Mercurial > code > home > repos > infra

changeset 215:db8787bd800e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
wireguard now uses ditto (and prime) as hubs for home/remote
author drewp@bigasterisk.com
date Sat, 12 Aug 2023 15:57:46 -0700
parents 443ece75cc20
children b4e019e9da2a
files templates/wireguard/bogasterisk.conf.j2 templates/wireguard/wg0.conf.j2 wireguard.py wireguard_pubkey.py
diffstat 4 files changed, 41 insertions(+), 20 deletions(-) [+]
line wrap: on
line diff
--- a/templates/wireguard/bogasterisk.conf.j2	Sat Aug 12 14:27:49 2023 -0700
+++ b/templates/wireguard/bogasterisk.conf.j2	Sat Aug 12 15:57:46 2023 -0700
@@ -6,7 +6,7 @@
 PrivateKey = {{priv_key}}
 ListenPort = 2113
 
-{{ peer_block('monk',             'aroc8MNdTnKg175HYxri+Yr1afuaC0awyr6TfGMpvxI=', '10.7.0.42/32') }}
-{{ peer_block('firebert (phone)', 'Rr9N6dGbMLzl6wuEJlaq67gNQ5QW2ZcwD4Brn/3XJyA=', '10.7.0.88/32') }}
-{{ peer_block('bird',             '9CkgqeAiX1GhNM+t9m2nJD5QJHx9iTCFRB5c1x7h704=', '10.7.0.46/32') }}
-{{ peer_block('pixel7',           'RMY3wgh/xA98aU85qE7qnFk2wStGbXAcMOl28gqu2zo=', '10.7.0.77/32') }}
+{{ peer_block('monk',             '10.7.0.42/32') }}
+{{ peer_block('firebert (phone)', '10.7.0.88/32') }}
+{{ peer_block('bird',             '10.7.0.46/32') }}
+{{ peer_block('pixel7',           '10.7.0.77/32') }}
--- a/templates/wireguard/wg0.conf.j2	Sat Aug 12 14:27:49 2023 -0700
+++ b/templates/wireguard/wg0.conf.j2	Sat Aug 12 15:57:46 2023 -0700
@@ -9,22 +9,21 @@
 # suggested by https://i.reddit.com/r/WireGuard/comments/jcwleo/ubuntu_2004_lts_server_as_wireguard_client/
 #FwMark = 0x4000
 
-{% if host.name == 'bang' %}
-    {{ peer_block('dash',        'PncHsa/pKORzvfQG1N2p4HC+Srovo0hpkHZhKXLpRHA=', '10.5.0.5/32') }}
-    {{ peer_block('dot',         'sav1VQE1XzbOGfNjDRxcHAmEWtmVGYC1B7KXH+5IKxY=', '10.5.0.30/32') }}
-    {{ peer_block('frontbed',    'ENhRhEgGaFfwV74MqYBHJgkOFpNAF5kVHVK5/tRVTjU=', '10.5.0.17/32') }}
-    {{ peer_block('garage',      'kFMtVafPU8kJHYmdafc1g/OLRnNPQMGpYKcDqQ9rUjA=', '10.5.0.14/32') }}
-    {{ peer_block('prime',       'vR9lfsUSOIMxkY/k2gRJ6E8ZudccfPpVhrbE9zuxalU=', '10.5.0.0/24',  'public.bigasterisk.com:1195', 50) }}
-    {{ peer_block('slash',       'dZSvwUPLKPrBWY66o8GNeWCcol6lK5QG80HLtOnCRko=', '10.5.0.6/32') }}
-    {{ peer_block('pipe',        'yI0zt8/+baHjadhiBCX6u8sSkhjoh/Q5cIZkGf1H6S4=', '10.5.0.3/32') }}
-    {{ peer_block('plus',        'tH2og4BbXaH6BrHSBd73Fx1XT0DxR8vjQxjqHFa913A=', '10.5.0.110/32') }}
-    {{ peer_block('ditto',       'IaOJzsn+KK9SuNzn8lJfaD/dgu4Otp094SK0Xz4i4VA=', '10.5.0.7/32') }}
+{% if host.name == 'ditto' %}
+    {{ peer_block('bang',        '10.5.0.1/32') }}
+    {{ peer_block('dash',        '10.5.0.5/32') }}
+    {{ peer_block('dot',         '10.5.0.30/32') }}
+    {{ peer_block('frontbed',    '10.5.0.17/32') }}
+    {{ peer_block('garage',      '10.5.0.14/32') }}
+    {{ peer_block('pipe',        '10.5.0.3/32') }}
+    {{ peer_block('plus',        '10.5.0.110/32') }}
+    {{ peer_block('prime',       '10.5.0.0/24', 'public.bigasterisk.com:1195', 50) }}
+    {{ peer_block('slash',       '10.5.0.6/32') }}
 {% elif host.name == 'prime' %}
-    {{ peer_block('bang',        'xDkAqfljmeVj7bB6VslxD/vVwlUh/vLXX5Wo7ZCoTQ4=', '10.5.0.0/24') }}
-    {{ peer_block('drew-note10', 'QMgx4cmuUTfJ7RH4Q46b54tSQl4eISOmdEney17fnE8=', '10.5.0.112/32') }}
+    {{ peer_block('ditto',       '10.5.0.0/24') }}
+    {{ peer_block('drew-note10', '10.5.0.112/32') }}
 {% elif host.name == 'plus' %}
-    {{ peer_block('bang',        'xDkAqfljmeVj7bB6VslxD/vVwlUh/vLXX5Wo7ZCoTQ4=', '10.5.0.0/24', '10.2.0.1:1195', 50) }}
+    {{ peer_block('ditto',        '10.5.0.0/24', 'ditto:1195', 50) }}
 {% else %}
-    # I see bang at 10.2.0.1
-    {{ peer_block('bang',        'xDkAqfljmeVj7bB6VslxD/vVwlUh/vLXX5Wo7ZCoTQ4=', '10.5.0.0/24', '10.2.0.1:1195', 50) }}
+    {{ peer_block('ditto',        '10.5.0.0/24', 'ditto:1195', 50) }}
 {% endif %}
--- a/wireguard.py	Sat Aug 12 14:27:49 2023 -0700
+++ b/wireguard.py	Sat Aug 12 15:57:46 2023 -0700
@@ -3,6 +3,7 @@
 from pyinfra import host
 from pyinfra.facts.files import FindInFile
 from pyinfra.operations import apt, files, server, systemd
+import wireguard_pubkey
 
