sonny/debian-setup
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor nftables, vpn and transmission configuration

Browse source
This commit is contained in:
sonny 2025-03-09 20:54:41 +01:00
parent 465a5d2887
commit dcbdfdc422
24 changed files with 292 additions and 192 deletions
Download patch file Download diff file Expand all files Collapse all files

1
templates/network/hosts.j2
View file

@ -5,6 +5,7 @@
{{ lan_ip }} {{ domain_name }} {{ hostname }}
{{ vpn_listen_address }} {{ vpn_domain }}
{{ vpn_media_listen_address }} {{ vpn_media_domain }}
{{ transmission_nginx_ip }} {{ transmission_domain }}
# The following lines are desirable for IPv6 capable hosts
#::1 localhost ip6-localhost ip6-loopback

2
templates/network/link1.network.j2
View file

@ -4,7 +4,7 @@
Name={{ network_interface }}
[Network]
Address={{ lan_ip }}/24
Address={{ lan_ip }}/{{ lan_prefix }}
Gateway={{ lan_gateway }}
DNS={{ lan_dns }}
IgnoreCarrierLoss=true

6
templates/network/wireguard/default/mobile.wireguard.j2
View file

@ -1,12 +1,14 @@
# {{ ansible_managed }}
[Interface]
Address={{ vpn_peers.mobile.ip }}/24
Address={{ vpn_peers.mobile.ip }}/{{ vpn_prefix }}
DNS={{ vpn_listen_address }}
PrivateKey={{ lookup("file", vpn_peers.mobile.private_key_source_path) }}
[Peer]
PublicKey={{ lookup("file", vpn_server_public_key_source_path) }}
PresharedKey={{ lookup("file", vpn_peers.mobile.preshared_key_source_path) }}
AllowedIPs={{ vpn_listen_address }}/32
{% for ip in vpn_peers.mobile.allowed_ips %}
AllowedIPs={{ ip }}
{% endfor %}
Endpoint={{ domain_name }}:{{ vpn_port }}

2
templates/network/wireguard/default/wg0.netdev.j2
View file

@ -13,7 +13,7 @@ PrivateKeyFile={{ vpn_server_key_path }}
[WireGuardPeer]
PublicKey={{ properties.public_key }}
PresharedKeyFile={{ properties.preshared_key_path }}
AllowedIPs={{ properties.ip }}/32
AllowedIPs={{ properties.ip }}
{% if not loop.last %}
{% endif %}

2
templates/network/wireguard/default/wg0.network.j2
View file

@ -4,4 +4,4 @@
Name={{ vpn_interface }}
[Network]
Address={{ vpn_listen_address }}/{{ vpn_subnet }}
Address={{ vpn_listen_address }}/{{ vpn_prefix }}

6
templates/network/wireguard/media/mobile_1.wireguard.j2
View file

@ -1,12 +1,14 @@
# {{ ansible_managed }}
[Interface]
Address={{ vpn_media_peers.mobile_peer_1.ip }}/24
Address={{ vpn_media_peers.mobile_peer_1.ip }}/{{ vpn_media_prefix }}
DNS={{ vpn_media_listen_address }}
PrivateKey={{ lookup('file', vpn_media_peers.mobile_peer_1.private_key_source_path) }}
[Peer]
PublicKey={{ lookup('file', vpn_media_server_public_key_source_path) }}
PresharedKey={{ lookup('file', vpn_media_peers.mobile_peer_1.preshared_key_source_path) }}
AllowedIPs={{ vpn_media_listen_address }}/32
{% for ip in vpn_media_peers.mobile_peer_1.allowed_ips %}
AllowedIPs={{ ip }}
{% endfor %}
Endpoint={{ domain_name }}:{{ vpn_media_port }}

6
templates/network/wireguard/media/mobile_2.wireguard.j2
View file

@ -1,12 +1,14 @@
# {{ ansible_managed }}
[Interface]
Address={{ vpn_media_peers.mobile_peer_2.ip }}/24
Address={{ vpn_media_peers.mobile_peer_2.ip }}/{{ vpn_media_prefix }}
DNS={{ vpn_media_listen_address }}
PrivateKey={{ lookup('file', vpn_media_peers.mobile_peer_2.private_key_source_path) }}
[Peer]
PublicKey={{ lookup('file', vpn_media_server_public_key_source_path) }}
PresharedKey={{ lookup('file', vpn_media_peers.mobile_peer_2.preshared_key_source_path) }}
AllowedIPs={{ vpn_media_listen_address }}/32
{% for ip in vpn_media_peers.mobile_peer_2.allowed_ips %}
AllowedIPs={{ ip }}
{% endfor %}
Endpoint={{ domain_name }}:{{ vpn_media_port }}

6
templates/network/wireguard/media/tv.wireguard.j2
View file

@ -1,12 +1,14 @@
# {{ ansible_managed }}
[Interface]
Address={{ vpn_media_peers.tv.ip }}/24
Address={{ vpn_media_peers.tv.ip }}/{{ vpn_media_prefix }}
DNS={{ vpn_media_listen_address }}
PrivateKey={{ lookup('file', vpn_media_peers.tv.private_key_source_path) }}
[Peer]
PublicKey={{ lookup('file', vpn_media_server_public_key_source_path) }}
PresharedKey={{ lookup('file', vpn_media_peers.tv.preshared_key_source_path) }}
AllowedIPs={{ vpn_media_listen_address }}/32
{% for ip in vpn_media_peers.tv.allowed_ips %}
AllowedIPs={{ ip }}
{% endfor %}
Endpoint={{ domain_name }}:{{ vpn_media_port }}

2
templates/network/wireguard/media/wg1.netdev.j2
View file

@ -13,7 +13,7 @@ PrivateKeyFile={{ vpn_media_server_key_path }}
[WireGuardPeer]
PublicKey={{ properties.public_key }}
PresharedKeyFile={{ properties.preshared_key_path }}
AllowedIPs={{ properties.ip }}/32
AllowedIPs={{ properties.ip }}
{% if not loop.last %}
{% endif %}

2
templates/network/wireguard/media/wg1.network.j2
View file

@ -4,4 +4,4 @@
Name={{ vpn_media_interface }}
[Network]
Address={{ vpn_media_listen_address }}/{{ vpn_media_subnet }}
Address={{ vpn_media_listen_address }}/{{ vpn_media_prefix }}