From 9e1abb89470c851757fb3edf412aa413ae968fee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorben=20G=C3=BCnther?= <admin@xenrox.net>
Date: Tue, 21 Jun 2022 18:59:21 +0200
Subject: [PATCH] wireguard: Add desktop access to internal network

For now only access to the main server.
---
 host_vars/fenrir.xenrox.net/vars.yml    | 2 +-
 host_vars/xenrox.net/vars.yml           | 2 +-
 roles/wireguard/templates/wg0.netdev.j2 | 7 +++++++
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/host_vars/fenrir.xenrox.net/vars.yml b/host_vars/fenrir.xenrox.net/vars.yml
index 8d3cc64..f41a8dd 100644
--- a/host_vars/fenrir.xenrox.net/vars.yml
+++ b/host_vars/fenrir.xenrox.net/vars.yml
@@ -1,3 +1,3 @@
 ---
 ci_deploy_target: true
-wireguard_address: 10.0.0.2
+wireguard_address: 10.0.0.3
diff --git a/host_vars/xenrox.net/vars.yml b/host_vars/xenrox.net/vars.yml
index a3bf1c6..5034c34 100644
--- a/host_vars/xenrox.net/vars.yml
+++ b/host_vars/xenrox.net/vars.yml
@@ -7,7 +7,7 @@ ipv6_netmask: "/64"
 ipv6_gateway: "fe80::1"
 
 network_interface: enp9s0
-wireguard_address: 10.0.0.1
+wireguard_address: 10.0.0.2
 wireguard_vpn_subnet: 10.200.200.0/24
 
 borg_user: u272193-sub1
diff --git a/roles/wireguard/templates/wg0.netdev.j2 b/roles/wireguard/templates/wg0.netdev.j2
index 80ea2ba..1f5b513 100644
--- a/roles/wireguard/templates/wg0.netdev.j2
+++ b/roles/wireguard/templates/wg0.netdev.j2
@@ -15,3 +15,10 @@ AllowedIPs={{ hostvars[host]['wireguard_address'] }}/32
 Endpoint={{ host }}:51820
 
 {% endfor %}
+
+{% if inventory_hostname == 'xenrox.net' %}
+[WireGuardPeer]
+PublicKey={{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/wireguard/localhost.pub:content') | trim }}
+PresharedKey={{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/wireguard/localhost.psk:content') | trim }}
+AllowedIPs=10.0.0.1/32
+{% endif %}
-- 
2.44.0