 # other options:
 #   https://www.reddit.com/r/WireGuard/comments/fkr240/shortest_path_between_peers/
@@ -11,11 +12,12 @@
 #
 
 
-def peer_block(hostname, public_key, allowed_ips, endpoint=None, keepalive=None):
+def peer_block(hostname, allowed_ips, endpoint=None, keepalive=None):
     # if allowed_ips.startswith('10.5'):
     #     # k3s nets also need to travel over wg
     #     allowed_ips += ', 10.42.0.0/24, 10.43.0.0/24'
 
+    public_key = wireguard_pubkey.pubkey[hostname]
     out = f'''\
 
 [Peer]
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/wireguard_pubkey.py	Sat Aug 12 15:57:46 2023 -0700
@@ -0,0 +1,20 @@
+pubkey = {
+    'bang': 'xDkAqfljmeVj7bB6VslxD/vVwlUh/vLXX5Wo7ZCoTQ4=',
+    'dash': 'PncHsa/pKORzvfQG1N2p4HC+Srovo0hpkHZhKXLpRHA=',
+    'ditto': 'IaOJzsn+KK9SuNzn8lJfaD/dgu4Otp094SK0Xz4i4VA=',
+    'dot': 'sav1VQE1XzbOGfNjDRxcHAmEWtmVGYC1B7KXH+5IKxY=',
+    'drew-note10': 'QMgx4cmuUTfJ7RH4Q46b54tSQl4eISOmdEney17fnE8=',
+    'frontbed': 'ENhRhEgGaFfwV74MqYBHJgkOFpNAF5kVHVK5/tRVTjU=',
+    'garage': 'kFMtVafPU8kJHYmdafc1g/OLRnNPQMGpYKcDqQ9rUjA=',
+    'pipe': 'yI0zt8/+baHjadhiBCX6u8sSkhjoh/Q5cIZkGf1H6S4=',
+    'plus': 'tH2og4BbXaH6BrHSBd73Fx1XT0DxR8vjQxjqHFa913A=',
+    'prime': 'vR9lfsUSOIMxkY/k2gRJ6E8ZudccfPpVhrbE9zuxalU=',
+    'slash': 'dZSvwUPLKPrBWY66o8GNeWCcol6lK5QG80HLtOnCRko=',
+}
+
+pubkey.update({
+    'bird': '9CkgqeAiX1GhNM+t9m2nJD5QJHx9iTCFRB5c1x7h704=',
+    'firebert (phone)': 'Rr9N6dGbMLzl6wuEJlaq67gNQ5QW2ZcwD4Brn/3XJyA=',
+    'monk': 'aroc8MNdTnKg175HYxri+Yr1afuaC0awyr6TfGMpvxI=',
+    'pixel7': 'RMY3wgh/xA98aU85qE7qnFk2wStGbXAcMOl28gqu2zo=',
+})