52 commits

Author	SHA1	Message	Date
Franzi	e6f6229b87	bundles/wireguard: do not generate PSKs for unmanaged nodes	2024-03-23 10:19:15 +01:00
Franzi	104d1f11bf	bundles/wireguard: support s2s connection to other services	2024-03-22 22:52:12 +01:00
Franzi	3b7e14755c	bundles/wireguard: clean up leftovers	2023-12-25 10:19:34 +01:00
Franzi	86b8cd8edf	bundles/wireguard: remove wg_health_check	2023-12-10 17:01:01 +01:00
Franzi	f3269ce979	bundle/wireguard: fix firewall for home.router	2023-12-10 16:59:53 +01:00
Franzi	63d42c6b42	bundles/wireguard: add no_autoconnect option	2023-12-10 16:58:52 +01:00
Franzi	ffb5125ddd	bundles/wireguard: add option to set settings based on a specific peer	2023-12-10 14:48:24 +01:00
Franzi	75ef2e7bb9	bundles/wireguard: uninstall dkms package for debian > 11	2023-11-12 11:00:43 +01:00
Franzi	cd48cf495d	rework firewall setup	2023-09-24 21:01:51 +02:00
Franzi	a09b5b98ca	bundles/wireguard: disable health_checks if auto_connection is false	2023-09-24 18:57:27 +02:00
Franzi	458606649e	bundles/wireguard: add option to route networks through vpn	2023-09-24 18:56:50 +02:00
Franzi	0e40b03060	bundles/wireguard: only try to do full mesh if *we* are doing full mesh	2023-09-24 18:56:18 +02:00
Franzi	07de570175	auto-generate full wireguard mesh between all nodes in libs.s2s.WG_AUTOGEN_NODES	2023-09-23 15:06:16 +02:00
Franzi	3a0ed4a7f5	bundles/wireguard: autogenerate port number based on index in WG_AUTOGEN_NODES	2023-09-23 15:04:47 +02:00
Franzi	d47f7db708	bundles/wireguard: only try to auto-generate ips and ports if nodes are present in WG_AUTOGEN_NODES	2023-09-23 15:04:11 +02:00
Franzi	0d79216ae5	bundles/wireguard: fix KeyError when running with no peers	2023-09-23 15:03:44 +02:00
Franzi	4f260932c3	bundles/wireguard: health checks for everyone	2023-09-12 20:15:19 +02:00
Franzi	234e81431d	bundles/wireguard: easier snat setup	2023-09-10 21:27:03 +02:00
Franzi	fe4d4abc9c	bundles/wireguard: fix max interface length	2023-09-09 16:10:49 +02:00
Franzi	7df6b1d13a	bundles/wireguard: name wg interfaces according to their peers	2023-09-09 13:55:03 +02:00
Franzi	4122a7ccf8	isort the repo	2023-02-05 17:30:58 +01:00
Franzi	c8dd809057	bundles/wireguard: better nftables rules	2022-12-11 17:42:39 +01:00
Franzi	9730a2be13	bundles/wireguard: fix permissions for wireguard netdev files	2022-05-16 10:48:26 +02:00
Franzi	5179edb458	bundles/wireguard: fix forwarding firewall rules	2022-03-13 15:15:08 +01:00
Franzi	e181be3fc6	bundles/wireguard: better dependency management	2022-03-10 21:00:42 +01:00
Franzi	c7e5002f17	bundles/wireguard: support arch linux and other netmasks than /31	2022-03-09 13:05:01 +01:00
Franzi	0101e0c92d	bundles/nftables: store rules in dedicated files instead of nftables.conf	2021-12-14 15:27:30 +01:00
Franzi	0412c9042a	bundles/wireguard: fix stderr handling of wg_health_check	2021-10-31 09:49:37 +01:00
Franzi	ee86b5a121	bundles/wireguard: less spammy output for wg_health_check	2021-10-30 19:36:20 +02:00
Franzi	095d425de1	bundles/wireguard: do not run wg_health_check during bw apply	2021-10-14 09:02:01 +02:00
Franzi	9188b28b7a	bundles/wireguard: add wg_health_check	2021-10-14 08:54:54 +02:00
Franzi	8656f99f8e	bundles/wireguard: re-add reconnect script for added resiliency	2021-09-30 06:37:42 +02:00
Franzi	5f1f4fd654	bundles/wireguard: add option 'snat_to' for connections	2021-09-29 19:43:29 +02:00
Franzi	902840ee7f	bundles/wireguard: use one wireguard connection per peer instead of one for all	2021-09-29 19:27:13 +02:00
Franzi	d569b00960	modify nodes and bundles for new nftables syntax	2021-06-03 13:59:36 +02:00
Franzi	8fd83241ca	bundles: ensure apt/repos/*/items is a set	2021-04-30 12:49:59 +02:00
Franzi	6772b3b5d0	bundles: various fixes for telegraf plugins	2021-04-24 11:45:58 +02:00
Franzi	a37d31973a	bundles: add some telegraf plugins	2021-04-24 09:14:25 +02:00
Franzi	f8bbe00d47	overall better handling and usage of exceptions	2021-04-02 18:57:13 +02:00
Franzi	5b276368b8	bundles/wireguard: iptables/bundle_rules should be a list	2021-04-01 17:13:24 +02:00
Franzi	6e423c24fb	bundles/wireguard: rework metadata.py	2021-04-01 16:27:31 +02:00
Franzi	6a6198c9b9	bundles/wireguard: move iptables rules to metadata reactor	2021-03-21 15:26:29 +01:00
Franzi	52cab71fec	bundles/wireguard: also allow outgoing traffic ... How did this ever work without this rule?	2021-03-15 09:00:35 +01:00
Franzi	b06532241b	bundles: use metastack syntax for metadata.get()	2021-02-18 18:12:25 +01:00
Franzi	d2260b4699	bundles/wireguard: use PersistentKeepalive to work around intermittent connection issues	2021-02-15 15:16:44 +01:00
Franzi	56fce7d460	bundles/wireguard: add exclude_from_monitoring option for wireguard peers	2021-02-14 21:35:37 +01:00
Franzi	2d42e5f7dd	update bw to 4.3, add .provides() to metadata reactors	2021-01-07 18:44:38 +01:00
Franzi	1d06d86205	bundles/wireguard: fix early fault resolve in metadata.py	2020-12-10 16:39:26 +01:00
Franzi	67d8293201	bundles/wireguard: one icinga2 check per peer	2020-11-30 06:43:46 +01:00
Franzi	014b37082c	bundles/wireguard: send pings over vpn, if pppd reconnects	2020-11-27 03:09:37 +01:00