From f0abcb522d8fcbb4339b2df11a5c9a83f4cfa190 Mon Sep 17 00:00:00 2001 From: Astro Date: Thu, 17 May 2018 15:16:49 +0200 Subject: [PATCH] prepare switching anon1 from openvpn to wireguard --- salt-pillar/top.sls | 2 +- salt-pillar/wireguard/anon1.sls | 19 +++++++++++++++++++ salt/modules.conf | 1 + salt/top.sls | 2 +- salt/wireguard/init.sls | 29 +++++++++++++++++++++++++++++ salt/wireguard/wireguard.service | 11 +++++++++++ 6 files changed, 62 insertions(+), 2 deletions(-) create mode 100644 salt-pillar/wireguard/anon1.sls create mode 100644 salt/wireguard/init.sls create mode 100644 salt/wireguard/wireguard.service diff --git a/salt-pillar/top.sls b/salt-pillar/top.sls index dcd798b..66e0ae8 100644 --- a/salt-pillar/top.sls +++ b/salt-pillar/top.sls @@ -36,7 +36,7 @@ base: - bind.dyndns.upstream2 'anon*': - bird.ospf - - vpn.anon1 + - wireguard.anon1 - upstream.anon1 - collectd.upstream - bind.dyndns.anon1 diff --git a/salt-pillar/wireguard/anon1.sls b/salt-pillar/wireguard/anon1.sls new file mode 100644 index 000000000..dc0c535 --- /dev/null +++ b/salt-pillar/wireguard/anon1.sls @@ -0,0 +1,19 @@ +wireguard-instances: + 'mullvad-de1': + private_key: | + -----BEGIN PGP MESSAGE----- + + hQEMA2PKcvDMvlKLAQf/UlrdkStvB3GNrCoEOYGgStNHnxA47f1Pyy/psebzOewD + 4o7jUIMjeNLM/6BxNTdm4FQ/LG5oF4orIRzxoTDxpwYx/H0pzKEJbtMkX7hD+Hn/ + VaTlQFgmATL8laScZ6GhUCBDdH0Mo5ZETMoytgGXvNWsjSNrEQi/e41C2aaByXdl + FCNR9DfG8RBGzLuJCnqsgU2PlOzWmqK2qJWMavI6pwSgkbfmpEWJsNCrKurOnA3J + 06VClqyX/ni5h19TmC/3moFA6xrv+8ttDEKTPXiQ37OUYsSYmMB8of9MxOWPQVPI + zm7PAlOeKh3cnhuiyqS2FKcPJ4DdO4bvt2wQF9A6ZNJnAVJgHbc4WnsO31hwy499 + iVW/91FHra9dO5XVmiZAPl99ageAVy6iaohgrkjfLffwTuaiSG0BC7kYF+dIPUYm + Fy6FrkI53kzPzqhMTKlOZ72CJDKhN9SDV1cjJy7/+DQ76Kzn402D7w== + =NooJ + -----END PGP MESSAGE----- + addr: '10.99.16.190/32,fc00:bbbb:bbbb:bb01::10be/128' + peers: + - public_key: 'Ko5Vhr1L11DRpKBRw6TMXvCaZby6N32R4NQsdTGzfE0=' + endpoint: '185.216.33.114:3018' diff --git a/salt/modules.conf b/salt/modules.conf index 040347a..9896b79 100644 --- a/salt/modules.conf +++ b/salt/modules.conf @@ -1,2 +1,3 @@ ip6table_nat ip6t_MASQUERADE +wireguard diff --git a/salt/top.sls b/salt/top.sls index 284b679..187b84c 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -45,7 +45,7 @@ base: - no-ssh - forwarding - bird - - vpn.openvpn + - wireguard - upstream.masquerade - upstream.shaping - upstream.nat66 diff --git a/salt/wireguard/init.sls b/salt/wireguard/init.sls new file mode 100644 index 000000000..24c8c67 --- /dev/null +++ b/salt/wireguard/init.sls @@ -0,0 +1,29 @@ +wireguard-tools: + pkg.installed: [] + +/etc/systemd/system/wireguard.service: + file.managed: + - source: salt://wireguard/wireguard.service + +{%- for instance, conf in pillar['wireguard-instances'].items() %} +/etc/wg/{{ instance }}.conf: + file.managed: + - source: salt://wireguard/wireguard.conf + - template: 'jinja' + - context: {{ conf }} + - mode: 600 + +autostart-wg-{{ instance }}: + service.enabled: + - name: wireguard@{{ instance }} + require: + - file: /etc/wg/{{ instance }}.conf + +start-wg-{{ instance }}: + service.running: + - name: wg-{{ instance }} + require: + - service: autostart-wg-{{ instance }} + watch: + - file: /etc/wg/{{ instance }}.conf +{%- endfor %} diff --git a/salt/wireguard/wireguard.service b/salt/wireguard/wireguard.service new file mode 100644 index 000000000..c8a7358 --- /dev/null +++ b/salt/wireguard/wireguard.service @@ -0,0 +1,11 @@ +[Unit] +Description=Call wg-quick +PartOf=wireguard.service + +[Service] +Type=oneshot +ExecStart=wg-quick up /etc/wg/%i.conf +ExecStop=wg-quick down /etc/wg/%i.conf + +[Install] +WantedBy=multi-user.target