Wireguard.

author: Trygve Laugstøl <trygvis@inamo.no> 2021-02-01 22:46:01 +0100
committer: Trygve Laugstøl <trygvis@inamo.no> 2021-02-01 22:46:01 +0100
commit: e728c5d17e9793f32fa56287c09af188831610f7 (patch)
tree: 10a1fda8134b2eb5cdfe3d93edd68a9294e62423
parent: 2957c76e4027f47959f79354b07cdaa4b04da8c6 (diff)
download: rules-sandbox-e728c5d17e9793f32fa56287c09af188831610f7.tar.gz
rules-sandbox-e728c5d17e9793f32fa56287c09af188831610f7.tar.bz2
rules-sandbox-e728c5d17e9793f32fa56287c09af188831610f7.tar.xz
rules-sandbox-e728c5d17e9793f32fa56287c09af188831610f7.zip
11 files changed, 92 insertions, 22 deletions
diff --git a/acme-wireguard/host_vars/acme-1/wireguard.yml b/acme-wireguard/host_vars/acme-1/wireguard.yml
index e36d298..3c71e52 100644
--- a/acme-wireguard/host_vars/acme-1/wireguard.yml
+++ b/acme-wireguard/host_vars/acme-1/wireguard.yml
@@ -1,6 +1,15 @@
 # Generated
+wireguard_port: 53476
 link_address: 192.168.10.3
 network_cidr: 10.55.255.0/24
 wireguard_peers:
-  - acme-2.machine.acme.com
-  - acme-3.machine.acme.com
+  acme-2:
+    public_address: acme-2.machine.acme.com
+    public_port: 53476
+    gateway: 192.168.10.4
+    network: 10.55.254.0/24
+  acme-3:
+    public_address: acme-3.machine.acme.com
+    public_port: 53476
+    gateway: 192.168.10.5
+    network: 10.55.253.0/24
diff --git a/acme-wireguard/host_vars/acme-2/wireguard.yml b/acme-wireguard/host_vars/acme-2/wireguard.yml
index 3c58546..d7e4219 100644
--- a/acme-wireguard/host_vars/acme-2/wireguard.yml
+++ b/acme-wireguard/host_vars/acme-2/wireguard.yml
@@ -1,6 +1,15 @@
 # Generated
+wireguard_port: 53476
 link_address: 192.168.10.4
 network_cidr: 10.55.254.0/24
 wireguard_peers:
-  - acme-1.machine.acme.com
-  - acme-3.machine.acme.com
+  acme-1:
+    public_address: acme-1.machine.acme.com
+    public_port: 53476
+    gateway: 192.168.10.3
+    network: 10.55.255.0/24
+  acme-3:
+    public_address: acme-3.machine.acme.com
+    public_port: 53476
+    gateway: 192.168.10.5
+    network: 10.55.253.0/24
diff --git a/acme-wireguard/host_vars/acme-3/wireguard.yml b/acme-wireguard/host_vars/acme-3/wireguard.yml
index 7f26fe1..7d7fa76 100644
--- a/acme-wireguard/host_vars/acme-3/wireguard.yml
+++ b/acme-wireguard/host_vars/acme-3/wireguard.yml
@@ -1,6 +1,15 @@
 # Generated
+wireguard_port: 53476
 link_address: 192.168.10.5
 network_cidr: 10.55.253.0/24
 wireguard_peers:
-  - acme-1.machine.acme.com
-  - acme-2.machine.acme.com
+  acme-1:
+    public_address: acme-1.machine.acme.com
+    public_port: 53476
+    gateway: 192.168.10.3
+    network: 10.55.255.0/24
+  acme-2:
+    public_address: acme-2.machine.acme.com
+    public_port: 53476
+    gateway: 192.168.10.4
+    network: 10.55.254.0/24
diff --git a/acme-wireguard/host_vars/ws-1/wireguard.yml b/acme-wireguard/host_vars/ws-1/wireguard.yml
index b917fbb..0372db8 100644
--- a/acme-wireguard/host_vars/ws-1/wireguard.yml
+++ b/acme-wireguard/host_vars/ws-1/wireguard.yml
@@ -1,7 +1,20 @@
 # Generated
+wireguard_port: 53476
 link_address: 192.168.10.6
 network_cidr: 10.55.252.0/24
 wireguard_peers:
-  - acme-1.machine.acme.com
-  - acme-2.machine.acme.com
-  - acme-3.machine.acme.com
+  acme-1:
+    public_address: acme-1.machine.acme.com
+    public_port: 53476
+    gateway: 192.168.10.3
+    network: 10.55.255.0/24
