bundles/wireguard: use one wireguard connection per peer instead of one for all

2021-09-29 19:27:13 +02:00 · 2021-09-29 19:27:13 +02:00 · 902840ee7f
commit 902840ee7f
parent 8110ec508e
5 changed files with 110 additions and 94 deletions
--- a/bundles/wireguard/files/wg.netdev
+++ b/bundles/wireguard/files/wg.netdev
@ -0,0 +1,17 @@
+[NetDev]
+Name=wg${number}
+Kind=wireguard
+Description=WireGuard connection to ${peer}
+
+[WireGuard]
+PrivateKey=${privatekey}
+ListenPort=${port}
+
+[WireGuardPeer]
+PublicKey=${pubkey}
+AllowedIPs=0.0.0.0/0
+PresharedKey=${psk}
+% if endpoint:
+Endpoint=${endpoint}
+% endif
+PersistentKeepalive=30
--- a/bundles/wireguard/files/wg0.netdev
+++ b/bundles/wireguard/files/wg0.netdev
@ -1,25 +0,0 @@
-[NetDev]
-Name=wg0
-Kind=wireguard
-Description=WireGuard server
-
-[WireGuard]
-PrivateKey=${privatekey}
-ListenPort=51820
-
-% for peer, config in sorted(peers.items()):
-# Peer ${peer}
-[WireGuardPeer]
-PublicKey=${config['pubkey']}
-%   if len(peers) == 1: # FIXME
-AllowedIPs=${network}
-%   else:
-AllowedIPs=${','.join(sorted(config['ips']))}
-%   endif
-PresharedKey=${config['psk']}
-%   if 'endpoint' in config:
-Endpoint=${config['endpoint']}
-%   endif
-PersistentKeepalive=30
-
-% endfor