Added mac to the Wireguard peer
This commit is contained in:
parent
6a373f8a5e
commit
34e358ebcc
@ -84,6 +84,33 @@
|
|||||||
register: phone_public_key
|
register: phone_public_key
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
|
# --- Mac keypair ---
|
||||||
|
- name: Check if mac private key exists
|
||||||
|
stat:
|
||||||
|
path: /etc/wireguard/mac.key
|
||||||
|
register: mac_key_stat
|
||||||
|
|
||||||
|
- name: Generate mac private key
|
||||||
|
shell: wg genkey > /etc/wireguard/mac.key
|
||||||
|
when: not mac_key_stat.stat.exists
|
||||||
|
|
||||||
|
- name: Set permissions on mac private key
|
||||||
|
file:
|
||||||
|
path: /etc/wireguard/mac.key
|
||||||
|
mode: "0600"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
|
||||||
|
- name: Read mac private key
|
||||||
|
slurp:
|
||||||
|
src: /etc/wireguard/mac.key
|
||||||
|
register: mac_private_key
|
||||||
|
|
||||||
|
- name: Derive mac public key
|
||||||
|
shell: wg pubkey < /etc/wireguard/mac.key
|
||||||
|
register: mac_public_key
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
# --- Server config ---
|
# --- Server config ---
|
||||||
- name: Write wg0.conf
|
- name: Write wg0.conf
|
||||||
template:
|
template:
|
||||||
@ -120,6 +147,34 @@
|
|||||||
AllowedIPs = 192.168.7.0/24, 10.10.0.0/24
|
AllowedIPs = 192.168.7.0/24, 10.10.0.0/24
|
||||||
PersistentKeepalive = 25
|
PersistentKeepalive = 25
|
||||||
|
|
||||||
|
# --- Mac client config ---
|
||||||
|
- name: Write mac client config
|
||||||
|
copy:
|
||||||
|
dest: /etc/wireguard/mac-client.conf
|
||||||
|
mode: "0600"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
content: |
|
||||||
|
[Interface]
|
||||||
|
PrivateKey = {{ mac_private_key.content | b64decode | trim }}
|
||||||
|
Address = 10.10.0.3/32
|
||||||
|
DNS = 192.168.7.77
|
||||||
|
|
||||||
|
[Peer]
|
||||||
|
PublicKey = {{ server_public_key.stdout }}
|
||||||
|
Endpoint = {{ wireguard_endpoint }}:51820
|
||||||
|
AllowedIPs = 192.168.7.0/24, 10.10.0.0/24
|
||||||
|
PersistentKeepalive = 25
|
||||||
|
|
||||||
|
- name: Display mac client config
|
||||||
|
shell: cat /etc/wireguard/mac-client.conf
|
||||||
|
register: mac_conf
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
|
- name: Show mac client config
|
||||||
|
debug:
|
||||||
|
msg: "{{ mac_conf.stdout_lines }}"
|
||||||
|
|
||||||
- name: Generate QR code for phone
|
- name: Generate QR code for phone
|
||||||
shell: qrencode -t ansiutf8 < /etc/wireguard/phone-client.conf
|
shell: qrencode -t ansiutf8 < /etc/wireguard/phone-client.conf
|
||||||
register: phone_qr
|
register: phone_qr
|
||||||
|
|||||||
@ -8,4 +8,9 @@ PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j A
|
|||||||
[Peer]
|
[Peer]
|
||||||
# Phone
|
# Phone
|
||||||
PublicKey = {{ phone_public_key.stdout }}
|
PublicKey = {{ phone_public_key.stdout }}
|
||||||
AllowedIPs = 10.10.0.2/32
|
AllowedIPs = 10.10.0.2/32
|
||||||
|
|
||||||
|
[Peer]
|
||||||
|
# Mac
|
||||||
|
PublicKey = {{ mac_public_key.stdout }}
|
||||||
|
AllowedIPs = 10.10.0.3/32
|
||||||
Loading…
x
Reference in New Issue
Block a user