Added mac to the Wireguard peer

This commit is contained in:
Nik Afiq 2026-03-22 10:22:43 +09:00
parent 6a373f8a5e
commit 34e358ebcc
2 changed files with 61 additions and 1 deletions

View File

@ -84,6 +84,33 @@
register: phone_public_key register: phone_public_key
changed_when: false changed_when: false
# --- Mac keypair ---
- name: Check if mac private key exists
stat:
path: /etc/wireguard/mac.key
register: mac_key_stat
- name: Generate mac private key
shell: wg genkey > /etc/wireguard/mac.key
when: not mac_key_stat.stat.exists
- name: Set permissions on mac private key
file:
path: /etc/wireguard/mac.key
mode: "0600"
owner: root
group: root
- name: Read mac private key
slurp:
src: /etc/wireguard/mac.key
register: mac_private_key
- name: Derive mac public key
shell: wg pubkey < /etc/wireguard/mac.key
register: mac_public_key
changed_when: false
# --- Server config --- # --- Server config ---
- name: Write wg0.conf - name: Write wg0.conf
template: template:
@ -120,6 +147,34 @@
AllowedIPs = 192.168.7.0/24, 10.10.0.0/24 AllowedIPs = 192.168.7.0/24, 10.10.0.0/24
PersistentKeepalive = 25 PersistentKeepalive = 25
# --- Mac client config ---
- name: Write mac client config
copy:
dest: /etc/wireguard/mac-client.conf
mode: "0600"
owner: root
group: root
content: |
[Interface]
PrivateKey = {{ mac_private_key.content | b64decode | trim }}
Address = 10.10.0.3/32
DNS = 192.168.7.77
[Peer]
PublicKey = {{ server_public_key.stdout }}
Endpoint = {{ wireguard_endpoint }}:51820
AllowedIPs = 192.168.7.0/24, 10.10.0.0/24
PersistentKeepalive = 25
- name: Display mac client config
shell: cat /etc/wireguard/mac-client.conf
register: mac_conf
changed_when: false
- name: Show mac client config
debug:
msg: "{{ mac_conf.stdout_lines }}"
- name: Generate QR code for phone - name: Generate QR code for phone
shell: qrencode -t ansiutf8 < /etc/wireguard/phone-client.conf shell: qrencode -t ansiutf8 < /etc/wireguard/phone-client.conf
register: phone_qr register: phone_qr

View File

@ -8,4 +8,9 @@ PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j A
[Peer] [Peer]
# Phone # Phone
PublicKey = {{ phone_public_key.stdout }} PublicKey = {{ phone_public_key.stdout }}
AllowedIPs = 10.10.0.2/32 AllowedIPs = 10.10.0.2/32
[Peer]
# Mac
PublicKey = {{ mac_public_key.stdout }}
AllowedIPs = 10.10.0.3/32