services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4e51d263fb761ae5b6a9694cdefd930489fcd0f1
homelab/mesh/README.md
ducoterra 4e51d263fb update mesh
2024-06-24 17:04:36 -04:00

125 lines
2.7 KiB
Markdown
Raw Blame History

# Wireguard
## Install Wireguard
<https://www.wireguard.com/install/>
## Ansible
```bash
ansible-playbook -i ansible/inventory.yaml wireguard/keys.yaml
ansible-playbook -i ansible/inventory.yaml wireguard/wireguard.yaml
ansible-playbook -i ansible/inventory.yaml wireguard/peers.yaml
```
## DNS Records
Collect DNS records from vars.yaml
```bash
cat wireguard/vars.yaml | \
yq -r '.ip | map([.hostname + "-wg.reeselink.com", .address]).[].[]' > dns/duconet-wg.txt
```
## CLI Setup
```bash
# Peer 1
wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
ip link add dev duconet-wg type wireguard
ip address add dev duconet-wg fd00:fd41:d0f1:1010::0/64
wg set duconet-wg \
listen-port 51821 \
private-key /etc/wireguard/privatekey
wg set duconet-wg \
peer CQxNsdPgfzjvOszjn/UZHFdAY3k+D9J+vI8qKUjCYV0= \
allowed-ips '10.10.10.0/24' \
endpoint 10.1.200.253:51821
ip link set up dev duconet-wg
touch /etc/wireguard/duconet-wg.conf
wg-quick save duconet-wg
# Peer 2
wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
ip link add dev duconet-wg type wireguard
ip address add dev duconet-wg 10.10.10.2/24
wg set duconet-wg \
listen-port 51821 \
private-key /etc/wireguard/privatekey \
peer kzbHUGzYk6Uyan/NFYY5mh3pxf2IX/WzWZtImeyp6Sw= \
allowed-ips '10.10.10.0/24' \
endpoint 10.1.203.197:51821
ip link set up dev duconet-wg
touch /etc/wireguard/duconet-wg.conf
wg-quick save duconet-wg
# Peer 3
wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
ip link add dev duconet-wg type wireguard
ip address add dev duconet-wg 10.10.10.3/24
wg set duconet-wg \
listen-port 51821 \
private-key /etc/wireguard/privatekey \
peer kzbHUGzYk6Uyan/NFYY5mh3pxf2IX/WzWZtImeyp6Sw= \
allowed-ips '10.10.10.0/24' \
endpoint 10.1.203.197:51821
wg set duconet-wg \
peer 9/dBUlO9TGf0H9M3xwPiuIuz6Q/u7fSJVZaUxqAiqi8= \
allowed-ips '10.10.10.0/24' \
endpoint 10.1.2.10:51821
ip link set up dev duconet-wg
touch /etc/wireguard/duconet-wg.conf
wg-quick save duconet-wg
```
## Teardown
```bash
# teardown
ip link delete duconet-wg
systemctl disable wg-quick@duconet-wg
```
## Truenas
Because truenas's /etc/wireguard is ephemeral we need to create scripts to save and load
our wireguard config at shutdown/boot.
Select these scripts in system settings -> advanced -> init/shutdown scripts
Startup Script:
/mnt/enc1/truenas/wireguard/duconet-save.sh
```bash
#!/bin/bash
cp -a /mnt/enc1/truenas/wireguard/* /etc/wireguard/
wg-quick up duconet-wg
```
Shutdown Script:
/mnt/enc1/truenas/wireguard/duconet-load.sh
```bash
#!/bin/bash
wg-quick save duconet-wg
cp -a /etc/wireguard/* /mnt/enc1/truenas/wireguard/
```
Reference in New Issue View Git Blame Copy Permalink