From 2ee68a9d9213e3e1e1b57ea016e136fa676db4bb Mon Sep 17 00:00:00 2001 From: Pavel 'LEdoian' Turinsky Date: Fri, 21 Feb 2025 11:47:28 +0100 Subject: [PATCH] Wireguards --- lib.shs | 12 ++++++++++++ machines/loc1xe/setup.sh | 2 ++ machines/loc1xe/wg-vms.conf | 12 ++++++++++++ machines/loc1xe/wg1.conf | 11 +++++++++++ machines/uo/setup.sh | 4 ++++ machines/uo/wg-vms.conf | 9 +++++++++ machines/uo/wg1.conf | 9 +++++++++ 7 files changed, 59 insertions(+) create mode 100644 machines/loc1xe/wg-vms.conf create mode 100644 machines/loc1xe/wg1.conf create mode 100644 machines/uo/wg-vms.conf create mode 100644 machines/uo/wg1.conf diff --git a/lib.shs b/lib.shs index eac6351..4de0032 100644 --- a/lib.shs +++ b/lib.shs @@ -71,3 +71,15 @@ veth_to_bridge() { ip link set dev "$ve_br" up ip link set dev "$ifname" netns ./state/$mach/netns # FIXME: hardcoded } + +wireguard() { + ifname="$1" + config="$2" + shift 2 + ip link add name "$ifname" type wireguard + wg setconf "$ifname" "$config" + for ip; do + ip addr add "$ip" dev "$ifname" + done + ip link set "$ifname" up +} diff --git a/machines/loc1xe/setup.sh b/machines/loc1xe/setup.sh index efc64e4..700b17e 100755 --- a/machines/loc1xe/setup.sh +++ b/machines/loc1xe/setup.sh @@ -12,3 +12,5 @@ ip addr add 192.168.0.3/24 dev wifi # No IPv6 at public spaces lol (but we should try obtaining it anyway! ip link set dev wifi up ip route add default via 192.168.0.1 dev wifi + +wireguard wg1 ./machines/$mach/wg1.conf 2a01:4f8:c0c:36b8:ff01:8000:10:f03/128 diff --git a/machines/loc1xe/wg-vms.conf b/machines/loc1xe/wg-vms.conf new file mode 100644 index 0000000..8e997e6 --- /dev/null +++ b/machines/loc1xe/wg-vms.conf @@ -0,0 +1,12 @@ +[Interface] +PrivateKey = 4BZHeHTS/BxAk4g8hnuPt9XnT/PkNonouwvTBqWzuEg= +#PublicKey = TISpt9e6DkduZVO4vxtq2xc5obdQk+oVAmASGwO+QC4= + +# Uo +[Peer] +PublicKey = ayYOaj4sTxuLfc43v7jzm3vLwaBHwgPNHHPaqSoGuWg= +# I guess everything goes? +AllowedIPs = ::/0 +PersistentKeepalive = 30 +# FIXME: We know that this is IPv4-only host, but still it would be better to use a hostname with both IP addresses… +Endpoint = 100.100.0.2:62421 diff --git a/machines/loc1xe/wg1.conf b/machines/loc1xe/wg1.conf new file mode 100644 index 0000000..03cb7a5 --- /dev/null +++ b/machines/loc1xe/wg1.conf @@ -0,0 +1,11 @@ +[Interface] +PrivateKey = iKIS2LUeG+p1BopORRzys07H+XQsFiC0KOtQralM6UM= +#PublicKey = rds4mKmqeqvfkXa54HUfSm1gSd/SsOgoKzM8J3MxjHY= + +# Uo +[Peer] +PublicKey = /8CkD4bw2UAyJERNPAm7x2dVwcJhQFHXDLXPshi8qzM= +AllowedIPs = 2a01:4f8:c0c:36b8:ff01:8000:10:f06/128 +PersistentKeepalive = 30 +# FIXME: We know that this is IPv4-only host, but still it would be better to use a hostname with both IP addresses… +Endpoint = 100.100.0.2:52345 diff --git a/machines/uo/setup.sh b/machines/uo/setup.sh index 210bd76..fbfe793 100755 --- a/machines/uo/setup.sh +++ b/machines/uo/setup.sh @@ -1,6 +1,8 @@ #!/bin/sh set -eu +. ./lib.shs + # typically: bring up the networks ip link set dev lo up @@ -12,3 +14,5 @@ ip addr add fe80:ff01::2/64 dev up_ve scope link ip link set dev up_ve up ip route add default via 100.100.0.1 dev up_ve ip route add default via fe80:ff01::1 dev up_ve + +wireguard wg1 ./machines/$mach/wg1.conf 2a01:4f8:c0c:36b8:ff01:8000:10:f06/128 diff --git a/machines/uo/wg-vms.conf b/machines/uo/wg-vms.conf new file mode 100644 index 0000000..58ba84f --- /dev/null +++ b/machines/uo/wg-vms.conf @@ -0,0 +1,9 @@ +[Interface] +PrivateKey = 0PzCYMZWnvmHGrz39yfPIacR0QsC4+vu5Oywj4UcNWk= +#PublicKey = ayYOaj4sTxuLfc43v7jzm3vLwaBHwgPNHHPaqSoGuWg= +ListenPort = 62421 + +# Xe +[Peer] +PublicKey = TISpt9e6DkduZVO4vxtq2xc5obdQk+oVAmASGwO+QC4= +AllowedIPs = 2a01:4f8:c0c:36b8:ff01:8000:0:0003/128 2a01:4f8:c0c:36b8:ff01:8000:0:0004/128 diff --git a/machines/uo/wg1.conf b/machines/uo/wg1.conf new file mode 100644 index 0000000..9fe36ea --- /dev/null +++ b/machines/uo/wg1.conf @@ -0,0 +1,9 @@ +[Interface] +PrivateKey = WPFnuxrOJP7F5oXodB4O6uPTn5qzGQUwg6AekuYG43Y= +#PublicKey = /8CkD4bw2UAyJERNPAm7x2dVwcJhQFHXDLXPshi8qzM= +ListenPort = 52345 + +# Xe +[Peer] +PublicKey = rds4mKmqeqvfkXa54HUfSm1gSd/SsOgoKzM8J3MxjHY= +AllowedIPs = 2a01:4f8:c0c:36b8:ff01:8000:10:f03/128