prepare switching anon1 from openvpn to wireguard
This commit is contained in:
parent
ea35ec41d0
commit
f0abcb522d
|
|
@ -36,7 +36,7 @@ base:
|
|||
- bind.dyndns.upstream2
|
||||
'anon*':
|
||||
- bird.ospf
|
||||
- vpn.anon1
|
||||
- wireguard.anon1
|
||||
- upstream.anon1
|
||||
- collectd.upstream
|
||||
- bind.dyndns.anon1
|
||||
|
|
|
|||
|
|
@ -0,0 +1,19 @@
|
|||
wireguard-instances:
|
||||
'mullvad-de1':
|
||||
private_key: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQf/UlrdkStvB3GNrCoEOYGgStNHnxA47f1Pyy/psebzOewD
|
||||
4o7jUIMjeNLM/6BxNTdm4FQ/LG5oF4orIRzxoTDxpwYx/H0pzKEJbtMkX7hD+Hn/
|
||||
VaTlQFgmATL8laScZ6GhUCBDdH0Mo5ZETMoytgGXvNWsjSNrEQi/e41C2aaByXdl
|
||||
FCNR9DfG8RBGzLuJCnqsgU2PlOzWmqK2qJWMavI6pwSgkbfmpEWJsNCrKurOnA3J
|
||||
06VClqyX/ni5h19TmC/3moFA6xrv+8ttDEKTPXiQ37OUYsSYmMB8of9MxOWPQVPI
|
||||
zm7PAlOeKh3cnhuiyqS2FKcPJ4DdO4bvt2wQF9A6ZNJnAVJgHbc4WnsO31hwy499
|
||||
iVW/91FHra9dO5XVmiZAPl99ageAVy6iaohgrkjfLffwTuaiSG0BC7kYF+dIPUYm
|
||||
Fy6FrkI53kzPzqhMTKlOZ72CJDKhN9SDV1cjJy7/+DQ76Kzn402D7w==
|
||||
=NooJ
|
||||
-----END PGP MESSAGE-----
|
||||
addr: '10.99.16.190/32,fc00:bbbb:bbbb:bb01::10be/128'
|
||||
peers:
|
||||
- public_key: 'Ko5Vhr1L11DRpKBRw6TMXvCaZby6N32R4NQsdTGzfE0='
|
||||
endpoint: '185.216.33.114:3018'
|
||||
|
|
@ -1,2 +1,3 @@
|
|||
ip6table_nat
|
||||
ip6t_MASQUERADE
|
||||
wireguard
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ base:
|
|||
- no-ssh
|
||||
- forwarding
|
||||
- bird
|
||||
- vpn.openvpn
|
||||
- wireguard
|
||||
- upstream.masquerade
|
||||
- upstream.shaping
|
||||
- upstream.nat66
|
||||
|
|
|
|||
|
|
@ -0,0 +1,29 @@
|
|||
wireguard-tools:
|
||||
pkg.installed: []
|
||||
|
||||
/etc/systemd/system/wireguard.service:
|
||||
file.managed:
|
||||
- source: salt://wireguard/wireguard.service
|
||||
|
||||
{%- for instance, conf in pillar['wireguard-instances'].items() %}
|
||||
/etc/wg/{{ instance }}.conf:
|
||||
file.managed:
|
||||
- source: salt://wireguard/wireguard.conf
|
||||
- template: 'jinja'
|
||||
- context: {{ conf }}
|
||||
- mode: 600
|
||||
|
||||
autostart-wg-{{ instance }}:
|
||||
service.enabled:
|
||||
- name: wireguard@{{ instance }}
|
||||
require:
|
||||
- file: /etc/wg/{{ instance }}.conf
|
||||
|
||||
start-wg-{{ instance }}:
|
||||
service.running:
|
||||
- name: wg-{{ instance }}
|
||||
require:
|
||||
- service: autostart-wg-{{ instance }}
|
||||
watch:
|
||||
- file: /etc/wg/{{ instance }}.conf
|
||||
{%- endfor %}
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
[Unit]
|
||||
Description=Call wg-quick
|
||||
PartOf=wireguard.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=wg-quick up /etc/wg/%i.conf
|
||||
ExecStop=wg-quick down /etc/wg/%i.conf
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Loading…
Reference in New Issue