WG allow multiple routes.

author: Hugo Hörnquist <hugo@lysator.liu.se> 2023-09-27 06:14:25 +0200
committer: Hugo Hörnquist <hugo@lysator.liu.se> 2023-09-27 06:14:25 +0200
commit: 79dc46d8e3ed8a7cad6197f48327830f2f7c5686 (patch)
tree: 5c7d0ab7ce520c5f140e5c93042e316f6252b966
parent: wg flip netdev and network. (diff)
download: profiles-79dc46d8e3ed8a7cad6197f48327830f2f7c5686.tar.gz
profiles-79dc46d8e3ed8a7cad6197f48327830f2f7c5686.tar.xz
1 files changed, 17 insertions, 1 deletions
diff --git a/manifests/wg_exit_node.pp b/manifests/wg_exit_node.pp
index 91070d5..efdaae3 100644
--- a/manifests/wg_exit_node.pp
+++ b/manifests/wg_exit_node.pp
@@ -4,6 +4,14 @@ class profiles::wg_exit_node (
 ) {
   $base = "/etc/systemd/network/20-${iface_name}"
 
+  # TODO
+  # iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
+  # ip6tables -t nat -A POSTROUTING -o br0 -j MASQUERADE
+  #
+  # echo 1 > /proc/sys/net/ipv4/ip_forward
+  # echo 1 > /proc/sys/net/ipv6/conf/br0/forwarding
+  # echo 1 > /proc/sys/net/ipv6/conf/wg0/forwarding
+
   file { "${base}.netdev":
     content => @("EOF")
     # File managed by Puppet
@@ -34,10 +42,18 @@ class profiles::wg_exit_node (
   }
 
   $peers.each |$peer| {
+    $peer_addresses = $peer['peer_addresses'] ? {
+      Array  => $peer['peer_addresses'],
+      String => [$peer['peer_addresses']],
+    }.map |$addr| {
+      "Destination=${addr}"
+    }.join("\n")
+
+
     file { "${base}.network.d/${peer['name']}.conf":
       content => @("EOF")
       [Route]
-      Destination=${peer['peer_address']}
+      ${peer_addresses}
       | EOF
     }
author	Hugo Hörnquist <hugo@lysator.liu.se>	2023-09-27 06:14:25 +0200
committer	Hugo Hörnquist <hugo@lysator.liu.se>	2023-09-27 06:14:25 +0200
commit	79dc46d8e3ed8a7cad6197f48327830f2f7c5686 (patch)
tree	5c7d0ab7ce520c5f140e5c93042e316f6252b966
parent	wg flip netdev and network. (diff)
download	profiles-79dc46d8e3ed8a7cad6197f48327830f2f7c5686.tar.gz profiles-79dc46d8e3ed8a7cad6197f48327830f2f7c5686.tar.xz