From 98a3f8178c166872e981db0f3e34bc5802b6b31f Mon Sep 17 00:00:00 2001
From: Tobias Manske <tobias.manske@mailbox.org>
Date: Sun, 5 Mar 2023 04:26:29 +0100
Subject: [PATCH] Wireguard: More Peer Config

---
 .../templates/wireguard/docker-compose.yaml         |  3 ---
 .../compose_project/templates/wireguard/wg0.conf    | 13 ++++++++++---
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/coreos-config/roles/compose_project/templates/wireguard/docker-compose.yaml b/coreos-config/roles/compose_project/templates/wireguard/docker-compose.yaml
index ba42f04..bf6c58b 100644
--- a/coreos-config/roles/compose_project/templates/wireguard/docker-compose.yaml
+++ b/coreos-config/roles/compose_project/templates/wireguard/docker-compose.yaml
@@ -25,12 +25,9 @@ services:
     restart: unless-stopped
     networks:
       - default
-      - gateway
       - internal_services
 
 networks:
-  gateway:
-    external: true
   internal_services:
     name: internal_services
     internal: true
diff --git a/coreos-config/roles/compose_project/templates/wireguard/wg0.conf b/coreos-config/roles/compose_project/templates/wireguard/wg0.conf
index d308ed9..a3ebb30 100644
--- a/coreos-config/roles/compose_project/templates/wireguard/wg0.conf
+++ b/coreos-config/roles/compose_project/templates/wireguard/wg0.conf
@@ -1,11 +1,12 @@
 [Interface]
-Address = 10.2.0.1/16
-Address = fd10:4000::1/32
+{% for addr in wireguard.cidr %}
+Address = {{ addr }}
+{% endfor %}
 MTU = 1420
 SaveConfig = true
 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
-ListenPort = 51820
+ListenPort = {{ wireguard.port }}
 PrivateKey = {{ wireguard.private_key }}
 
 {% for peer in wireguard_peers %}
@@ -13,5 +14,11 @@ PrivateKey = {{ wireguard.private_key }}
 [Peer]
 PublicKey = {{ peer.pubkey }}
 AllowedIPs = {{ peer.allowedips | join(", ") }}
+{% if peer.endpoint is defined %}
+Endpoint = {{ peer.endpoint }}
+{% endif %}
+{% if peer.keepalive is defined %}
+PersistentKeepalive = {{ peer.keepalive }}
+{% endif %}
 
 {% endfor %}