Added mac to the Wireguard peer
This commit is contained in:
parent
6a373f8a5e
commit
34e358ebcc
@ -84,6 +84,33 @@
|
||||
register: phone_public_key
|
||||
changed_when: false
|
||||
|
||||
# --- Mac keypair ---
|
||||
- name: Check if mac private key exists
|
||||
stat:
|
||||
path: /etc/wireguard/mac.key
|
||||
register: mac_key_stat
|
||||
|
||||
- name: Generate mac private key
|
||||
shell: wg genkey > /etc/wireguard/mac.key
|
||||
when: not mac_key_stat.stat.exists
|
||||
|
||||
- name: Set permissions on mac private key
|
||||
file:
|
||||
path: /etc/wireguard/mac.key
|
||||
mode: "0600"
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Read mac private key
|
||||
slurp:
|
||||
src: /etc/wireguard/mac.key
|
||||
register: mac_private_key
|
||||
|
||||
- name: Derive mac public key
|
||||
shell: wg pubkey < /etc/wireguard/mac.key
|
||||
register: mac_public_key
|
||||
changed_when: false
|
||||
|
||||
# --- Server config ---
|
||||
- name: Write wg0.conf
|
||||
template:
|
||||
@ -120,6 +147,34 @@
|
||||
AllowedIPs = 192.168.7.0/24, 10.10.0.0/24
|
||||
PersistentKeepalive = 25
|
||||
|
||||
# --- Mac client config ---
|
||||
- name: Write mac client config
|
||||
copy:
|
||||
dest: /etc/wireguard/mac-client.conf
|
||||
mode: "0600"
|
||||
owner: root
|
||||
group: root
|
||||
content: |
|
||||
[Interface]
|
||||
PrivateKey = {{ mac_private_key.content | b64decode | trim }}
|
||||
Address = 10.10.0.3/32
|
||||
DNS = 192.168.7.77
|
||||
|
||||
[Peer]
|
||||
PublicKey = {{ server_public_key.stdout }}
|
||||
Endpoint = {{ wireguard_endpoint }}:51820
|
||||
AllowedIPs = 192.168.7.0/24, 10.10.0.0/24
|
||||
PersistentKeepalive = 25
|
||||
|
||||
- name: Display mac client config
|
||||
shell: cat /etc/wireguard/mac-client.conf
|
||||
register: mac_conf
|
||||
changed_when: false
|
||||
|
||||
- name: Show mac client config
|
||||
debug:
|
||||
msg: "{{ mac_conf.stdout_lines }}"
|
||||
|
||||
- name: Generate QR code for phone
|
||||
shell: qrencode -t ansiutf8 < /etc/wireguard/phone-client.conf
|
||||
register: phone_qr
|
||||
|
||||
@ -8,4 +8,9 @@ PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j A
|
||||
[Peer]
|
||||
# Phone
|
||||
PublicKey = {{ phone_public_key.stdout }}
|
||||
AllowedIPs = 10.10.0.2/32
|
||||
AllowedIPs = 10.10.0.2/32
|
||||
|
||||
[Peer]
|
||||
# Mac
|
||||
PublicKey = {{ mac_public_key.stdout }}
|
||||
AllowedIPs = 10.10.0.3/32
|
||||
Loading…
x
Reference in New Issue
Block a user