diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-08-14 19:23:47 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-08-14 19:57:25 +0200 |
commit | 7f8c632757246813c0a9fdbf0c26ef036ff396be (patch) | |
tree | b24fc5e4b484e2b576d819146afa47db5758faf5 | |
parent | 9fcc3f8faac4a24fb97fff87a4a49bf362967fa2 (diff) | |
download | Puppet-7f8c632757246813c0a9fdbf0c26ef036ff396be.tar.gz Puppet-7f8c632757246813c0a9fdbf0c26ef036ff396be.tar.zst Puppet-7f8c632757246813c0a9fdbf0c26ef036ff396be.zip |
Add wireguard profile
-rw-r--r-- | modules/profile/manifests/wireguard.pp | 29 | ||||
-rw-r--r-- | modules/profile/templates/wireguard/network.conf.erb | 13 | ||||
-rw-r--r-- | modules/role/manifests/file_store.pp | 1 |
3 files changed, 43 insertions, 0 deletions
diff --git a/modules/profile/manifests/wireguard.pp b/modules/profile/manifests/wireguard.pp new file mode 100644 index 0000000..ad1b081 --- /dev/null +++ b/modules/profile/manifests/wireguard.pp | |||
@@ -0,0 +1,29 @@ | |||
1 | class profile::wireguard ( | ||
2 | ) { | ||
3 | $password_seed = lookup("base_installation::puppet_pass_seed") | ||
4 | |||
5 | ensure_packages(["linux-headers"], { before => Package["wireguard-dkms"] }) | ||
6 | ensure_packages(["wireguard-tools", "wireguard-dkms"]) | ||
7 | |||
8 | $host = $facts["ldapvar"]["self"] | ||
9 | if has_key($host["vars"], "wireguard_ip") { | ||
10 | $ips = $host["vars"]["wireguard_ip"] | ||
11 | } else { | ||
12 | $ips = [] | ||
13 | } | ||
14 | |||
15 | $private_key = generate_password(32, $password_seed, "wireguard", "curve25519", true) | ||
16 | |||
17 | file { "/etc/wireguard/network.conf": | ||
18 | ensure => "file", | ||
19 | mode => "0600", | ||
20 | content => template("profile/wireguard/network.conf.erb"), | ||
21 | require => [Package["wireguard-tools"], Package["wireguard-dkms"]], | ||
22 | } | ||
23 | -> | ||
24 | service { "wg-quick@network": | ||
25 | ensure => "running", | ||
26 | enable => true, | ||
27 | } | ||
28 | |||
29 | } | ||
diff --git a/modules/profile/templates/wireguard/network.conf.erb b/modules/profile/templates/wireguard/network.conf.erb new file mode 100644 index 0000000..0528050 --- /dev/null +++ b/modules/profile/templates/wireguard/network.conf.erb | |||
@@ -0,0 +1,13 @@ | |||
1 | [Interface] | ||
2 | <%- @ips.each do |ip| %> | ||
3 | Address = <%= ip %> | ||
4 | <% end -%> | ||
5 | PrivateKey = <%= @private_key %> | ||
6 | |||
7 | <%- @facts["ldapvar"]["other"].each do |host| -%> | ||
8 | <%- if (host["vars"]["wireguard_public"] || []).count > 0 %> | ||
9 | [Peer] | ||
10 | PublicKey = host["vars"]["wireguard_public"][0] | ||
11 | |||
12 | <% end -%> | ||
13 | <%- end -%> | ||
diff --git a/modules/role/manifests/file_store.pp b/modules/role/manifests/file_store.pp index ec12d75..bf4afe7 100644 --- a/modules/role/manifests/file_store.pp +++ b/modules/role/manifests/file_store.pp | |||
@@ -8,6 +8,7 @@ class role::file_store ( | |||
8 | include "profile::tools" | 8 | include "profile::tools" |
9 | include "profile::monitoring" | 9 | include "profile::monitoring" |
10 | include "profile::kerberos::client" | 10 | include "profile::kerberos::client" |
11 | include "profile::wireguard" | ||
11 | 12 | ||
12 | unless empty($mountpoint) { | 13 | unless empty($mountpoint) { |
13 | class { "::nfs": | 14 | class { "::nfs": |