+  acme-2:
+    public_address: acme-2.machine.acme.com
+    public_port: 53476
+    gateway: 192.168.10.4
+    network: 10.55.254.0/24
+  acme-3:
+    public_address: acme-3.machine.acme.com
+    public_port: 53476
+    gateway: 192.168.10.5
+    network: 10.55.253.0/24
diff --git a/acme-wireguard/host_vars/ws-2/wireguard.yml b/acme-wireguard/host_vars/ws-2/wireguard.yml
index f56b320..133bd66 100644
--- a/acme-wireguard/host_vars/ws-2/wireguard.yml
+++ b/acme-wireguard/host_vars/ws-2/wireguard.yml
@@ -1,7 +1,20 @@
 # Generated
+wireguard_port: 53476
 link_address: 192.168.10.7
 network_cidr: 10.55.251.0/24
 wireguard_peers:
-  - acme-1.machine.acme.com
-  - acme-2.machine.acme.com
-  - acme-3.machine.acme.com
+  acme-1:
+    public_address: acme-1.machine.acme.com
+    public_port: 53476
+    gateway: 192.168.10.3
+    network: 10.55.255.0/24
+  acme-2:
+    public_address: acme-2.machine.acme.com
+    public_port: 53476
+    gateway: 192.168.10.4
+    network: 10.55.254.0/24
+  acme-3:
+    public_address: acme-3.machine.acme.com
+    public_port: 53476
+    gateway: 192.168.10.5
+    network: 10.55.253.0/24
diff --git a/acme-wireguard/wireguard-vpn0.yml b/acme-wireguard/wireguard-vpn0.yml
index 655fe19..a1309e2 100644
--- a/acme-wireguard/wireguard-vpn0.yml
+++ b/acme-wireguard/wireguard-vpn0.yml
@@ -1,6 +1,7 @@
 - hosts: wireguard_vpn0
-  roles:
+  vars:
+    wireguard_if: vpn0
+  tasks:
     - name: wireguard
-      wireguard_if: vpn0
-      wireguard_listen_port: 45364
-      wireguard_address4: "{{ link_address }}"
+      import_role:
+        name: wireguard
diff --git a/acme.yaml b/acme.yaml
index 2b4d2e3..741e711 100644
--- a/acme.yaml
+++ b/acme.yaml
@@ -71,6 +71,7 @@
   data:
     name: vpn0
     domain: vpn.acme.com
+    port: 53476
     linkCidr: 192.168.10.0/29
     networkCidr: 10.55.0.0/16
     networkBits: 24
diff --git a/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl b/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl
index 425b6ca..1c7d251 100644
--- a/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl
+++ b/module/ri-wireguard/src/main/resources/io/trygvis/rules/wireguard/wireguard.drl
@@ -15,6 +15,7 @@ dialect  "mvel"
 declare WgNet
     name        : String
     domain      : String
+    port        : int
     linkCidr    : String
     networkCidr : String
     networkBits : int
@@ -30,6 +31,7 @@ declare WgHost
     machine     : Machine
     net         : WgNet
     publicName  : String
+    publicPort  : int
     ip          : String // This host's IP
     networkCidr : String
 end
@@ -65,6 +67,7 @@ then
     wgHost.machine = $machine;
     wgHost.net = $wgNet;
     wgHost.publicName = $machine.fqdn;
+    wgHost.publicPort = $wgNet.port;
     insert(wgHost)
 end
 
@@ -167,7 +170,7 @@ rule "Generate per-net, per-host files"
 when
     $net : WgNet()
     $host : WgHost(net == $net)
-    $peers : ArrayList() from accumulate(WgConnection(host == $host, $to: to), collectList($to.machine))
+    $peers : ArrayList() from accumulate(WgConnection(host == $host, $to: to), collectList($to))
 then
     System.out.printf("Generating per-host files: net=%s, host=%s%n", $net.name, $host.machine.name);
 
diff --git a/module/ri-wireguard/src/main/resources/templates/wireguard/ansible-host.j2 b/module/ri-wireguard/src/main/resources/templates/wireguard/ansible-host.j2
