aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2018-08-14 19:23:47 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2018-08-14 19:57:25 +0200
commit7f8c632757246813c0a9fdbf0c26ef036ff396be (patch)
treeb24fc5e4b484e2b576d819146afa47db5758faf5
parent9fcc3f8faac4a24fb97fff87a4a49bf362967fa2 (diff)
downloadPuppet-7f8c632757246813c0a9fdbf0c26ef036ff396be.tar.gz
Puppet-7f8c632757246813c0a9fdbf0c26ef036ff396be.tar.zst
Puppet-7f8c632757246813c0a9fdbf0c26ef036ff396be.zip
Add wireguard profile
-rw-r--r--modules/profile/manifests/wireguard.pp29
-rw-r--r--modules/profile/templates/wireguard/network.conf.erb13
-rw-r--r--modules/role/manifests/file_store.pp1
3 files changed, 43 insertions, 0 deletions
diff --git a/modules/profile/manifests/wireguard.pp b/modules/profile/manifests/wireguard.pp
new file mode 100644
index 0000000..ad1b081
--- /dev/null
+++ b/modules/profile/manifests/wireguard.pp
@@ -0,0 +1,29 @@
1class profile::wireguard (
2) {
3 $password_seed = lookup("base_installation::puppet_pass_seed")
4
5 ensure_packages(["linux-headers"], { before => Package["wireguard-dkms"] })
6 ensure_packages(["wireguard-tools", "wireguard-dkms"])
7
8 $host = $facts["ldapvar"]["self"]
9 if has_key($host["vars"], "wireguard_ip") {
10 $ips = $host["vars"]["wireguard_ip"]
11 } else {
12 $ips = []
13 }
14
15 $private_key = generate_password(32, $password_seed, "wireguard", "curve25519", true)
16
17 file { "/etc/wireguard/network.conf":
18 ensure => "file",
19 mode => "0600",
20 content => template("profile/wireguard/network.conf.erb"),
21 require => [Package["wireguard-tools"], Package["wireguard-dkms"]],
22 }
23 ->
24 service { "wg-quick@network":
25 ensure => "running",
26 enable => true,
27 }
28
29}
diff --git a/modules/profile/templates/wireguard/network.conf.erb b/modules/profile/templates/wireguard/network.conf.erb
new file mode 100644
index 0000000..0528050
--- /dev/null
+++ b/modules/profile/templates/wireguard/network.conf.erb
@@ -0,0 +1,13 @@
1[Interface]
2<%- @ips.each do |ip| %>
3Address = <%= ip %>
4<% end -%>
5PrivateKey = <%= @private_key %>
6
7<%- @facts["ldapvar"]["other"].each do |host| -%>
8<%- if (host["vars"]["wireguard_public"] || []).count > 0 %>
9[Peer]
10PublicKey = host["vars"]["wireguard_public"][0]
11
12<% end -%>
13<%- end -%>
diff --git a/modules/role/manifests/file_store.pp b/modules/role/manifests/file_store.pp
index ec12d75..bf4afe7 100644
--- a/modules/role/manifests/file_store.pp
+++ b/modules/role/manifests/file_store.pp
@@ -8,6 +8,7 @@ class role::file_store (
8 include "profile::tools" 8 include "profile::tools"
9 include "profile::monitoring" 9 include "profile::monitoring"
10 include "profile::kerberos::client" 10 include "profile::kerberos::client"
11 include "profile::wireguard"
11 12
12 unless empty($mountpoint) { 13 unless empty($mountpoint) {
13 class { "::nfs": 14 class { "::nfs":