modules/profile/manifests/wireguard.pp

   1 class profile::wireguard (
   2 ) {
   3   $password_seed = lookup("base_installation::puppet_pass_seed")
   4
   5   ensure_packages(["linux-headers"], { before => Package["wireguard-dkms"] })
   6   ensure_packages(["wireguard-tools", "wireguard-dkms"])
   7
   8   $host = $facts["ldapvar"]["self"]
   9   if has_key($host["vars"], "wireguard_ip") {
  10     $ips = $host["vars"]["wireguard_ip"]
  11   } else {
  12     $ips = []
  13   }
  14
  15   $private_key = generate_password(32, $password_seed, "wireguard", "curve25519", true)
  16
  17   if file("/usr/bin/wg", "/dev/null") != "" {
  18     $puppet_notifies_path = lookup("base_installation::puppet_notifies_path")
  19     $public_key = generate("/usr/bin/bash", "-c", "echo $private_key | /usr/bin/wg pubkey")
  20     concat::fragment { "host_ldap add wireguard":
  21       target  => "$puppet_notifies_path/host_ldap.info",
  22       content => "puppetVar: wireguard_public=$public_key",
  23       order   => "00-80"
  24     }
  25   }
  26
  27   file { "/etc/wireguard/network.conf":
  28     ensure  => "file",
  29     mode    => "0600",
  30     content => template("profile/wireguard/network.conf.erb"),
  31     require => [Package["wireguard-tools"], Package["wireguard-dkms"]],
  32     notify  => Service["wg-quick@network"],
  33   }
  34   ->
  35   service { "wg-quick@network":
  36     ensure => "running",
  37     enable => true,
  38   }
  39
  40 }