From 7f8c632757246813c0a9fdbf0c26ef036ff396be Mon Sep 17 00:00:00 2001
From: =?utf8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Tue, 14 Aug 2018 19:23:47 +0200
Subject: [PATCH] Add wireguard profile

---
 modules/profile/manifests/wireguard.pp        | 29 +++++++++++++++++++
 .../templates/wireguard/network.conf.erb      | 13 +++++++++
 modules/role/manifests/file_store.pp          |  1 +
 3 files changed, 43 insertions(+)
 create mode 100644 modules/profile/manifests/wireguard.pp
 create mode 100644 modules/profile/templates/wireguard/network.conf.erb

diff --git a/modules/profile/manifests/wireguard.pp b/modules/profile/manifests/wireguard.pp
new file mode 100644
index 0000000..ad1b081
--- /dev/null
+++ b/modules/profile/manifests/wireguard.pp
@@ -0,0 +1,29 @@
+class profile::wireguard (
+) {
+  $password_seed = lookup("base_installation::puppet_pass_seed")
+
+  ensure_packages(["linux-headers"], { before => Package["wireguard-dkms"] })
+  ensure_packages(["wireguard-tools", "wireguard-dkms"])
+
+  $host = $facts["ldapvar"]["self"]
+  if has_key($host["vars"], "wireguard_ip") {
+    $ips = $host["vars"]["wireguard_ip"]
+  } else {
+    $ips = []
+  }
+
+  $private_key = generate_password(32, $password_seed, "wireguard", "curve25519", true)
+
+  file { "/etc/wireguard/network.conf":
+    ensure  => "file",
+    mode    => "0600",
+    content => template("profile/wireguard/network.conf.erb"),
+    require => [Package["wireguard-tools"], Package["wireguard-dkms"]],
+  }
+  ->
+  service { "wg-quick@network":
+    ensure => "running",
+    enable => true,
+  }
+
+}
diff --git a/modules/profile/templates/wireguard/network.conf.erb b/modules/profile/templates/wireguard/network.conf.erb
new file mode 100644
index 0000000..0528050
--- /dev/null
+++ b/modules/profile/templates/wireguard/network.conf.erb
@@ -0,0 +1,13 @@
+[Interface]
+<%- @ips.each do |ip| %>
+Address = <%= ip %>
+<% end -%>
+PrivateKey = <%= @private_key %>
+
+<%- @facts["ldapvar"]["other"].each do |host| -%>
+<%- if (host["vars"]["wireguard_public"] || []).count > 0 %>
+[Peer]
+PublicKey = host["vars"]["wireguard_public"][0]
+
+<% end -%>
+<%- end -%>
diff --git a/modules/role/manifests/file_store.pp b/modules/role/manifests/file_store.pp
index ec12d75..bf4afe7 100644
--- a/modules/role/manifests/file_store.pp
+++ b/modules/role/manifests/file_store.pp
@@ -8,6 +8,7 @@ class role::file_store (
   include "profile::tools"
   include "profile::monitoring"
   include "profile::kerberos::client"
+  include "profile::wireguard"
 
   unless empty($mountpoint) {
     class { "::nfs":
-- 
2.41.0