services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

move systemd prefixes to software prefixes

Browse Source
This commit is contained in:
Reese Wells
2025-11-18 10:01:07 -05:00
parent 91f4687c07
commit 1ae62e70ed
30 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
active/software_wireguard/Dockerfile Normal file
View File

@@ -0,0 +1,8 @@
FROM alpine:latest
RUN apk add -U wireguard-tools
COPY wg0.conf /etc/wireguard/wg0.conf
CMD wg-quick up wg0 && \
wg set wg0 peer 'lvghTtIHSXzOfpruVHtRnnAiZJeUi8A6lzhE21GSJjA=' allowed-ips 10.10.0.2/32 && \
watch -n 1 wg

35
active/software_wireguard/install.sh Executable file
View File

@@ -0,0 +1,35 @@
# TODO
# 1. Ask for listen port
# 2. Ask for name of eth interface
apt-get update
apt-get upgrade -y
apt-get install -y raspberrypi-kernel-headers
apt install -y wireguard qrencode iptables
cat > /etc/sysctl.conf <<EOF
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
EOF
reboot
cd /etc/wireguard
umask 077
export PRIVKEY=$(wg genkey)
echo $PRIVKEY | tee privatekey | wg pubkey | tee publickey
echo $PRIVKEY | tee --append /etc/wireguard/wg0.conf
cat > /etc/wireguard/wg0.conf <<EOF
[Interface]
Address = 10.10.0.1/24
Address = fd86:ea04:1111::1/64
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = $PRIVKEY
EOF
sysctl -p
wg-quick up wg0
wg

28
active/software_wireguard/install_wireguard.yaml Normal file
View File

@@ -0,0 +1,28 @@
- name: Create Backup Service
hosts: all
vars_files:
- secrets/vars.yaml
tasks:
- name: Install the latest version of Wireguard Tools
ansible.builtin.dnf:
name: wireguard-tools
state: latest
- name: Create wg0.conf
template:
dest: /etc/wireguard/wg0.conf
src: wg0.conf.j2
owner: root
group: root
mode: '0600'
- name: enable and persist ip forwarding
sysctl:
name: net.ipv4.ip_forward
value: "1"
state: present
sysctl_set: yes
reload: yes
- name: start wireguard and enable on boot
systemd:
name: wg-quick@wg0
enabled: yes
state: started

47
active/software_wireguard/newclient.sh Executable file
View File

@@ -0,0 +1,47 @@
# TODO
# 1. Read server pubkey from file
wg
echo -n 'Client Name: '
read name
echo -n 'Last digit of client IP \(10.10.0.?\): '
read ip
echo -n 'Server PubKey: '
read server_pubkey
mkdir $name
cd $name
export PRIVKEY=$(wg genkey)
echo $PRIVKEY | tee $name"_privkey"
export PUBKEY=$(echo $PRIVKEY | wg pubkey)
echo $PUBKEY | tee $name"_pubkey"
cat > $name".conf" <<EOF
[Interface]
PrivateKey = $PRIVKEY
Address = 10.10.0.$ip/32, fd86:ea04:1111::$ip/128
DNS = 10.10.0.1
[Peer]
PublicKey = $server_pubkey
Endpoint = wireguard.reeseapps.com:51820
AllowedIPs = 0.0.0.0/0, ::/0
EOF
cat >> /etc/wireguard/wg0.conf <<EOF
# $name
[Peer]
PublicKey = $PUBKEY
AllowedIPs = 10.10.0.$ip/32
EOF
wg set wg0 peer $PUBKEY allowed-ips 10.10.0.$ip/32
qrencode -t ansiutf8 < $name".conf"
cd ..
chmod -R 600 $name
wg

1
active/software_wireguard/qr.sh Executable file
View File

@@ -0,0 +1 @@
qrencode -t ansiutf8

5
active/software_wireguard/wg0.conf.j2 Normal file
View File

@@ -0,0 +1,5 @@
# {{ ansible_managed }}
[Interface]
Address = 10.0.1.1/24
ListenPort = 51820
PrivateKey = {{ server_privkey }}

39
active/software_wireguard/wireguard.md Executable file
View File

@@ -0,0 +1,39 @@
# Wireguard
## Install
```bash
ansible-playbook \
-i ansible/inventory.yaml \
-l wireguard \
active/systemd_wireguard/install_backup.yaml \
-e "@active/systemd_wireguard/secrets/vars.yaml"
```
## Add a client
```bash
export WG_IP_SUFFIX=$(cat IP && echo $(($(cat IP) + 1)) > IP)
export PRIVKEY=$(wg genkey)
export PUBKEY=$(echo $PRIVKEY | wg pubkey)
export SERVER_PUBKEY=$(cat publickey)
cat <<EOF > id_$WG_IP_SUFFIX
[Interface]
PrivateKey = $PRIVKEY
Address = 10.10.0.$WG_IP_SUFFIX/32
DNS = 10.10.0.1
[Peer]
PublicKey = $SERVER_PUBKEY
Endpoint = pihole.reeserelease.com:51820
AllowedIPs = 10.10.0.1/32
EOF
cat id_$WG_IP_SUFFIX | qrencode -t ansiutf8
echo "Added ID $WG_IP_SUFFIX"
echo "Press enter to continue"
read
wg set wg0 peer $PUBKEY allowed-ips 10.10.0.$WG_IP_SUFFIX/32
wg-quick down wg0 && wg-quick up wg0
```