wireguard: init config package

debian/changelog

@@ -3,6 +3,7 @@ shione-config (0.1.0) UNRELEASED; urgency=low
   * Add current openssh-server configuration.
   * Add current nftables configuration.
   * Add current nginx configuration.
+  * Add current wireguard configuration.
   * Initial release.
 
  -- Mohammed Amar-Bensaber <renken@shione.net>  Sun, 24 Aug 2024 16:06:00 +0200

debian/control

@@ -32,3 +32,12 @@ Provides: ${diverted-files}
 Conflicts: ${diverted-files}
 Description: Shione nginx configuration.
   Nginx configuration for shione.net.
+
+Package: wireguard-config
+Architecture: all
+Multi-Arch: foreign
+Depends: ${misc:Depends}, wireguard, wireguard-tools
+Provides: ${diverted-files}
+Conflicts: ${diverted-files}
+Description: Shione wireguard configuration.
+  Wireguard configuration for shione.net

debian/wireguard-config.install

@@ -0,0 +1,2 @@
+files/etc/sysctl.d/local.conf /etc/sysctl.d
+files/etc/wireguard /etc

files/etc/sysctl.d/local.conf

@@ -0,0 +1,67 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+###################################################################
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all, >1 bitmask of sysrq functions
+# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html
+# for what other values do
+#kernel.sysrq=438