$private_key = generate_password(32, $password_seed, "wireguard", "curve25519", true)
+ if file("/usr/bin/wg", "/dev/null") != "" {
+ $puppet_notifies_path = lookup("base_installation::puppet_notifies_path")
+ $public_key = generate("/usr/bin/bash", "-c", "echo $private_key | /usr/bin/wg pubkey")
+ concat::fragment { "host_ldap add wireguard":
+ target => "$puppet_notifies_path/host_ldap.info",
+ content => "puppetVar: wireguard_public=$public_key",
+ order => "00-80"
+ }
+ }
+
file { "/etc/wireguard/network.conf":
ensure => "file",
mode => "0600",
content => template("profile/wireguard/network.conf.erb"),
require => [Package["wireguard-tools"], Package["wireguard-dkms"]],
+ notify => Service["wg-quick@network"],
}
->
service { "wg-quick@network":
[Interface]
-<%- @ips.each do |ip| %>
+<%- @ips.each do |ip| -%>
Address = <%= ip %>
-<% end -%>
+<%- end -%>
PrivateKey = <%= @private_key %>
+ListenPort = 51820
<%- @facts["ldapvar"]["other"].each do |host| -%>
<%- if (host["vars"]["wireguard_public"] || []).count > 0 %>
[Peer]
-PublicKey = host["vars"]["wireguard_public"][0]
+# <%= host["vars"]["real_hostname"][0] %>
+PublicKey = <%= host["vars"]["wireguard_public"][0] %>
+<%- if (host["vars"]["wireguard_ip"] || []).count > 0 -%>
+AllowedIps = <%= host["vars"]["wireguard_ip"].join(", ").gsub /\/\d+/, "/32" %>
+<%- end -%>
+Endpoint = <%= host["vars"]["real_hostname"][0] %>:51820
<% end -%>
<%- end -%>
projects / perso / Immae / Projets / Puppet.git / commitdiff
