bundles/wireguard: add netdev and network files, add iptables rules

2020-11-21 15:38:38 +01:00 · 2020-11-21 15:38:38 +01:00 · 58ca3fa9ae
commit 58ca3fa9ae
parent e2490df48e
8 changed files with 168 additions and 8 deletions
--- a/nodes/ovh/icinga2.py
+++ b/nodes/ovh/icinga2.py
@ -3,6 +3,7 @@ nodes['ovh.icinga2'] = {
        'icinga2',
        'php',
        'postgresql',
+        'wireguard',
        'zfs',
    },
    'groups': {
@ -14,7 +15,7 @@ nodes['ovh.icinga2'] = {
            'eth0': {
                'ips': {
                    '51.195.44.8',
-                    '2001:41d0:701:1100::2618/64'
+                    '2001:41d0:701:1100::2618/128'
                },
                'gateway4': '51.195.44.1',
                'gateway6': '2001:41d0:701:1100::1'
@ -53,6 +54,12 @@ nodes['ovh.icinga2'] = {
                'xml',
            },
        },
+        'wireguard': {
+            'my_ip': '172.19.137.3/32',
+            'peers': {
+                'ovh.wireguard': {},
+            },
+        },
        'zfs': {
            'pools': {
                'tank': {
--- a/nodes/ovh/wireguard.py
+++ b/nodes/ovh/wireguard.py
@ -1,5 +1,7 @@
 nodes['ovh.wireguard'] = {
-    'bundles': set(),
+    'bundles': {
+        'wireguard',
+    },
    'groups': {
        'debian-buster',
    },
@ -8,7 +10,7 @@ nodes['ovh.wireguard'] = {
            'eth0': {
                'ips': {
                    '51.195.47.180',
-                    '2001:41d0:701:1100::20da/64'
+                    '2001:41d0:701:1100::20da/128'
                },
                'gateway4': '51.195.44.1',
                'gateway6': '2001:41d0:701:1100::1'
@ -21,5 +23,10 @@ nodes['ovh.wireguard'] = {
            'cpu': 1,
            'ram': 2,
        },
+        'wireguard': {
+            'network': '172.19.136.0/22',
+            'my_ip': '172.19.137.1/32',
+            'psk': vault.random_bytes_as_base64_for('ovh.icinga2 wireguard psk'),
+        },
    },
 }