Add media vpn setup

2024-08-03 15:01:41 +02:00 · 2024-08-03 15:01:41 +02:00 · 34b89bddff
commit 34b89bddff
parent 79d0e64eb2
39 changed files with 386 additions and 97 deletions
--- a/templates/network/wireguard/default/mobile.wireguard.j2
+++ b/templates/network/wireguard/default/mobile.wireguard.j2
@ -1,4 +1,4 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+# {{ ansible_managed }}

 [Interface]
 Address={{ vpn_peers.mobile.ip }}/24
@ -8,4 +8,4 @@ PrivateKey={{ vpn_peers.mobile.private_key }}
 PublicKey={{ vpn_server_public_key }}
 PresharedKey={{ vpn_peers.mobile.preshared_key }}
 AllowedIPs={{ vpn_listen_address }}/32
-Endpoint={{ wan_ip_address }}:{{ vpn_port }}
+Endpoint={{ domain_name }}:{{ vpn_port }}
--- a/templates/network/wireguard/default/wg0.netdev.j2
+++ b/templates/network/wireguard/default/wg0.netdev.j2
@ -1,4 +1,4 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+# {{ ansible_managed }}

 [NetDev]
 Name={{ vpn_interface }}
--- a/templates/network/wireguard/default/wg0.network.j2
+++ b/templates/network/wireguard/default/wg0.network.j2
@ -1,4 +1,4 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+# {{ ansible_managed }}

 [Match]
 Name={{ vpn_interface }}
--- a/templates/network/wireguard/media/mobile_1.wireguard.j2
+++ b/templates/network/wireguard/media/mobile_1.wireguard.j2
@ -0,0 +1,11 @@
+# {{ ansible_managed }}
+
+[Interface]
+Address={{ vpn_media_peers.mobile_peer_1.ip }}/24
+PrivateKey={{ vpn_media_peers.mobile_peer_1.private_key }}
+
+[Peer]
+PublicKey={{ vpn_media_server_public_key }}
+PresharedKey={{ vpn_media_peers.mobile_peer_1.preshared_key }}
+AllowedIPs={{ vpn_media_listen_address }}/32
+Endpoint={{ domain_name }}:{{ vpn_media_port }}
--- a/templates/network/wireguard/media/mobile_2.wireguard.j2
+++ b/templates/network/wireguard/media/mobile_2.wireguard.j2
@ -0,0 +1,11 @@
+# {{ ansible_managed }}
+
+[Interface]
+Address={{ vpn_media_peers.mobile_peer_2.ip }}/24
+PrivateKey={{ vpn_media_peers.mobile_peer_2.private_key }}
+
+[Peer]
+PublicKey={{ vpn_media_server_public_key }}
+PresharedKey={{ vpn_media_peers.mobile_peer_2.preshared_key }}
+AllowedIPs={{ vpn_media_listen_address }}/32
+Endpoint={{ domain_name }}:{{ vpn_media_port }}
--- a/templates/network/wireguard/media/tv.wireguard.j2
+++ b/templates/network/wireguard/media/tv.wireguard.j2
@ -0,0 +1,11 @@
+# {{ ansible_managed }}
+
+[Interface]
+Address={{ vpn_media_peers.tv.ip }}/24
+PrivateKey={{ vpn_media_peers.tv.private_key }}
+
+[Peer]
+PublicKey={{ vpn_media_server_public_key }}
+PresharedKey={{ vpn_media_peers.tv.preshared_key }}
+AllowedIPs={{ vpn_media_listen_address }}/32
+Endpoint={{ domain_name }}:{{ vpn_media_port }}
--- a/templates/network/wireguard/media/wg1.netdev.j2
+++ b/templates/network/wireguard/media/wg1.netdev.j2
@ -0,0 +1,20 @@
+# {{ ansible_managed }}
+
+[NetDev]
+Name={{ vpn_media_interface }}
+Kind=wireguard
+Description=WireGuard tunnel wg1
+
+[WireGuard]
+ListenPort={{ vpn_media_port }}
+PrivateKey={{ vpn_media_server_key }}
+
+{% for peer, properties in vpn_media_peers.items() %}
+[WireGuardPeer]
+PublicKey={{ properties.public_key }}
+PresharedKey={{ properties.preshared_key }}
+AllowedIPs={{ properties.ip }}/32
+{% if not loop.last %}
+
+{% endif %}
+{% endfor %}
--- a/templates/network/wireguard/media/wg1.network.j2
+++ b/templates/network/wireguard/media/wg1.network.j2
@ -0,0 +1,7 @@
+# {{ ansible_managed }}
+
+[Match]
+Name={{ vpn_media_interface }}
+
+[Network]
+Address={{ vpn_media_listen_address }}/{{ vpn_media_subnet }}
--- a/templates/nftables.j2
+++ b/templates/nftables.j2
@ -25,6 +25,7 @@ table ip filter {
    iifname "{{ network_interface }}" tcp dport {{ transmission_port }} accept comment "Transmission"

    iifname "{{ network_interface }}" udp dport {{ vpn_port }} accept comment "Wireguard"
+    iifname "{{ network_interface }}" udp dport {{ vpn_media_port }} accept comment "Wireguard media"

    iifname "{{ vpn_interface }}" tcp dport { {{ http_port }}, {{ https_port }} } ip saddr {{ vpn_source_range }} ip daddr {{ vpn_destination_range }} accept comment "HTTP/HTTPS"
    iifname "{{ vpn_interface }}" tcp dport {{ transmission_web_port }} ip saddr {{ vpn_source_range }} ip daddr {{ vpn_destination_range }} accept comment "Transmission Web"