From fe6437c2f8c2dce45355055118bd9e084d707887 Mon Sep 17 00:00:00 2001
From: Sonny Bakker <sonny871@hotmail.com>
Date: Sun, 12 Oct 2025 07:29:50 +0200
Subject: [PATCH] Add media vpn peer for htpc

---
 files/wireguard/media/htpc.pub           |  1 +
 files/wireguard/media/preshared-htpc.psk |  7 +++
 host_vars/fudiggity/vpn_media.yml        | 55 +++++++++++--------
 tasks/wireguard.yml                      | 68 ++++++++++++------------
 4 files changed, 75 insertions(+), 56 deletions(-)
 create mode 100644 files/wireguard/media/htpc.pub
 create mode 100644 files/wireguard/media/preshared-htpc.psk

diff --git a/files/wireguard/media/htpc.pub b/files/wireguard/media/htpc.pub
new file mode 100644
index 0000000..cdbb114
--- /dev/null
+++ b/files/wireguard/media/htpc.pub
@@ -0,0 +1 @@
+XcWpmGrkSQJUEADrDTUmcA7/dm8HQffbdC03rQ/3fwg=
diff --git a/files/wireguard/media/preshared-htpc.psk b/files/wireguard/media/preshared-htpc.psk
new file mode 100644
index 0000000..010ba17
--- /dev/null
+++ b/files/wireguard/media/preshared-htpc.psk
@@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+65643932623038396462633834313733373062316134353734626336616138343035363364396236
+3164323136653036323066396436616437623335363261310a353330396239393230333230376261
+65353262363466663364386264383564353738363033333436643434316466623461633562626634
+3763393036616536650a373236616632383465376464326138643836613732333665626166303739
+62313362376361316530613765313937346532643062613734663433313138366130383864356630
+3466323734333966383262613538366537623234616336613263
diff --git a/host_vars/fudiggity/vpn_media.yml b/host_vars/fudiggity/vpn_media.yml
index f6d02f5..bc67f12 100644
--- a/host_vars/fudiggity/vpn_media.yml
+++ b/host_vars/fudiggity/vpn_media.yml
@@ -1,58 +1,69 @@
-vpn_media_server_public_key_path: '{{ vpn_config_dir }}/keys/public/media_server.pub'
+vpn_media_server_public_key_path: "{{ vpn_config_dir }}/keys/public/media_server.pub"
 vpn_media_server_public_key_source_path: files/wireguard/media/server.pub
-vpn_media_server_key_path: '{{ vpn_config_dir }}/keys/private/media_server.key'
+vpn_media_server_key_path: "{{ vpn_config_dir }}/keys/private/media_server.key"
 
 copy_vpn_media_configurations: false
 
+# private_key_source_path keys are required for clients which get their configuration
+# generated.
 vpn_media_peers:
   laptop:
     ip: 10.0.1.2
-    public_key: 'hI4rqlv2afs4RJkt5xR+dYxQODSd6lR0OqWJRlnQdjM='
-    preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-media-laptop.psk'
+    public_key: "hI4rqlv2afs4RJkt5xR+dYxQODSd6lR0OqWJRlnQdjM="
+    preshared_key_path: "{{ vpn_config_dir }}/keys/private/preshared-media-laptop.psk"
     preshared_key_source_path: files/wireguard/media/preshared-laptop.psk
 
   desktop:
     ip: 10.0.1.3
-    public_key: 'YDH5lZcxUHM4AU2ZxQrFqjDIV2Z7PSUQKMcYXLExV0E='
-    preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-media-desktop.psk'
+    public_key: "YDH5lZcxUHM4AU2ZxQrFqjDIV2Z7PSUQKMcYXLExV0E="
+    preshared_key_path: "{{ vpn_config_dir }}/keys/private/preshared-media-desktop.psk"
     preshared_key_source_path: files/wireguard/media/preshared-desktop.psk
 