index cbf707e..6cb3a05 100644
--- a/module/ri-wireguard/src/main/resources/templates/wireguard/ansible-host.j2
+++ b/module/ri-wireguard/src/main/resources/templates/wireguard/ansible-host.j2
@@ -1,7 +1,12 @@
 # Generated
+wireguard_port: {{ host.publicPort }}
 link_address: {{ host.ip }}
 network_cidr: {{ host.networkCidr }}
 wireguard_peers:
 {%- for peer in peers %}
-  - {{ peer.fqdn }}
+  {{ peer.machine.name }}:
+    public_address: {{ peer.publicName }}
+    public_port: {{ peer.publicPort }}
+    gateway: {{ peer.ip }}
+    network: {{ peer.networkCidr }}
 {%- endfor %}
diff --git a/module/ri-wireguard/src/main/resources/templates/wireguard/ansible.j2 b/module/ri-wireguard/src/main/resources/templates/wireguard/ansible.j2
index bca3e8c..ad4d034 100644
--- a/module/ri-wireguard/src/main/resources/templates/wireguard/ansible.j2
+++ b/module/ri-wireguard/src/main/resources/templates/wireguard/ansible.j2
@@ -1,6 +1,7 @@
 - hosts: wireguard_{{ net.name }}
-  roles:
+  vars:
+    wireguard_if: {{ net.name }}
+  tasks:
     - name: wireguard
-      wireguard_if: {{ net.name }}
-      wireguard_listen_port: 45364
-      wireguard_address4: "{{ '{{' }} link_address }}"
+      import_role:
+        name: wireguard
diff --git a/out/acme/wireguard.yaml b/out/acme/wireguard.yaml
index 91a7963..a374351 100644
--- a/out/acme/wireguard.yaml
+++ b/out/acme/wireguard.yaml
@@ -43,6 +43,7 @@
   data:
     &vpn0 name: "vpn0"
     domain: "vpn.acme.com"
+    port: 53476
     linkCidr: "192.168.10.0/29"
     networkCidr: "10.55.0.0/16"
     networkBits: 24
@@ -63,6 +64,7 @@
     &3 machine: *ws-1
     net: *vpn0
     publicName: null
+    publicPort: 53476
     ip: "192.168.10.6"
     networkCidr: "10.55.252.0/24"
 - type: "io.trygvis.rules.wireguard.WgHost"
@@ -70,6 +72,7 @@
     &4 machine: *ws-2
     net: *vpn0
     publicName: null
+    publicPort: 53476
     ip: "192.168.10.7"
     networkCidr: "10.55.251.0/24"
 - type: "io.trygvis.rules.wireguard.WgHost"
@@ -77,6 +80,7 @@
     &5 machine: *acme-1
     net: *vpn0
     publicName: "acme-1.machine.acme.com"
+    publicPort: 53476
     ip: "192.168.10.3"
     networkCidr: "10.55.255.0/24"
 - type: "io.trygvis.rules.wireguard.WgHost"
@@ -84,6 +88,7 @@
     &6 machine: *acme-2
     net: *vpn0
     publicName: "acme-2.machine.acme.com"
+    publicPort: 53476
     ip: "192.168.10.4"
     networkCidr: "10.55.254.0/24"
 - type: "io.trygvis.rules.wireguard.WgHost"
@@ -91,6 +96,7 @@
     &7 machine: *acme-3
     net: *vpn0
     publicName: "acme-3.machine.acme.com"
+    publicPort: 53476
     ip: "192.168.10.5"
     networkCidr: "10.55.253.0/24"
 - type: "io.trygvis.rules.wireguard.WgConnection"
author	Trygve Laugstøl <trygvis@inamo.no>	2021-02-01 22:46:01 +0100
committer	Trygve Laugstøl <trygvis@inamo.no>	2021-02-01 22:46:01 +0100
commit	e728c5d17e9793f32fa56287c09af188831610f7 (patch)
tree	10a1fda8134b2eb5cdfe3d93edd68a9294e62423
parent	2957c76e4027f47959f79354b07cdaa4b04da8c6 (diff)
download	rules-sandbox-e728c5d17e9793f32fa56287c09af188831610f7.tar.gz rules-sandbox-e728c5d17e9793f32fa56287c09af188831610f7.tar.bz2 rules-sandbox-e728c5d17e9793f32fa56287c09af188831610f7.tar.xz rules-sandbox-e728c5d17e9793f32fa56287c09af188831610f7.zip