Wireguards

2 weeks ago · 2ee68a9d92
parent 74a3d7a98d
commit 2ee68a9d92
7 changed files with 59 additions and 0 deletions
--- a/lib.shs
+++ b/lib.shs
@ -71,3 +71,15 @@ veth_to_bridge() {
 	ip link set dev "$ve_br" up
 	ip link set dev "$ifname" netns ./state/$mach/netns # FIXME: hardcoded
 }
+
+wireguard() {
+	ifname="$1"
+	config="$2"
+	shift 2
+	ip link add name "$ifname" type wireguard
+	wg setconf "$ifname" "$config"
+	for ip; do
+		ip addr add "$ip" dev "$ifname"
+	done
+	ip link set "$ifname" up
+}
--- a/machines/loc1xe/setup.sh
+++ b/machines/loc1xe/setup.sh
@ -12,3 +12,5 @@ ip addr add 192.168.0.3/24 dev wifi
 # No IPv6 at public spaces lol (but we should try obtaining it anyway!
 ip link set dev wifi up
 ip route add default via 192.168.0.1 dev wifi
+
+wireguard wg1 ./machines/$mach/wg1.conf 2a01:4f8:c0c:36b8:ff01:8000:10:f03/128
--- a/machines/loc1xe/wg-vms.conf
+++ b/machines/loc1xe/wg-vms.conf
@ -0,0 +1,12 @@
+[Interface]
+PrivateKey = 4BZHeHTS/BxAk4g8hnuPt9XnT/PkNonouwvTBqWzuEg=
+#PublicKey = TISpt9e6DkduZVO4vxtq2xc5obdQk+oVAmASGwO+QC4=
+
+# Uo
+[Peer]
+PublicKey = ayYOaj4sTxuLfc43v7jzm3vLwaBHwgPNHHPaqSoGuWg=
+# I guess everything goes?
+AllowedIPs = ::/0
+PersistentKeepalive = 30
+# FIXME: We know that this is IPv4-only host, but still it would be better to use a hostname with both IP addresses…
+Endpoint = 100.100.0.2:62421
--- a/machines/loc1xe/wg1.conf
+++ b/machines/loc1xe/wg1.conf
@ -0,0 +1,11 @@
+[Interface]
+PrivateKey = iKIS2LUeG+p1BopORRzys07H+XQsFiC0KOtQralM6UM=
+#PublicKey = rds4mKmqeqvfkXa54HUfSm1gSd/SsOgoKzM8J3MxjHY=
+
+# Uo
+[Peer]
+PublicKey = /8CkD4bw2UAyJERNPAm7x2dVwcJhQFHXDLXPshi8qzM=
+AllowedIPs = 2a01:4f8:c0c:36b8:ff01:8000:10:f06/128
+PersistentKeepalive = 30
+# FIXME: We know that this is IPv4-only host, but still it would be better to use a hostname with both IP addresses…
+Endpoint = 100.100.0.2:52345
--- a/machines/uo/setup.sh
+++ b/machines/uo/setup.sh
@ -1,6 +1,8 @@
 #!/bin/sh
 set -eu

+. ./lib.shs
+
 # typically: bring up the networks
 ip link set dev lo up

@ -12,3 +14,5 @@ ip addr add fe80:ff01::2/64 dev up_ve scope link
 ip link set dev up_ve up
 ip route add default via 100.100.0.1 dev up_ve
 ip route add default via fe80:ff01::1 dev up_ve
+
+wireguard wg1 ./machines/$mach/wg1.conf 2a01:4f8:c0c:36b8:ff01:8000:10:f06/128
--- a/machines/uo/wg-vms.conf
+++ b/machines/uo/wg-vms.conf
@ -0,0 +1,9 @@
+[Interface]
+PrivateKey = 0PzCYMZWnvmHGrz39yfPIacR0QsC4+vu5Oywj4UcNWk=
+#PublicKey = ayYOaj4sTxuLfc43v7jzm3vLwaBHwgPNHHPaqSoGuWg=
+ListenPort = 62421
+
+# Xe
+[Peer]
+PublicKey = TISpt9e6DkduZVO4vxtq2xc5obdQk+oVAmASGwO+QC4=
+AllowedIPs = 2a01:4f8:c0c:36b8:ff01:8000:0:0003/128 2a01:4f8:c0c:36b8:ff01:8000:0:0004/128
--- a/machines/uo/wg1.conf
+++ b/machines/uo/wg1.conf
@ -0,0 +1,9 @@
+[Interface]
+PrivateKey = WPFnuxrOJP7F5oXodB4O6uPTn5qzGQUwg6AekuYG43Y=
+#PublicKey = /8CkD4bw2UAyJERNPAm7x2dVwcJhQFHXDLXPshi8qzM=
+ListenPort = 52345
+
+# Xe
+[Peer]
+PublicKey = rds4mKmqeqvfkXa54HUfSm1gSd/SsOgoKzM8J3MxjHY=
+AllowedIPs = 2a01:4f8:c0c:36b8:ff01:8000:10:f03/128