prepare switching anon1 from openvpn to wireguard
This commit is contained in:
parent
ea35ec41d0
commit
f0abcb522d
|
@ -36,7 +36,7 @@ base:
|
||||||
- bind.dyndns.upstream2
|
- bind.dyndns.upstream2
|
||||||
'anon*':
|
'anon*':
|
||||||
- bird.ospf
|
- bird.ospf
|
||||||
- vpn.anon1
|
- wireguard.anon1
|
||||||
- upstream.anon1
|
- upstream.anon1
|
||||||
- collectd.upstream
|
- collectd.upstream
|
||||||
- bind.dyndns.anon1
|
- bind.dyndns.anon1
|
||||||
|
|
|
@ -0,0 +1,19 @@
|
||||||
|
wireguard-instances:
|
||||||
|
'mullvad-de1':
|
||||||
|
private_key: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQEMA2PKcvDMvlKLAQf/UlrdkStvB3GNrCoEOYGgStNHnxA47f1Pyy/psebzOewD
|
||||||
|
4o7jUIMjeNLM/6BxNTdm4FQ/LG5oF4orIRzxoTDxpwYx/H0pzKEJbtMkX7hD+Hn/
|
||||||
|
VaTlQFgmATL8laScZ6GhUCBDdH0Mo5ZETMoytgGXvNWsjSNrEQi/e41C2aaByXdl
|
||||||
|
FCNR9DfG8RBGzLuJCnqsgU2PlOzWmqK2qJWMavI6pwSgkbfmpEWJsNCrKurOnA3J
|
||||||
|
06VClqyX/ni5h19TmC/3moFA6xrv+8ttDEKTPXiQ37OUYsSYmMB8of9MxOWPQVPI
|
||||||
|
zm7PAlOeKh3cnhuiyqS2FKcPJ4DdO4bvt2wQF9A6ZNJnAVJgHbc4WnsO31hwy499
|
||||||
|
iVW/91FHra9dO5XVmiZAPl99ageAVy6iaohgrkjfLffwTuaiSG0BC7kYF+dIPUYm
|
||||||
|
Fy6FrkI53kzPzqhMTKlOZ72CJDKhN9SDV1cjJy7/+DQ76Kzn402D7w==
|
||||||
|
=NooJ
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
addr: '10.99.16.190/32,fc00:bbbb:bbbb:bb01::10be/128'
|
||||||
|
peers:
|
||||||
|
- public_key: 'Ko5Vhr1L11DRpKBRw6TMXvCaZby6N32R4NQsdTGzfE0='
|
||||||
|
endpoint: '185.216.33.114:3018'
|
|
@ -1,2 +1,3 @@
|
||||||
ip6table_nat
|
ip6table_nat
|
||||||
ip6t_MASQUERADE
|
ip6t_MASQUERADE
|
||||||
|
wireguard
|
||||||
|
|
|
@ -45,7 +45,7 @@ base:
|
||||||
- no-ssh
|
- no-ssh
|
||||||
- forwarding
|
- forwarding
|
||||||
- bird
|
- bird
|
||||||
- vpn.openvpn
|
- wireguard
|
||||||
- upstream.masquerade
|
- upstream.masquerade
|
||||||
- upstream.shaping
|
- upstream.shaping
|
||||||
- upstream.nat66
|
- upstream.nat66
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
wireguard-tools:
|
||||||
|
pkg.installed: []
|
||||||
|
|
||||||
|
/etc/systemd/system/wireguard.service:
|
||||||
|
file.managed:
|
||||||
|
- source: salt://wireguard/wireguard.service
|
||||||
|
|
||||||
|
{%- for instance, conf in pillar['wireguard-instances'].items() %}
|
||||||
|
/etc/wg/{{ instance }}.conf:
|
||||||
|
file.managed:
|
||||||
|
- source: salt://wireguard/wireguard.conf
|
||||||
|
- template: 'jinja'
|
||||||
|
- context: {{ conf }}
|
||||||
|
- mode: 600
|
||||||
|
|
||||||
|
autostart-wg-{{ instance }}:
|
||||||
|
service.enabled:
|
||||||
|
- name: wireguard@{{ instance }}
|
||||||
|
require:
|
||||||
|
- file: /etc/wg/{{ instance }}.conf
|
||||||
|
|
||||||
|
start-wg-{{ instance }}:
|
||||||
|
service.running:
|
||||||
|
- name: wg-{{ instance }}
|
||||||
|
require:
|
||||||
|
- service: autostart-wg-{{ instance }}
|
||||||
|
watch:
|
||||||
|
- file: /etc/wg/{{ instance }}.conf
|
||||||
|
{%- endfor %}
|
|
@ -0,0 +1,11 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Call wg-quick
|
||||||
|
PartOf=wireguard.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=wg-quick up /etc/wg/%i.conf
|
||||||
|
ExecStop=wg-quick down /etc/wg/%i.conf
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
Loading…
Reference in New Issue