From edd331480301813af46ae147ef22a168b95cc539 Mon Sep 17 00:00:00 2001
From: root <root@onfarbo42.onf42.lan>
Date: Thu, 10 Feb 2022 14:57:50 +0100
Subject: [PATCH] modif et ajout
---
goss/goss.yaml | 61 ++++++++++++++++++++++++++++++++++
wireguard/android.sh | 79 ++++++++++++++++++++++++++++++++++++++++++++
wireguard/wg0-b.conf | 12 ++++---
3 files changed, 148 insertions(+), 4 deletions(-)
create mode 100644 goss/goss.yaml
create mode 100644 wireguard/android.sh
diff --git a/goss/goss.yaml b/goss/goss.yaml
new file mode 100644
index 0000000..676f342
--- /dev/null
+++ b/goss/goss.yaml
@@ -0,0 +1,61 @@
+package:
+ apache2:
+ installed: true
+ versions:
+ - 2.4.52-1~deb11u2
+ wireguard:
+ installed: true
+ versions:
+ - 1.0.20210223-1
+port:
+ tcp6:80:
+ listening: true
+ ip: []
+ tcp:3306:
+ listening: true
+ ip:
+ - 127.0.0.1
+service:
+ apache2:
+ enabled: true
+ running: true
+ mysql:
+ enabled: true
+ running: true
+ ssh:
+ enabled: true
+ running: true
+user:
+ mysql:
+ exists: true
+ uid: 106
+ gid: 113
+ groups:
+ - mysql
+ home: /nonexistent
+ shell: /bin/false
+group:
+ mysql:
+ exists: true
+ gid: 113
+ ssh:
+ exists: true
+ gid: 111
+process:
+ apache2:
+ running: true
+http:
+ http://onfarbo42/adminer.php:
+ status: 200
+ allow-insecure: false
+ no-follow-redirects: false
+ timeout: 5000
+ body:
+ - Adminer
+ http://onfarbo42/doku/doku.php:
+ status: 200
+ allow-insecure: false
+ no-follow-redirects: false
+ timeout: 5000
+ body:
+ - MISSION
diff --git a/wireguard/android.sh b/wireguard/android.sh
new file mode 100644
index 0000000..e270eaf
--- /dev/null
+++ b/wireguard/android.sh
@@ -0,0 +1,79 @@
+#!/bin/bash
+set -u
+set -e
+
+AddressAwg=10.0.0.1/32 # Adresse VPN Wireguard extremite A
+EndpointA=10.121.38.68 # Adresse extremite A
+PortA=51820 # Port ecoute extremite A
+AddressBwg=10.0.0.2/32 # Adresse VPN Wireguard extremite B
+EndpointB=192.168.1.82 # Adresse extremite B
+PortB=51820 # Port ecoute extremite B
+AddressCwg=10.0.0.3/32
+EndpointC=x.y.z.t
+PortC=51820
+
+umask 077 ;
+wg genkey > endpoint-a.key
+wg pubkey < endpoint-a.key > endpoint-a.pub
+
+wg genkey > endpoint-b.key
+wg pubkey < endpoint-b.key > endpoint-b.pub
+
+wg genkey > endpoint-c.key
+wg pubkey < endpoint-c.key > endpoint-c.pub
+
+PKA=$(cat endpoint-a.key)
+pKA=$(cat endpoint-a.pub)
+PKB=$(cat endpoint-b.key)
+pKB=$(cat endpoint-b.pub)
+PKC=$(cat endpoint-c.key)
+pKC=$(cat endpoint-c.pub)
+
+cat <<FINI > wg0-a.conf
+# local settings for Endpoint A
+[Interface]
+PrivateKey = $PKA
+Address = $AddressAwg
+ListenPort = $PortA
+
+# remote settings for Endpoint B
+[Peer]
+PublicKey = $pKB
+#Endpoint = ${EndpointB}:$PortB
+AllowedIPs = $AddressBwg
+
+# remote settings for Endpoint C
+[Peer]
+PublicKey = $pKC
+#EndPoint = ${EndpointC}:$PortC
+AllowedIPs = $AddressCwg
+FINI
+
+
+cat <<FINI > wg0-b.conf
+# local settings for Endpoint B
+[Interface]
+PrivateKey = $PKB
+Address = $AddressBwg
+ListenPort = $PortB
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = $pKA
+Endpoint = ${EndpointA}:$PortA
+AllowedIPs = $AddressAwg
+FINI
+
+cat <<FINI > wg0-c.conf
+# local settings for Endpoint C
+[Interface]
+PrivateKey = $PKC
+Address = $AddressCwg
+ListenPort = $PortC
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = $pKA
+Endpoint = ${EndpointA}:$PortA
+AllowedIPs = $AddressAwg
+FINI
diff --git a/wireguard/wg0-b.conf b/wireguard/wg0-b.conf
index 44343e7..cbcaa40 100644
--- a/wireguard/wg0-b.conf
+++ b/wireguard/wg0-b.conf
@@ -1,11 +1,15 @@
# local settings for Endpoint B
[Interface]
-PrivateKey = 0Nb+sT20LbiRTMk4Ll5FsASVSFTgdA+JyMpd8shxJFA=
+PrivateKey = oMcR7DZkrkUumSdvGgC3F/uuLVYICP8kTF/6BdNsFGU=
Address = 10.0.0.2/32
ListenPort = 51820
+# IP forwarding
+PreUp = sysctl -w net.ipv4.ip_forward=1
+
# remote settings for Endpoint A
[Peer]
-PublicKey = uKQUgVq/uud3tIV2Qibth/8YHzDL2Z0SmcsnC+LkAms=
-Endpoint = 10.121.38.68:51820
-AllowedIPs = 10.0.0.1/32
+PublicKey = ihizRzwgz/HEF8QHNPRYa7LYB/HTtnwWZlHltI0ZdDc=
+Endpoint = 192.168.0.51:51820
+AllowedIPs = 10.0.0.1/32, 192.168.1.0/24
+