Mercurial > code > home > repos > infra
comparison wireguard.py @ 215:db8787bd800e
wireguard now uses ditto (and prime) as hubs for home/remote
| author | drewp@bigasterisk.com |
|---|---|
| date | Sat, 12 Aug 2023 15:57:46 -0700 |
| parents | 8012f6095220 |
| children | e45e93a797b0 |
comparison
equal
deleted
inserted
replaced
| 214:443ece75cc20 | 215:db8787bd800e |
|---|---|
| 1 import subprocess | 1 import subprocess |
| 2 | 2 |
| 3 from pyinfra import host | 3 from pyinfra import host |
| 4 from pyinfra.facts.files import FindInFile | 4 from pyinfra.facts.files import FindInFile |
| 5 from pyinfra.operations import apt, files, server, systemd | 5 from pyinfra.operations import apt, files, server, systemd |
| 6 import wireguard_pubkey | |
| 6 | 7 |
| 7 # other options: | 8 # other options: |
| 8 # https://www.reddit.com/r/WireGuard/comments/fkr240/shortest_path_between_peers/ | 9 # https://www.reddit.com/r/WireGuard/comments/fkr240/shortest_path_between_peers/ |
| 9 # https://github.com/k4yt3x/wireguard-mesh-configurator | 10 # https://github.com/k4yt3x/wireguard-mesh-configurator |
| 10 # https://github.com/mawalu/wireguard-private-networking | 11 # https://github.com/mawalu/wireguard-private-networking |
| 11 # | 12 # |
| 12 | 13 |
| 13 | 14 |
| 14 def peer_block(hostname, public_key, allowed_ips, endpoint=None, keepalive=None): | 15 def peer_block(hostname, allowed_ips, endpoint=None, keepalive=None): |
| 15 # if allowed_ips.startswith('10.5'): | 16 # if allowed_ips.startswith('10.5'): |
| 16 # # k3s nets also need to travel over wg | 17 # # k3s nets also need to travel over wg |
| 17 # allowed_ips += ', 10.42.0.0/24, 10.43.0.0/24' | 18 # allowed_ips += ', 10.42.0.0/24, 10.43.0.0/24' |
| 18 | 19 |
| 20 public_key = wireguard_pubkey.pubkey[hostname] | |
| 19 out = f'''\ | 21 out = f'''\ |
| 20 | 22 |
| 21 [Peer] | 23 [Peer] |
| 22 # {hostname} | 24 # {hostname} |
| 23 PublicKey = {public_key} | 25 PublicKey = {public_key} |