chore: add wireguard directory

2024-05-06 18:01:03 +02:00 · 2024-05-06 18:01:03 +02:00 · e1baf2a538
parent 51e4b272b2
commit e1baf2a538
3 changed files with 32 additions and 0 deletions
--- a/wireguard/README.md
+++ b/wireguard/README.md
@ -0,0 +1,8 @@
+# Configuration de `wireguard`
+
+Serveur VPN.
+
+## Emplacements
+
+- `./server/*` -> `/etc/wireguard/*`
+- `./clients/*` -> N.A.
--- a/wireguard/clients/wifi_fablab.conf
+++ b/wireguard/clients/wifi_fablab.conf
@ -0,0 +1,11 @@
+[Interface]
+Address = 10.0.0.2/24
+PrivateKey = #! TODO use Secrets
+DNS = 208.67.222.222, 208.67.220.220
+MTU = 1420
+
+[Peer]
+AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1 # Don't intercept local traffic
+Endpoint = cohabit.fr:#! TODO use Secrets
+PersistentKeepalive = 25
+PublicKey = #! TODO use Secrets
--- a/wireguard/server/wg0.conf
+++ b/wireguard/server/wg0.conf
@ -0,0 +1,13 @@
+[Interface]
+PrivateKey = #! TODO use Secrets
+Address = 10.0.0.1/24
+MTU = 1420
+ListenPort = #! TODO use Secrets
+PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
+
+### Wifi Fablab ###
+[Peer]
+PublicKey = #! TODO use Secrets
+AllowedIPs = 10.0.0.2/32
+###################