Add wireguard profile

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2018-08-14 19:23:47 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2018-08-14 19:57:25 +0200
commit: 7f8c632757246813c0a9fdbf0c26ef036ff396be (patch)
tree: b24fc5e4b484e2b576d819146afa47db5758faf5 /modules/profile/manifests
parent: 9fcc3f8faac4a24fb97fff87a4a49bf362967fa2 (diff)
download: Puppet-7f8c632757246813c0a9fdbf0c26ef036ff396be.tar.gz
Puppet-7f8c632757246813c0a9fdbf0c26ef036ff396be.tar.zst
Puppet-7f8c632757246813c0a9fdbf0c26ef036ff396be.zip
1 files changed, 29 insertions, 0 deletions
diff --git a/modules/profile/manifests/wireguard.pp b/modules/profile/manifests/wireguard.pp
new file mode 100644
index 0000000..ad1b081
--- /dev/null
+++ b/modules/profile/manifests/wireguard.pp
@@ -0,0 +1,29 @@
+class profile::wireguard (
+) {
+  $password_seed = lookup("base_installation::puppet_pass_seed")
+  ensure_packages(["linux-headers"], { before => Package["wireguard-dkms"] })
+  ensure_packages(["wireguard-tools", "wireguard-dkms"])
+  $host = $facts["ldapvar"]["self"]
+  if has_key($host["vars"], "wireguard_ip") {
+    $ips = $host["vars"]["wireguard_ip"]
+  } else {
+    $ips = []
+  }
+  $private_key = generate_password(32, $password_seed, "wireguard", "curve25519", true)
+  file { "/etc/wireguard/network.conf":
+    ensure  => "file",
+    mode    => "0600",
+    content => template("profile/wireguard/network.conf.erb"),
+    require => [Package["wireguard-tools"], Package["wireguard-dkms"]],
+  }
+  ->
+  service { "wg-quick@network":
+    ensure => "running",
+    enable => true,
+  }
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2018-08-14 19:23:47 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2018-08-14 19:57:25 +0200
commit	7f8c632757246813c0a9fdbf0c26ef036ff396be (patch)
tree	b24fc5e4b484e2b576d819146afa47db5758faf5 /modules/profile/manifests
parent	9fcc3f8faac4a24fb97fff87a4a49bf362967fa2 (diff)
download	Puppet-7f8c632757246813c0a9fdbf0c26ef036ff396be.tar.gz Puppet-7f8c632757246813c0a9fdbf0c26ef036ff396be.tar.zst Puppet-7f8c632757246813c0a9fdbf0c26ef036ff396be.zip

diff --git a/modules/profile/manifests/wireguard.pp b/modules/profile/manifests/wireguard.pp new file mode 100644 index 0000000..ad1b081 --- /dev/null +++ b/modules/profile/manifests/wireguard.pp
@@ -0,0 +1,29 @@
	1	class profile::wireguard (
	2	) {
	3	$password_seed = lookup("base_installation::puppet_pass_seed")
	4
	5	ensure_packages(["linux-headers"], { before => Package["wireguard-dkms"] })
	6	ensure_packages(["wireguard-tools", "wireguard-dkms"])
	7
	8	$host = $facts["ldapvar"]["self"]
	9	if has_key($host["vars"], "wireguard_ip") {
	10	$ips = $host["vars"]["wireguard_ip"]
	11	} else {
	12	$ips = []
	13	}
	14
	15	$private_key = generate_password(32, $password_seed, "wireguard", "curve25519", true)
	16
	17	file { "/etc/wireguard/network.conf":
	18	ensure => "file",
	19	mode => "0600",
	20	content => template("profile/wireguard/network.conf.erb"),
	21	require => [Package["wireguard-tools"], Package["wireguard-dkms"]],
	22	}
	23	->
	24	service { "wg-quick@network":
	25	ensure => "running",
	26	enable => true,
	27	}
	28
	29	}