Skip to content

Commit

Permalink
Add peers as option for vpn_traffic
Browse files Browse the repository at this point in the history
  • Loading branch information
chadgeary committed Nov 15, 2020
1 parent 185e9ea commit f8e2e4e
Show file tree
Hide file tree
Showing 11 changed files with 28 additions and 18 deletions.
6 changes: 4 additions & 2 deletions aws/aws.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,11 @@ wireguard_peers = 20
# dns over https provider, one of adguard applied-privacy cloudflare google hurricane-electric libre-dns opendns pi-dns quad9-recommended - see https://github.com/curl/curl/wiki/DNS-over-HTTPS
doh_provider = "opendns"

# Generate wireguard client configurations to route only DNS traffic through VPN, or all traffic.
# Generate wireguard client configurations to route only "dns" traffic through VPN, or:
# "peers" - dns + other connected peers
# "all" - all traffic
# The wireguard server container does NOT restrict clients, clients can change their AllowedIPs as desired.
# either "dns" or "all"
# either "dns" "peers" or "all"
vpn_traffic = "dns"

# a value of 1 permits mgmt_cidr access to DNS without the VPN
Expand Down
8 changes: 5 additions & 3 deletions azure/az.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,11 @@ wireguard_peers = 20
# dns over https provider, one of adguard applied-privacy cloudflare google hurricane-electric libre-dns opendns pi-dns quad9-recommended - see https://github.com/curl/curl/wiki/DNS-over-HTTPS
doh_provider = "opendns"

# Generate wireguard client configurations to route only DNS traffic through VPN, or all traffic.
# The wireguard server container does NOT restrict clients, clients can change their AllowedIPs as desired.
# either "dns" or "all"
# Generate wireguard client configurations to route only "dns" traffic through VPN, or:
# # "peers" - dns + other connected peers
# # "all" - all traffic
# # The wireguard server container does NOT restrict clients, clients can change their AllowedIPs as desired.
# # either "dns" "peers" or "all"
vpn_traffic = "dns"

# a value of 1 permits mgmt_cidr access to DNS without the VPN
Expand Down
6 changes: 4 additions & 2 deletions gcp/gcp.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,11 @@ wireguard_peers = 20
# dns over https provider, one of adguard applied-privacy cloudflare google hurricane-electric libre-dns opendns pi-dns quad9-recommended - see https://github.com/curl/curl/wiki/DNS-over-HTTPS
doh_provider = "opendns"

# Generate wireguard client configurations to route only DNS traffic through VPN, or all traffic.
# Generate wireguard client configurations to route only "dns" traffic through VPN, or:
# "peers" - dns + other connected peers
# "all" - all traffic
# The wireguard server container does NOT restrict clients, clients can change their AllowedIPs as desired.
# either "dns" or "all"
# either "dns" "peers" or "all"
vpn_traffic = "dns"

# a value of 1 permits mgmt_cidr access to DNS without the VPN
Expand Down
6 changes: 4 additions & 2 deletions oci/oci.tfvars
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,11 @@ wireguard_peers = 20
# dns over https provider, one of adguard applied-privacy cloudflare google hurricane-electric libre-dns opendns pi-dns quad9-recommended - see https://github.com/curl/curl/wiki/DNS-over-HTTPS
doh_provider = "opendns"

# Generate wireguard client configurations to route only DNS traffic through VPN, or all traffic.
# Generate wireguard client configurations to route only "dns" traffic through VPN, or:
# "peers" - dns + other connected peers
# "all" - all traffic
# The wireguard server container does NOT restrict clients, clients can change their AllowedIPs as desired.
# either "dns" or "all"
# either "dns" "peers" or "all"
vpn_traffic = "dns"

