From: Ian Kelling Date: Tue, 24 Feb 2026 01:09:04 +0000 (-0500) Subject: more wireguard conversion X-Git-Url: https://iankelling.org/git/?a=commitdiff_plain;h=0d8889cef15110e1768fcb6b0424df21e1c8952f;p=distro-setup more wireguard conversion --- diff --git a/machine_specific/frodo/filesystem/etc/network/interfaces.d/eth10g b/machine_specific/frodo/filesystem/etc/network/interfaces.d/eth10g new file mode 100644 index 0000000..3770183 --- /dev/null +++ b/machine_specific/frodo/filesystem/etc/network/interfaces.d/eth10g @@ -0,0 +1,41 @@ +## example of 2 independent networks: + +# # top port +# auto eth2 +# iface eth2 inet static +# address 10.3.0.4/24 + +# # bottom port +# auto eth1 +# iface eth1 inet static +# address 10.9.0.4/24 + + +## manual bond configuration example: +# modprobe bonding +# echo +bond0 > /sys/class/net/bonding_masters +# echo +eth2 > /sys/class/net/bond0/bonding/slaves +# echo +eth1 > /sys/class/net/bond0/bonding/slaves +# ip addr add 10.3.0.4/24 dev bond0 +# ip link set bond0 up + +## things not needed for us, but could be useful elsewhere: + +# Set MII monitoring interval to 100ms for link detection +#echo 100 > /sys/class/net/bond0/bonding/miimon + +## bonding mode (we happen to be using the default) +#ip link set bond0 down +#echo balance-rr > /sys/class/net/bond0/bonding/mode + +# Also, set slaves to down before adding them. + +# status lookup: +# cat /proc/net/bonding/bond0 +# cat /sys/class/net/bond0/bonding/slaves +# cat /sys/class/net/bonding_masters + + +auto eth1 +iface eth1 inet static +address 10.3.0.4/24 diff --git a/machine_specific/kd/filesystem/etc/network/interfaces.d/eth10g b/machine_specific/kd/filesystem/etc/network/interfaces.d/eth10g new file mode 100644 index 0000000..50d8bb4 --- /dev/null +++ b/machine_specific/kd/filesystem/etc/network/interfaces.d/eth10g @@ -0,0 +1,19 @@ + +## example of 2 independent networks: + +# # top right port +# auto eth0 +# iface eth0 inet static +# address 10.3.0.2/24 + +# # bottom left port +# auto eth2 +# iface eth2 inet static +# address 10.9.0.2/24 +# # + + +auto eth0 +iface eth0 inet static +address 10.3.0.2/24 +# diff --git a/machine_specific/li/filesystem/etc/openvpn/client-config-hole/sf b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/sf new file mode 100644 index 0000000..9494151 --- /dev/null +++ b/machine_specific/li/filesystem/etc/openvpn/client-config-hole/sf @@ -0,0 +1 @@ +ifconfig-push 10.5.5.9 255.255.255.0 diff --git a/machine_specific/sf/filesystem/etc/systemd/system/wg-quick-tr-pre@.service b/machine_specific/sf/filesystem/etc/systemd/system/wg-quick-tr-pre@.service new file mode 100644 index 0000000..94ed15c --- /dev/null +++ b/machine_specific/sf/filesystem/etc/systemd/system/wg-quick-tr-pre@.service @@ -0,0 +1,11 @@ +[Unit] +Description=Initial setup of netns for wg-quick-tr %I + +[Service] +Type=oneshot +ExecStart=/usr/bin/flock -w 20 /tmp/newns.flock /usr/local/bin/newns/newns -n 10.174.9 start %i +ExecStop=/usr/bin/flock -w 20 /tmp/newns.flock /usr/local/bin/newns/newns stop %i +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/machine_specific/sf/filesystem/etc/systemd/system/wg-quick-tr@.service b/machine_specific/sf/filesystem/etc/systemd/system/wg-quick-tr@.service new file mode 100644 index 0000000..08bc8af --- /dev/null +++ b/machine_specific/sf/filesystem/etc/systemd/system/wg-quick-tr@.service @@ -0,0 +1,23 @@ +[Unit] +Description=WireGuard via wg-quick(8) for %I +After=network-online.target nss-lookup.target wg-quick-tr-pre@%i.service +Wants=network-online.target nss-lookup.target wg-quick-tr-pre@%i.service +Documentation=man:wg-quick(8) +Documentation=man:wg(8) + +[Service] +Type=simple +ExecReload=/bin/bash -c 'exec /usr/bin/wg syncconf %i <(exec /usr/bin/wg-quick strip %i)' +ExecStartPre=/sbin/iptables-restore /a/bin/distro-setup/transmission-firewall/netns.rules +ExecStartPre=/usr/sbin/ip r add 10.8.0.0/24 via 10.174.9.1 dev veth1-client +ExecStartPre=/usr/bin/wg-quick up %i +ExecStart=/bin/sleep infinity +ExecStopPost=/usr/bin/wg-quick down %i +ExecStopPost=/usr/sbin/ip r del 10.8.0.0/24 via 10.174.9.1 dev veth1-client +NetworkNamespacePath=/var/run/netns/%i +BindReadOnlyPaths=/etc/tr-resolv:/run/systemd/resolve:norbind /etc/basic-nsswitch:/etc/resolved-nsswitch:norbind +# copied from wg-quick@.service +Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity + +[Install] +WantedBy=multi-user.target