chore: add wireguard directory

wireguard/README.md

@@ -0,0 +1,8 @@
+# Configuration de `wireguard`
+
+Serveur VPN.
+
+## Emplacements
+
+- `./server/*` -> `/etc/wireguard/*`
+- `./clients/*` -> N.A.

wireguard/clients/wifi_fablab.conf

@@ -0,0 +1,11 @@
+[Interface]
+Address = 10.0.0.2/24
+PrivateKey = #! TODO use Secrets
+DNS = 208.67.222.222, 208.67.220.220
+MTU = 1420
+
+[Peer]
+AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1 # Don't intercept local traffic
+Endpoint = cohabit.fr:#! TODO use Secrets
+PersistentKeepalive = 25
+PublicKey = #! TODO use Secrets

wireguard/server/wg0.conf

@@ -0,0 +1,13 @@
+[Interface]
+PrivateKey = #! TODO use Secrets
+Address = 10.0.0.1/24
+MTU = 1420
+ListenPort = #! TODO use Secrets
+PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
+
+### Wifi Fablab ###
+[Peer]
+PublicKey = #! TODO use Secrets
+AllowedIPs = 10.0.0.2/32
+###################