From 150be2ac7c15c88e4cf072156247aab255ae76dd Mon Sep 17 00:00:00 2001
From: Stefan <stefan@freifunk-troisdorf.de>
Date: Mon, 9 May 2022 12:16:09 +0200
Subject: [PATCH] Running config v1

---
 handlers/main.yml                             | 29 -------------------
 host_vars/troisdorf7.yml                      | 20 +++++++++++--
 .../tasks/templates/50-ifdown-hooks.sh.j2     |  6 ----
 .../tasks/templates/50-ifup-hooks.sh.j2       |  8 -----
 roles/21-install-wireguard/handlers/main.yml  | 20 +++++++++++++
 5 files changed, 38 insertions(+), 45 deletions(-)
 delete mode 100644 handlers/main.yml
 delete mode 100644 roles/00-system-set-network/tasks/templates/50-ifdown-hooks.sh.j2
 delete mode 100644 roles/00-system-set-network/tasks/templates/50-ifup-hooks.sh.j2
 create mode 100644 roles/21-install-wireguard/handlers/main.yml

diff --git a/handlers/main.yml b/handlers/main.yml
deleted file mode 100644
index 3a899e5..0000000
--- a/handlers/main.yml
+++ /dev/null
@@ -1,29 +0,0 @@
----
-- name: restart wireguard
-  ansible.builtin.service:
-    name: "wg-quick@{{ wireguard_interface }}"
-    state: "{{ item }}"
-  loop:
-    - stopped
-    - started
-  when:
-    - wireguard__restart_interface
-    - not ansible_os_family == 'Darwin'
-    - wireguard_service_enabled == "yes"
-  listen: "reconfigure wireguard"
-
-- name: syncconf wireguard
-  ansible.builtin.shell: |
-    set -o errexit
-    set -o pipefail
-    set -o nounset
-    systemctl is-active wg-quick@{{ wireguard_interface|quote }} || systemctl start wg-quick@{{ wireguard_interface|quote }}
-    wg syncconf {{ wireguard_interface|quote }} <(wg-quick strip /etc/wireguard/{{ wireguard_interface|quote }}.conf)
-    exit 0
-  args:
-    executable: "/bin/bash"
-  when:
-    - not wireguard__restart_interface
-    - not ansible_os_family == 'Darwin'
-    - wireguard_service_enabled == "yes"
-  listen: "reconfigure wireguard"
\ No newline at end of file
diff --git a/host_vars/troisdorf7.yml b/host_vars/troisdorf7.yml
index 28133d4..ff71b52 100644
--- a/host_vars/troisdorf7.yml
+++ b/host_vars/troisdorf7.yml
@@ -1,5 +1,21 @@
 wireguard_unmanaged_peers:
-  vpn1-stefan:
+  vpn1-testing:
     public_key: 8BoLoKRwSNRdUe0uygneYFdTIx5iHwoMENbnzpomYCI=
     allowed_ips: 10.255.1.2/32, 10.1.0.0/16
-    persistent_keepalive: 25
\ No newline at end of file
+    persistent_keepalive: 25
+#  vpn2-stefan:
+#    public_key: NvJKN6xorzvwL7NhMoY2bEwpDVTl9Ob/1gx9g8tHfic=
+#    allowed_ips: 10.255.1.3/32, 10.2.0.0/16
+#    persistent_keepalive: 25
+#  vpn3-empty:
+#    public_key: pwD87EgTk8fGctR1Cz6/DfwGuzTg8VO2YC2CM58Sdlw=
+#    allowed_ips: 10.255.1.2/32, 10.1.0.0/16
+#    persistent_keepalive: 25
+#  vpn4-empty:
+#    public_key: N54OfQCIQGbPltC4sq/1gvV/2UXFKcQAti9ORNvlFxA=
+#    allowed_ips: 10.255.1.2/32, 10.1.0.0/16
+#    persistent_keepalive: 25
+#  vpn5-empty:
+#    public_key: sKi7h1W89XEe9tzxbXbev3oHBoS0VOLXFFLvwQZ+wAM=
+#    allowed_ips: 10.255.1.2/32, 10.1.0.0/16
+#    persistent_keepalive: 25
\ No newline at end of file
diff --git a/roles/00-system-set-network/tasks/templates/50-ifdown-hooks.sh.j2 b/roles/00-system-set-network/tasks/templates/50-ifdown-hooks.sh.j2
deleted file mode 100644
index fd98692..0000000
--- a/roles/00-system-set-network/tasks/templates/50-ifdown-hooks.sh.j2
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-
-if [ "$IFACE" == "gre*" ];
-then
-        iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source {{ ffrl_ipv4 }}
-fi
\ No newline at end of file
diff --git a/roles/00-system-set-network/tasks/templates/50-ifup-hooks.sh.j2 b/roles/00-system-set-network/tasks/templates/50-ifup-hooks.sh.j2
deleted file mode 100644
index 35aed30..0000000
--- a/roles/00-system-set-network/tasks/templates/50-ifup-hooks.sh.j2
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-if [ "$IFACE" == "gre*" ];
-then
-    iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source {{ ffrl_ipv4 }}
-    iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
-    ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
-fi
diff --git a/roles/21-install-wireguard/handlers/main.yml b/roles/21-install-wireguard/handlers/main.yml
new file mode 100644
index 0000000..8552c3d
--- /dev/null
+++ b/roles/21-install-wireguard/handlers/main.yml
@@ -0,0 +1,20 @@
+---
+- name: restart wireguard
+  ansible.builtin.service:
+    name: "wg-quick@vpn01"
+    state: "{{ item }}"
+  loop:
+    - stopped
+    - started
+  listen: "reconfigure wireguard"
+- name: syncconf wireguard
+  ansible.builtin.shell: |
+    set -o errexit
+    set -o pipefail
+    set -o nounset
+    systemctl is-active wg-quick@vpn01 || systemctl start wg-quick@vpn01
+    wg syncconf vpn01 <(wg-quick strip /etc/wireguard/vpn01.conf)
+    exit 0
+  args:
+    executable: "/bin/bash"
+  listen: "reconfigure wireguard"
\ No newline at end of file