Add wireguard profile

author Ismaël Bouya <ismael.bouya@normalesup.org>

Tue, 14 Aug 2018 17:23:47 +0000 (19:23 +0200)

committer Ismaël Bouya <ismael.bouya@normalesup.org>

Tue, 14 Aug 2018 17:57:25 +0000 (19:57 +0200)
author Ismaël Bouya <ismael.bouya@normalesup.org>
Tue, 14 Aug 2018 17:23:47 +0000 (19:23 +0200)
committer Ismaël Bouya <ismael.bouya@normalesup.org>
Tue, 14 Aug 2018 17:57:25 +0000 (19:57 +0200)
diff --git a/modules/profile/manifests/wireguard.pp b/modules/profile/manifests/wireguard.pp

new file mode 100644 (file)

index 0000000..ad1b081
--- /dev/null
+++ b/modules/profile/manifests/wireguard.pp
@@ -0,0 +1,29 @@
+class profile::wireguard (
+) {
+  $password_seed = lookup("base_installation::puppet_pass_seed")
+
+  ensure_packages(["linux-headers"], { before => Package["wireguard-dkms"] })
+  ensure_packages(["wireguard-tools", "wireguard-dkms"])
+
+  $host = $facts["ldapvar"]["self"]
+  if has_key($host["vars"], "wireguard_ip") {
+    $ips = $host["vars"]["wireguard_ip"]
+  } else {
+    $ips = []
+  }
+
+  $private_key = generate_password(32, $password_seed, "wireguard", "curve25519", true)
+
+  file { "/etc/wireguard/network.conf":
+    ensure  => "file",
+    mode    => "0600",
+    content => template("profile/wireguard/network.conf.erb"),
+    require => [Package["wireguard-tools"], Package["wireguard-dkms"]],
+  }
+  ->
+  service { "wg-quick@network":
+    ensure => "running",
+    enable => true,
+  }
+
+}
diff --git a/modules/profile/templates/wireguard/network.conf.erb b/modules/profile/templates/wireguard/network.conf.erb

new file mode 100644 (file)

index 0000000..0528050
--- /dev/null
+++ b/modules/profile/templates/wireguard/network.conf.erb
@@ -0,0 +1,13 @@
+[Interface]
+<%- @ips.each do |ip| %>
+Address = <%= ip %>
+<% end -%>
+PrivateKey = <%= @private_key %>
+
+<%- @facts["ldapvar"]["other"].each do |host| -%>
+<%- if (host["vars"]["wireguard_public"] || []).count > 0 %>
+[Peer]
+PublicKey = host["vars"]["wireguard_public"][0]
+
+<% end -%>
+<%- end -%>
diff --git a/modules/role/manifests/file_store.pp b/modules/role/manifests/file_store.pp

index ec12d75f0ca0718c23a8fb52f761efa2573a5e6b..bf4afe7c4ea683d92507d88d8dd86479467decb3 100644 (file)
--- a/modules/role/manifests/file_store.pp
+++ b/modules/role/manifests/file_store.pp
@@ -8,6 +8,7 @@ class role::file_store (
    include "profile::tools"
    include "profile::monitoring"
    include "profile::kerberos::client"
+  include "profile::wireguard"
  
    unless empty($mountpoint) {
      class { "::nfs":
author	Ismaël Bouya <ismael.bouya@normalesup.org>
	Tue, 14 Aug 2018 17:23:47 +0000 (19:23 +0200)
committer	Ismaël Bouya <ismael.bouya@normalesup.org>
	Tue, 14 Aug 2018 17:57:25 +0000 (19:57 +0200)
modules/profile/manifests/wireguard.pp	[new file with mode: 0644]	patch \| blob
modules/profile/templates/wireguard/network.conf.erb	[new file with mode: 0644]	patch \| blob
modules/role/manifests/file_store.pp		patch \| blob \| blame \| history