]>
Commit | Line | Data |
---|---|---|
7f8c6327 IB |
1 | class profile::wireguard ( |
2 | ) { | |
3 | $password_seed = lookup("base_installation::puppet_pass_seed") | |
4 | ||
5 | ensure_packages(["linux-headers"], { before => Package["wireguard-dkms"] }) | |
6 | ensure_packages(["wireguard-tools", "wireguard-dkms"]) | |
7 | ||
8 | $host = $facts["ldapvar"]["self"] | |
9 | if has_key($host["vars"], "wireguard_ip") { | |
10 | $ips = $host["vars"]["wireguard_ip"] | |
11 | } else { | |
12 | $ips = [] | |
13 | } | |
14 | ||
15 | $private_key = generate_password(32, $password_seed, "wireguard", "curve25519", true) | |
16 | ||
cfad7610 IB |
17 | if file("/usr/bin/wg", "/dev/null") != "" { |
18 | $puppet_notifies_path = lookup("base_installation::puppet_notifies_path") | |
19 | $public_key = generate("/usr/bin/bash", "-c", "echo $private_key | /usr/bin/wg pubkey") | |
20 | concat::fragment { "host_ldap add wireguard": | |
21 | target => "$puppet_notifies_path/host_ldap.info", | |
22 | content => "puppetVar: wireguard_public=$public_key", | |
23 | order => "00-80" | |
24 | } | |
25 | } | |
26 | ||
7f8c6327 IB |
27 | file { "/etc/wireguard/network.conf": |
28 | ensure => "file", | |
29 | mode => "0600", | |
30 | content => template("profile/wireguard/network.conf.erb"), | |
31 | require => [Package["wireguard-tools"], Package["wireguard-dkms"]], | |
cfad7610 | 32 | notify => Service["wg-quick@network"], |
7f8c6327 IB |
33 | } |
34 | -> | |
35 | service { "wg-quick@network": | |
36 | ensure => "running", | |
37 | enable => true, | |
38 | } | |
39 | ||
40 | } |