Mercurial > code > home > repos > infra
diff wireguard.py @ 89:2fddde57231b
no connman to surprisingly rewrite net configs
| author | drewp@bigasterisk.com |
|---|---|
| date | Sun, 10 Jul 2022 19:51:16 -0700 |
| parents | de387eae06cf |
| children | 9b7d7ea79f16 |
line wrap: on
line diff
--- a/wireguard.py Sun Jul 10 19:50:52 2022 -0700 +++ b/wireguard.py Sun Jul 10 19:51:16 2022 -0700 @@ -12,6 +12,10 @@ def peer_block(hostname, public_key, allowed_ips, endpoint=None, keepalive=None): + # if allowed_ips.startswith('10.5'): + # # k3s nets also need to travel over wg + # allowed_ips += ', 10.42.0.0/24, 10.43.0.0/24' + out = f'''\ [Peer] @@ -33,7 +37,6 @@ # note- this is specific to the wg0 setup. Other conf files don't use it. wireguard_ip = host.host_data['wireguard_address'] - apt.packages(packages=['wireguard']) # new pi may fail with 'Unable to access interface: Protocol not supported'. reboot fixes. priv_key_lines = host.get_fact(FindInFile, path=f'/etc/wireguard/{wireguard_interface}.conf', pattern=r'PrivateKey.*') @@ -65,7 +68,4 @@ systemd.service(service=svc, daemon_reload=True, restarted=True, enabled=True) if host.name == 'bang': - # recompute, or else maybe dnsmasq_10.5 won't start - server.shell("systemctl enable dnsmasq_10.2.service") - server.shell("systemctl enable dnsmasq_10.5.service") - server.shell("systemctl enable wg-quick@wg0.service") \ No newline at end of file + systemd.service(service=f'dnsmasq_10.5', enabled=True, restarted=True, daemon_reload=True)