add openbsd hosts

author: Paul Buetow <paul@buetow.org> 2025-05-01 23:39:15 +0300
committer: Paul Buetow <paul@buetow.org> 2025-05-01 23:39:15 +0300
commit: a3ef632592f5b42464423afce8f09bb76c85f936 (patch)
tree: 736f60e310db91d91480de1fe7068540a54727f7
parent: 404e6a3eac35ae4469a404bbcf4d38eb11f5dc0e (diff)
3 files changed, 72 insertions, 14 deletions
diff --git a/README.md b/README.md
index ca134b8..ee7e68c 100644
--- a/README.md
+++ b/README.md
@@ -61,6 +61,9 @@ END
 192.168.2.120 r0.wg0 r0.wg0.wan.buetow.org
 192.168.2.121 r1.wg0 r1.wg0.wan.buetow.org
 192.168.2.122 r2.wg0 r2.wg0.wan.buetow.org
+
+192.168.2.110 blowfish.wg0 blowfish.wg0.wan.buetow.org
+192.168.2.111 fishfinger.wg0 fishfinger.wg0.wan.buetow.org
 END
 ```
 
@@ -72,6 +75,11 @@ https://github.com/angristan/wireguard-install/discussions/499
 [root@r0 ~] reboot
 ```
 
+### OpenBSD
+
+```sh
+```
+
 ### Install the config
 
 ## Installation
diff --git a/wireguardmeshgenerator.rb b/wireguardmeshgenerator.rb
index aee7d81..366a7cc 100644
--- a/wireguardmeshgenerator.rb
+++ b/wireguardmeshgenerator.rb
@@ -60,10 +60,16 @@ PeerSnippet = Struct.new(:myself, :peer, :domain, :wgdomain,
       # #{myself}.#{domain} as #{myself}.#{wgdomain}
       PublicKey = #{keytool.pub}
       PresharedKey = #{keytool.psk(peer)}
-      Endpoint = #{endpoint}:56709
       AllowedIPs = #{allowed_ips}/32
+      #{endpoint_str}
     PEER_CONF
   end
+
+  def endpoint_str
+    return '# Due to NAT no Endpoint configured' if endpoint == :behind_nat
+
+    "Endpoint = #{endpoint}:56709"
+  end
 end
 
 WireguardConfig = Struct.new(:myself, :hosts) do
@@ -95,12 +101,20 @@ WireguardConfig = Struct.new(:myself, :hosts) do
   private
 
   def peers
-    hosts.reject { _1 == myself }.map do |hostname, data|
-      PeerSnippet.new(hostname, myself,
-                      data['lan']['domain'],
-                      data['wg0']['domain'],
-                      data['wg0']['ip'],
-                      data['lan']['ip'])
+    excluded = hosts[myself].fetch('exclude_peers', []) << myself
+    i_am_in_lan = hosts[myself].key?('lan')
+
+    hosts.reject { excluded.include?(_1) }.map do |peer, data|
+      peer_is_in_lan = data.key?('lan')
+      reach = data[peer_is_in_lan ? 'lan' : 'internet']
+      endpoint = if peer_is_in_lan == i_am_in_lan ||
+                    !peer_is_in_lan
+                   reach['ip']
+                 else
+                   :behind_nat
+                 end
+      PeerSnippet.new(peer, myself, reach['domain'], data['wg0']['domain'],
+                      data['wg0']['ip'], endpoint)
     end
   end
 end
diff --git a/wireguardmeshgenerator.yaml b/wireguardmeshgenerator.yaml
index 920750f..26a6526 100644
--- a/wireguardmeshgenerator.yaml
+++ b/wireguardmeshgenerator.yaml
@@ -1,7 +1,7 @@
 ---
-wg_tool: /usr/bin/wg
 hosts:
   f0:
+    os: FreeBSD
     ssh:
       user: paul
       conf_dir: /usr/local/etc/wireguard
@@ -11,9 +11,11 @@ hosts:
       domain: 'lan.buetow.org'
       ip: '192.168.1.130'
     wg0:
-      domain: 'wg0.buetow.org'
+      domain: 'wg0.wan.buetow.org'
       ip: '192.168.2.130'
+    exclude_peers: [fishfinger, blowfish]
   f1:
+    os: FreeBSD
     ssh:
       user: paul
       conf_dir: /usr/local/etc/wireguard
@@ -23,9 +25,11 @@ hosts:
       domain: 'lan.buetow.org'
       ip: '192.168.1.131'
     wg0:
-      domain: 'wg0.buetow.org'
+      domain: 'wg0.wan.buetow.org'
       ip: '192.168.2.131'
+    exclude_peers: [fishfinger, blowfish]
   f2:
+    os: FreeBSD
     ssh:
       user: paul
       conf_dir: /usr/local/etc/wireguard
@@ -35,9 +39,11 @@ hosts:
       domain: 'lan.buetow.org'
       ip: '192.168.1.132'
     wg0:
-      domain: 'wg0.buetow.org'
+      domain: 'wg0.wan.buetow.org'
       ip: '192.168.2.132'
+    exclude_peers: [fishfinger, blowfish]
   r0:
+    os: Linux
     ssh:
       user: root
       conf_dir: /etc/wireguard
@@ -47,9 +53,10 @@ hosts:
       domain: 'lan.buetow.org'
       ip: '192.168.1.120'
     wg0:
-      domain: 'wg0.buetow.org'
+      domain: 'wg0.wan.buetow.org'
       ip: '192.168.2.120'
   r1:
+    os: Linux
     ssh:
       user: root
       conf_dir: /etc/wireguard
@@ -59,9 +66,10 @@ hosts:
       domain: 'lan.buetow.org'
       ip: '192.168.1.121'
     wg0:
-      domain: 'wg0.buetow.org'
+      domain: 'wg0.wan.buetow.org'
       ip: '192.168.2.121'
   r2:
+    os: Linux
     ssh:
       user: root
       conf_dir: /etc/wireguard
@@ -71,5 +79,33 @@ hosts:
       domain: 'lan.buetow.org'
       ip: '192.168.1.122'
     wg0:
-      domain: 'wg0.buetow.org'
+      domain: 'wg0.wan.buetow.org'
       ip: '192.168.2.122'
+  blowfish:
+    os: OpenBSD
+    ssh:
+      user: rex
+      conf_dir: /etc/wireguard
+      sudo_cmd: doas
+      reload_cmd: rcctl reload wireguard
+    internet:
+      domain: 'buetow.org'
+      ip: '23.88.35.144'
+    wg0:
+      domain: 'wg0.wan.buetow.org'
+      ip: '192.168.2.110'
+    exclude_peers: [f0, f1, f2]
+  fishfinger:
+    os: OpenBSD
+    ssh:
+      user: rex
+      conf_dir: /etc/wireguard
+      sudo_cmd: doas
+      reload_cmd: rcctl reload wireguard
+    internet:
+      domain: 'buetow.org'
+      ip: '46.23.94.99'
+    wg0:
+      domain: 'wg0.wan.buetow.org'
+      ip: '192.168.2.111'
+    exclude_peers: [f0, f1, f2]
author	Paul Buetow <paul@buetow.org>	2025-05-01 23:39:15 +0300
committer	Paul Buetow <paul@buetow.org>	2025-05-01 23:39:15 +0300
commit	a3ef632592f5b42464423afce8f09bb76c85f936 (patch)
tree	736f60e310db91d91480de1fe7068540a54727f7
parent	404e6a3eac35ae4469a404bbcf4d38eb11f5dc0e (diff)