diff options
| -rw-r--r-- | modules/profile/manifests/wireguard.pp | 11 | ||||
| -rw-r--r-- | modules/profile/templates/wireguard/network.conf.erb | 12 |
2 files changed, 20 insertions, 3 deletions
diff --git a/modules/profile/manifests/wireguard.pp b/modules/profile/manifests/wireguard.pp index ad1b081..829f82d 100644 --- a/modules/profile/manifests/wireguard.pp +++ b/modules/profile/manifests/wireguard.pp | |||
| @@ -14,11 +14,22 @@ class profile::wireguard ( | |||
| 14 | 14 | ||
| 15 | $private_key = generate_password(32, $password_seed, "wireguard", "curve25519", true) | 15 | $private_key = generate_password(32, $password_seed, "wireguard", "curve25519", true) |
| 16 | 16 | ||
| 17 | if file("/usr/bin/wg", "/dev/null") != "" { | ||
| 18 | $puppet_notifies_path = lookup("base_installation::puppet_notifies_path") | ||
| 19 | $public_key = generate("/usr/bin/bash", "-c", "echo $private_key | /usr/bin/wg pubkey") | ||
| 20 | concat::fragment { "host_ldap add wireguard": | ||
| 21 | target => "$puppet_notifies_path/host_ldap.info", | ||
| 22 | content => "puppetVar: wireguard_public=$public_key", | ||
| 23 | order => "00-80" | ||
| 24 | } | ||
| 25 | } | ||
| 26 | |||
| 17 | file { "/etc/wireguard/network.conf": | 27 | file { "/etc/wireguard/network.conf": |
| 18 | ensure => "file", | 28 | ensure => "file", |
| 19 | mode => "0600", | 29 | mode => "0600", |
| 20 | content => template("profile/wireguard/network.conf.erb"), | 30 | content => template("profile/wireguard/network.conf.erb"), |
| 21 | require => [Package["wireguard-tools"], Package["wireguard-dkms"]], | 31 | require => [Package["wireguard-tools"], Package["wireguard-dkms"]], |
| 32 | notify => Service["wg-quick@network"], | ||
| 22 | } | 33 | } |
| 23 | -> | 34 | -> |
| 24 | service { "wg-quick@network": | 35 | service { "wg-quick@network": |
diff --git a/modules/profile/templates/wireguard/network.conf.erb b/modules/profile/templates/wireguard/network.conf.erb index 0528050..5327dfd 100644 --- a/modules/profile/templates/wireguard/network.conf.erb +++ b/modules/profile/templates/wireguard/network.conf.erb | |||
| @@ -1,13 +1,19 @@ | |||
| 1 | [Interface] | 1 | [Interface] |
| 2 | <%- @ips.each do |ip| %> | 2 | <%- @ips.each do |ip| -%> |
| 3 | Address = <%= ip %> | 3 | Address = <%= ip %> |
| 4 | <% end -%> | 4 | <%- end -%> |
| 5 | PrivateKey = <%= @private_key %> | 5 | PrivateKey = <%= @private_key %> |
| 6 | ListenPort = 51820 | ||
| 6 | 7 | ||
| 7 | <%- @facts["ldapvar"]["other"].each do |host| -%> | 8 | <%- @facts["ldapvar"]["other"].each do |host| -%> |
| 8 | <%- if (host["vars"]["wireguard_public"] || []).count > 0 %> | 9 | <%- if (host["vars"]["wireguard_public"] || []).count > 0 %> |
| 9 | [Peer] | 10 | [Peer] |
| 10 | PublicKey = host["vars"]["wireguard_public"][0] | 11 | # <%= host["vars"]["real_hostname"][0] %> |
| 12 | PublicKey = <%= host["vars"]["wireguard_public"][0] %> | ||
| 13 | <%- if (host["vars"]["wireguard_ip"] || []).count > 0 -%> | ||
| 14 | AllowedIps = <%= host["vars"]["wireguard_ip"].join(", ").gsub /\/\d+/, "/32" %> | ||
| 15 | <%- end -%> | ||
| 16 | Endpoint = <%= host["vars"]["real_hostname"][0] %>:51820 | ||
| 11 | 17 | ||
| 12 | <% end -%> | 18 | <% end -%> |
| 13 | <%- end -%> | 19 | <%- end -%> |