# a value of 1 permits mgmt_cidr access to DNS without the VPN
Expand Down
8 changes: 5 additions & 3 deletions playbooks/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,12 @@ One of: adguard applied-privacy cloudflare google hurricane-electric libre-dns o
Flag to allow DNS lookups directly to the pihole service without Wireguard VPN (exposes Pihole 53/tcp and 53/udp). Useful for local deployments where a traditional DNS service is required.
1 for true, 0 for false
# vpn_traffic
# Generate wireguard client configurations to route only DNS traffic through VPN, or all traffic.
# Generate wireguard client configurations to route only "dns" traffic through VPN, or:
# "peers" - dns + other connected peers
# "all" - all traffic
# The wireguard server container does NOT restrict clients, clients can change their AllowedIPs as desired.
One of: dns all
# either "dns" "peers" or "all"
vpn_traffic = "dns"
# others
The IP address variables should be changed if they'll conflict/overlap local networks. wireguard_network must not be in the same /24 as docker_<var>s
Expand Down
2 changes: 1 addition & 1 deletion playbooks/cloudblock_amd64.yml
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,7 @@
TZ: "Etc/UTC"
SERVERURL: "auto"
SERVERPORT: "51820"
ALLOWEDIPS: "{% if vpn_traffic is not defined %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'dns' %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'all' %}0.0.0.0/0{% else %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% endif %}"
ALLOWEDIPS: "{% if vpn_traffic is not defined %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'dns' %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'peers' %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32,{{ wireguard_network }}/24{% elif vpn_traffic == 'all' %}0.0.0.0/0{% else %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% endif %}"
PEERS: "{{ wireguard_peers }}"
PEERDNS: "{{ docker_pihole }}"
INTERNAL_SUBNET: "{{ wireguard_network }}"
Expand Down
2 changes: 1 addition & 1 deletion playbooks/cloudblock_arm64.yml
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@
TZ: "Etc/UTC"
SERVERURL: "auto"
SERVERPORT: "51820"
ALLOWEDIPS: "{% if vpn_traffic is not defined %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'dns' %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'all' %}0.0.0.0/0{% else %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% endif %}"
ALLOWEDIPS: "{% if vpn_traffic is not defined %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'dns' %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'peers' %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32,{{ wireguard_network }}/24{% elif vpn_traffic == 'all' %}0.0.0.0/0{% else %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% endif %}"
PEERS: "{{ wireguard_peers }}"
PEERDNS: "{{ docker_pihole }}"
INTERNAL_SUBNET: "{{ wireguard_network }}"
Expand Down
2 changes: 1 addition & 1 deletion playbooks/cloudblock_aws_arm.yml
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,7 @@
TZ: "Etc/UTC"
SERVERURL: "auto"
SERVERPORT: "51820"
ALLOWEDIPS: "{% if vpn_traffic is not defined %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'dns' %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'all' %}0.0.0.0/0{% else %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% endif %}"
ALLOWEDIPS: "{% if vpn_traffic is not defined %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'dns' %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'peers' %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32,{{ wireguard_network }}/24{% elif vpn_traffic == 'all' %}0.0.0.0/0{% else %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% endif %}"
PEERS: "{{ wireguard_peers }}"
PEERDNS: "{{ docker_pihole }}"
INTERNAL_SUBNET: "{{ wireguard_network }}"
Expand Down
2 changes: 1 addition & 1 deletion playbooks/cloudblock_azure.yml
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,7 @@
TZ: "Etc/UTC"
SERVERURL: "auto"
SERVERPORT: "51820"
ALLOWEDIPS: "{% if vpn_traffic is not defined %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'dns' %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'all' %}0.0.0.0/0{% else %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% endif %}"
ALLOWEDIPS: "{% if vpn_traffic is not defined %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'dns' %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'peers' %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32,{{ wireguard_network }}/24{% elif vpn_traffic == 'all' %}0.0.0.0/0{% else %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% endif %}"
PEERS: "{{ wireguard_peers }}"
PEERDNS: "{{ docker_pihole }}"
INTERNAL_SUBNET: "{{ wireguard_network }}"
Expand Down
2 changes: 1 addition & 1 deletion playbooks/cloudblock_gcp.yml
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,7 @@
TZ: "Etc/UTC"
SERVERURL: "auto"
SERVERPORT: "51820"
ALLOWEDIPS: "{% if vpn_traffic is not defined %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'dns' %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'all' %}0.0.0.0/0{% else %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% endif %}"
ALLOWEDIPS: "{% if vpn_traffic is not defined %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'dns' %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'peers' %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32,{{ wireguard_network }}/24{% elif vpn_traffic == 'all' %}0.0.0.0/0{% else %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% endif %}"
PEERS: "{{ wireguard_peers }}"
PEERDNS: "{{ docker_pihole }}"
INTERNAL_SUBNET: "{{ wireguard_network }}"
Expand Down
2 changes: 1 addition & 1 deletion playbooks/cloudblock_oci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,7 @@
TZ: "Etc/UTC"
SERVERURL: "auto"
SERVERPORT: "51820"
ALLOWEDIPS: "{% if vpn_traffic is not defined %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'dns' %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'all' %}0.0.0.0/0{% else %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% endif %}"
ALLOWEDIPS: "{% if vpn_traffic is not defined %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'dns' %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% elif vpn_traffic == 'peers' %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32,{{ wireguard_network }}/24{% elif vpn_traffic == 'all' %}0.0.0.0/0{% else %}{{ docker_pihole }}/32,{{ docker_webproxy }}/32{% endif %}"
PEERS: "{{ wireguard_peers }}"
PEERDNS: "{{ docker_pihole }}"
INTERNAL_SUBNET: "{{ wireguard_network }}"
Expand Down

0 comments on commit f8e2e4e

Please sign in to comment.