ vpn_config_dir }}/keys/public/default/desktop.pub' private_key_path: '{{ vpn_config_dir }}/keys/private/default/desktop.key' @@ -34,11 +32,7 @@ vpn_default: peers: - name: 'zeus' - allowed_ips: - - address: '10.0.0.0/24' - create_route: false - - address: '172.16.238.0/24' - create_route: true + allowd_ips: '10.0.0.1/32' endpoint: 'fudiggity.nl:51902' public_key: 'CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-zeus.psk' @@ -58,9 +52,7 @@ vpn_media: peers: - name: 'zeus-media' - allowed_ips: - - address: '10.0.1.0/24' - create_route: false + allowd_ips: '10.0.1.1/32' endpoint: 'fudiggity.nl:51903' public_key: 'EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/preshared-zeus.psk'