   mobile_peer_1:
     ip: 10.0.1.4
     allowed_ips:
-      - '{{ vpn_media_subnet }}'
-      - '{{ jellyfin_subnet }}'
-    public_key: '6fj8FXvzT0IUlZLJjQ/+FhwwRDsJeQsUFHqKQcyXdwQ='
-    preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-media-mobile-1.psk'
+      - "{{ vpn_media_subnet }}"
+      - "{{ jellyfin_subnet }}"
+    public_key: "6fj8FXvzT0IUlZLJjQ/+FhwwRDsJeQsUFHqKQcyXdwQ="
+    preshared_key_path: "{{ vpn_config_dir }}/keys/private/preshared-media-mobile-1.psk"
     preshared_key_source_path: files/wireguard/media/preshared-mobile-1.psk
     private_key_source_path: files/wireguard/media/mobile-1.key
 
   mobile_peer_2:
     ip: 10.0.1.5
     allowed_ips:
-      - '{{ vpn_media_subnet }}'
-      - '{{ jellyfin_subnet }}'
-    public_key: 'w/pswNrAYFdEUoaLk3zSqOu4gg2s41BBCN02E//ai1c='
-    preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-media-mobile-2.psk'
+      - "{{ vpn_media_subnet }}"
+      - "{{ jellyfin_subnet }}"
+    public_key: "w/pswNrAYFdEUoaLk3zSqOu4gg2s41BBCN02E//ai1c="
+    preshared_key_path: "{{ vpn_config_dir }}/keys/private/preshared-media-mobile-2.psk"
     preshared_key_source_path: files/wireguard/media/preshared-mobile-2.psk
     private_key_source_path: files/wireguard/media/mobile-2.key
 
   tv_peer_1:
     ip: 10.0.1.6
     allowed_ips:
-      - '{{ vpn_media_subnet }}'
-      - '{{ jellyfin_subnet }}'
-    public_key: '5+yz9C9PhaLhsvAZ1e3mDsTQpMZVrPZnSQa6ERJIKU0='
-    preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-media-tv-1.psk'
+      - "{{ vpn_media_subnet }}"
+      - "{{ jellyfin_subnet }}"
+    public_key: "5+yz9C9PhaLhsvAZ1e3mDsTQpMZVrPZnSQa6ERJIKU0="
+    preshared_key_path: "{{ vpn_config_dir }}/keys/private/preshared-media-tv-1.psk"
     preshared_key_source_path: files/wireguard/media/preshared-tv-1.psk
     private_key_source_path: files/wireguard/media/tv-1.key
 
   tv_peer_2:
     ip: 10.0.1.7
     allowed_ips:
-      - '{{ vpn_media_subnet }}'
-      - '{{ jellyfin_subnet }}'
-    public_key: 'NSuRDGI1AStpoKhIVvGSW+ORgSdHCZgfiAi+2d7uLww='
-    preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-media-tv-2.psk'
+      - "{{ vpn_media_subnet }}"
+      - "{{ jellyfin_subnet }}"
+    public_key: "NSuRDGI1AStpoKhIVvGSW+ORgSdHCZgfiAi+2d7uLww="
+    preshared_key_path: "{{ vpn_config_dir }}/keys/private/preshared-media-tv-2.psk"
     preshared_key_source_path: files/wireguard/media/preshared-tv-2.psk
     private_key_source_path: files/wireguard/media/tv-2.key
+
+  htpc:
+    ip: 10.0.1.8
+    allowed_ips:
+      - "{{ vpn_media_subnet }}"
+      - "{{ jellyfin_subnet }}"
+    public_key: "XcWpmGrkSQJUEADrDTUmcA7/dm8HQffbdC03rQ/3fwg="
+    preshared_key_path: "{{ vpn_config_dir }}/keys/private/preshared-htpc.psk"
+    preshared_key_source_path: files/wireguard/media/preshared-htpc.psk
diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml
index dd39333..c363f39 100644
--- a/tasks/wireguard.yml
+++ b/tasks/wireguard.yml
@@ -1,78 +1,78 @@
 - name: Copy Wireguard configuration files
   become: true
   ansible.builtin.template:
-    src: '{{ item.src }}'
-    dest: '{{ item.dest }}'
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
     owner: root
     group: systemd-network
-    mode: '0640'
+    mode: "0640"
   loop:
-    - src: 'templates/network/wireguard/default/wg0.netdev.j2'
-      dest: '/etc/systemd/network/wg0.netdev'
-    - src: 'templates/network/wireguard/default/wg0.network.j2'
-      dest: '/etc/systemd/network/wg0.network'
+    - src: "templates/network/wireguard/default/wg0.netdev.j2"
+      dest: "/etc/systemd/network/wg0.netdev"
+    - src: "templates/network/wireguard/default/wg0.network.j2"
+      dest: "/etc/systemd/network/wg0.network"
   notify: restart systemd-networkd
 
