diff --git a/files/wireguard/media/preshared-tv.psk b/files/wireguard/media/preshared-tv-1.psk similarity index 100% rename from files/wireguard/media/preshared-tv.psk rename to files/wireguard/media/preshared-tv-1.psk diff --git a/files/wireguard/media/preshared-tv-2.psk b/files/wireguard/media/preshared-tv-2.psk new file mode 100644 index 0000000..a008df2 --- /dev/null +++ b/files/wireguard/media/preshared-tv-2.psk @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +62643738646434306166323162303434636563383231633631306536663064626634316363643337 +3235643165363639653865396337303132336563333263340a343865643339356264653836363131 +63393239353230613838383961396264653166373765643161623062623033363436646434316333 +3264383861633933340a306538366165613364356166303534313233323462396634326437663538 +37666662653265616362656663616638343463386336356564616630613930613466326638386664 +6665396235323932613764633733613031633031333131633033 diff --git a/files/wireguard/media/tv.key b/files/wireguard/media/tv-1.key similarity index 100% rename from files/wireguard/media/tv.key rename to files/wireguard/media/tv-1.key diff --git a/files/wireguard/media/tv.pub b/files/wireguard/media/tv-1.pub similarity index 100% rename from files/wireguard/media/tv.pub rename to files/wireguard/media/tv-1.pub diff --git a/files/wireguard/media/tv-2.key b/files/wireguard/media/tv-2.key new file mode 100644 index 0000000..02268d7 --- /dev/null +++ b/files/wireguard/media/tv-2.key @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +34353264373134353530373164646339323664323637326635313631653036393766653133383330 +6463316338646262663132313630346161323731323462350a643634316436633437376638646166 +31646263616165363436363739613463323439376561323734373963336231643063346366303830 +3833643265373730650a653166326462653065396438343161303936303337666531333963646165 +66356438616131393137313435626163376438653765316138363532343665633330613931313763 +6362396266323232383933646639313731303131623562383765 diff --git a/files/wireguard/media/tv-2.pub b/files/wireguard/media/tv-2.pub new file mode 100644 index 0000000..d7641fb --- /dev/null +++ b/files/wireguard/media/tv-2.pub @@ -0,0 +1 @@ +NSuRDGI1AStpoKhIVvGSW+ORgSdHCZgfiAi+2d7uLww= diff --git a/tasks/wireguard_media.yml b/tasks/wireguard_media.yml index c21ea72..b906e76 100644 --- a/tasks/wireguard_media.yml +++ b/tasks/wireguard_media.yml @@ -7,10 +7,10 @@ group: systemd-network mode: '0640' loop: - - src: 'templates/network/wireguard/media/wg1.netdev.j2' - dest: '/etc/systemd/network/wg1.netdev' - - src: 'templates/network/wireguard/media/wg1.network.j2' - dest: '/etc/systemd/network/wg1.network' + - src: templates/network/wireguard/media/wg1.netdev.j2 + dest: /etc/systemd/network/wg1.netdev + - src: templates/network/wireguard/media/wg1.network.j2 + dest: /etc/systemd/network/wg1.network notify: restart systemd-networkd - name: Create Wireguard media directories @@ -52,16 +52,27 @@ loop: - src: 'files/wireguard/media/mobile-1.pub' dest: '{{ vpn_config_dir }}/keys/public/mobile_1.pub' + - src: 'files/wireguard/media/mobile-1.key' dest: '{{ vpn_config_dir }}/keys/private/mobile_1.key' + - src: 'files/wireguard/media/mobile-2.pub' dest: '{{ vpn_config_dir }}/keys/public/mobile_2.pub' + - src: 'files/wireguard/media/mobile-2.key' dest: '{{ vpn_config_dir }}/keys/private/mobile_2.key' - - src: 'files/wireguard/media/tv.pub' - dest: '{{ vpn_config_dir }}/keys/public/tv.pub' - - src: 'files/wireguard/media/tv.key' - dest: '{{ vpn_config_dir }}/keys/private/tv.key' + + - src: 'files/wireguard/media/tv-1.pub' + dest: '{{ vpn_config_dir }}/keys/public/tv-1.pub' + + - src: 'files/wireguard/media/tv-1.key' + dest: '{{ vpn_config_dir }}/keys/private/tv-1.key' + + - src: 'files/wireguard/media/tv-2.pub' + dest: '{{ vpn_config_dir }}/keys/public/tv-2.pub' + + - src: 'files/wireguard/media/tv-2.key' + dest: '{{ vpn_config_dir }}/keys/private/tv-2.key' - name: Copy wireguard media preshared keys become: true @@ -81,10 +92,16 @@ mode: '0600' owner: '{{ ansible_user_id }}' loop: - - src: 'templates/network/wireguard/media/mobile_1.wireguard.j2' - dest: '/tmp/pixel.conf' - - src: 'templates/network/wireguard/media/mobile_2.wireguard.j2' - dest: '/tmp/mobile_mam.conf' - - src: 'templates/network/wireguard/media/tv.wireguard.j2' - dest: '/tmp/tv.conf' + - src: templates/network/wireguard/media/mobile_1.wireguard.j2 + dest: /tmp/mobile_1.conf + + - src: templates/network/wireguard/media/mobile_2.wireguard.j2 + dest: /tmp/mobile_2.conf + + - src: templates/network/wireguard/media/tv_1.wireguard.j2 + dest: /tmp/tv_1.conf + + - src: templates/network/wireguard/media/tv_2.wireguard.j2 + dest: /tmp/tv_2.conf + when: copy_vpn_media_configurations diff --git a/templates/network/wireguard/media/tv.wireguard.j2 b/templates/network/wireguard/media/tv.wireguard.j2 deleted file mode 100644 index 987fac0..0000000 --- a/templates/network/wireguard/media/tv.wireguard.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# {{ ansible_managed }} - -[Interface] -Address={{ vpn_media_peers.tv.ip }}/{{ vpn_media_prefix }} -DNS={{ vpn_media_listen_address }} -PrivateKey={{ lookup('file', vpn_media_peers.tv.private_key_source_path) }} - -[Peer] -PublicKey={{ lookup('file', vpn_media_server_public_key_source_path) }} -PresharedKey={{ lookup('file', vpn_media_peers.tv.preshared_key_source_path) }} -{% for ip in vpn_media_peers.tv.allowed_ips %} -AllowedIPs={{ ip }} -{% endfor %} -Endpoint={{ domain_name }}:{{ vpn_media_port }} diff --git a/templates/network/wireguard/media/tv_1.wireguard.j2 b/templates/network/wireguard/media/tv_1.wireguard.j2 new file mode 100644 index 0000000..cf3f868 --- /dev/null +++ b/templates/network/wireguard/media/tv_1.wireguard.j2 @@ -0,0 +1,14 @@ +# {{ ansible_managed }} + +[Interface] +Address={{ vpn_media_peers.tv_peer_1.ip }}/{{ vpn_media_prefix }} +DNS={{ vpn_media_listen_address }} +PrivateKey={{ lookup('file', vpn_media_peers.tv_peer_1.private_key_source_path) }} + +[Peer] +PublicKey={{ lookup('file', vpn_media_server_public_key_source_path) }} +PresharedKey={{ lookup('file', vpn_media_peers.tv_peer_1.preshared_key_source_path) }} +{% for ip in vpn_media_peers.tv_peer_1.allowed_ips %} +AllowedIPs={{ ip }} +{% endfor %} +Endpoint={{ domain_name }}:{{ vpn_media_port }} diff --git a/templates/network/wireguard/media/tv_2.wireguard.j2 b/templates/network/wireguard/media/tv_2.wireguard.j2 new file mode 100644 index 0000000..a6a6e32 --- /dev/null +++ b/templates/network/wireguard/media/tv_2.wireguard.j2 @@ -0,0 +1,14 @@ +# {{ ansible_managed }} + +[Interface] +Address={{ vpn_media_peers.tv_peer_2.ip }}/{{ vpn_media_prefix }} +DNS={{ vpn_media_listen_address }} +PrivateKey={{ lookup('file', vpn_media_peers.tv_peer_2.private_key_source_path) }} + +[Peer] +PublicKey={{ lookup('file', vpn_media_server_public_key_source_path) }} +PresharedKey={{ lookup('file', vpn_media_peers.tv_peer_2.preshared_key_source_path) }} +{% for ip in vpn_media_peers.tv_peer_2.allowed_ips %} +AllowedIPs={{ ip }} +{% endfor %} +Endpoint={{ domain_name }}:{{ vpn_media_port }} diff --git a/vars/vpn_media.yml b/vars/vpn_media.yml index df89a1d..f6d02f5 100644 --- a/vars/vpn_media.yml +++ b/vars/vpn_media.yml @@ -1,48 +1,58 @@ vpn_media_server_public_key_path: '{{ vpn_config_dir }}/keys/public/media_server.pub' -vpn_media_server_public_key_source_path: 'files/wireguard/media/server.pub' +vpn_media_server_public_key_source_path: files/wireguard/media/server.pub vpn_media_server_key_path: '{{ vpn_config_dir }}/keys/private/media_server.key' copy_vpn_media_configurations: false vpn_media_peers: laptop: - ip: '10.0.1.2' + ip: 10.0.1.2 public_key: 'hI4rqlv2afs4RJkt5xR+dYxQODSd6lR0OqWJRlnQdjM=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-media-laptop.psk' - preshared_key_source_path: 'files/wireguard/media/preshared-laptop.psk' + preshared_key_source_path: files/wireguard/media/preshared-laptop.psk desktop: - ip: '10.0.1.3' + ip: 10.0.1.3 public_key: 'YDH5lZcxUHM4AU2ZxQrFqjDIV2Z7PSUQKMcYXLExV0E=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-media-desktop.psk' - preshared_key_source_path: 'files/wireguard/media/preshared-desktop.psk' + preshared_key_source_path: files/wireguard/media/preshared-desktop.psk mobile_peer_1: - ip: '10.0.1.4' + ip: 10.0.1.4 allowed_ips: - '{{ vpn_media_subnet }}' - '{{ jellyfin_subnet }}' public_key: '6fj8FXvzT0IUlZLJjQ/+FhwwRDsJeQsUFHqKQcyXdwQ=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-media-mobile-1.psk' - preshared_key_source_path: 'files/wireguard/media/preshared-mobile-1.psk' - private_key_source_path: 'files/wireguard/media/mobile-1.key' + preshared_key_source_path: files/wireguard/media/preshared-mobile-1.psk + private_key_source_path: files/wireguard/media/mobile-1.key mobile_peer_2: - ip: '10.0.1.5' + ip: 10.0.1.5 allowed_ips: - '{{ vpn_media_subnet }}' - '{{ jellyfin_subnet }}' public_key: 'w/pswNrAYFdEUoaLk3zSqOu4gg2s41BBCN02E//ai1c=' preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-media-mobile-2.psk' - preshared_key_source_path: 'files/wireguard/media/preshared-mobile-2.psk' - private_key_source_path: 'files/wireguard/media/mobile-2.key' + preshared_key_source_path: files/wireguard/media/preshared-mobile-2.psk + private_key_source_path: files/wireguard/media/mobile-2.key - tv: - ip: '10.0.1.6' + tv_peer_1: + ip: 10.0.1.6 allowed_ips: - '{{ vpn_media_subnet }}' - '{{ jellyfin_subnet }}' public_key: '5+yz9C9PhaLhsvAZ1e3mDsTQpMZVrPZnSQa6ERJIKU0=' - preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-media-tv.psk' - preshared_key_source_path: 'files/wireguard/media/preshared-tv.psk' - private_key_source_path: 'files/wireguard/media/tv.key' + preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-media-tv-1.psk' + preshared_key_source_path: files/wireguard/media/preshared-tv-1.psk + private_key_source_path: files/wireguard/media/tv-1.key + + tv_peer_2: + ip: 10.0.1.7 + allowed_ips: + - '{{ vpn_media_subnet }}' + - '{{ jellyfin_subnet }}' + public_key: 'NSuRDGI1AStpoKhIVvGSW+ORgSdHCZgfiAi+2d7uLww=' + preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-media-tv-2.psk' + preshared_key_source_path: files/wireguard/media/preshared-tv-2.psk + private_key_source_path: files/wireguard/media/tv-2.key