 - name: Create Wireguard directories
   become: true
   ansible.builtin.file:
-    path: '{{ item }}'
+    path: "{{ item }}"
     owner: root
     group: systemd-network
-    mode: '0750'
+    mode: "0750"
     state: directory
     recurse: true
   loop:
-    - '{{ vpn_config_dir }}'
-    - '{{ vpn_server_public_key_path | dirname }}'
-    - '{{ vpn_server_key_path | dirname }}'
+    - "{{ vpn_config_dir }}"
+    - "{{ vpn_server_public_key_path | dirname }}"
+    - "{{ vpn_server_key_path | dirname }}"
 
 - name: Copy Wireguard server credentials
   become: true
   ansible.builtin.copy:
-    src: '{{ item.src }}'
-    dest: '{{ item.dest }}'
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
     owner: root
     group: systemd-network
-    mode: '0640'
+    mode: "0640"
   loop:
-    - src: 'files/wireguard/default/server.pub'
-      dest: '{{ vpn_server_public_key_path }}'
-    - src: 'files/wireguard/default/server.key'
-      dest: '{{ vpn_server_key_path }}'
+    - src: "files/wireguard/default/server.pub"
+      dest: "{{ vpn_server_public_key_path }}"
+    - src: "files/wireguard/default/server.key"
+      dest: "{{ vpn_server_key_path }}"
   notify: restart systemd-networkd
 
 - name: Copy Wireguard mobile credentials
   become: true
   ansible.builtin.copy:
-    src: '{{ item.src }}'
-    dest: '{{ item.dest }}'
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
     owner: root
     group: systemd-network
-    mode: '0640'
+    mode: "0640"
   loop:
-    - src: 'files/wireguard/default/mobile.pub'
-      dest: '{{ vpn_config_dir }}/keys/public/mobile.pub'
-    - src: 'files/wireguard/default/mobile.key'
-      dest: '{{ vpn_config_dir }}/keys/private/mobile.key'
+    - src: "files/wireguard/default/mobile.pub"
+      dest: "{{ vpn_config_dir }}/keys/public/mobile.pub"
+    - src: "files/wireguard/default/mobile.key"
+      dest: "{{ vpn_config_dir }}/keys/private/mobile.key"
   notify: restart systemd-networkd
 
 - name: Copy Wireguard preshared keys
   become: true
   ansible.builtin.copy:
-    src: '{{ item.value.preshared_key_source_path }}'
-    dest: '{{ item.value.preshared_key_path }}'
+    src: "{{ item.value.preshared_key_source_path }}"
+    dest: "{{ item.value.preshared_key_path }}"
     owner: root
     group: systemd-network
-    mode: '0640'
-  with_dict: '{{ vpn_peers }}'
+    mode: "0640"
+  with_dict: "{{ vpn_peers }}"
   notify: restart systemd-networkd
 
 - name: Copy Wireguard mobile configuration
   become: true
   ansible.builtin.template:
-    src: 'templates/network/wireguard/default/mobile.wireguard.j2'
-    dest: '/tmp/mobile.conf'
-    mode: '0600'
-    owner: '{{ ansible_user_id }}'
+    src: "templates/network/wireguard/default/mobile.wireguard.j2"
+    dest: "/tmp/mobile.conf"
+    mode: "0600"
+    owner: "{{ ansible_user_id }}"
   when: copy_vpn_configurations