diff options
author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-09-27 05:04:20 +0200 |
---|---|---|
committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-09-27 05:04:20 +0200 |
commit | 534db28fdc4ceb449c338d707e55fe384dfaff52 (patch) | |
tree | fb59bd8d4877bf68aa7ed042e43fdd6a7c868733 /manifests/wg_exit_node.pp | |
parent | fix (diff) | |
download | profiles-534db28fdc4ceb449c338d707e55fe384dfaff52.tar.gz profiles-534db28fdc4ceb449c338d707e55fe384dfaff52.tar.xz |
New wireguard rewrite.
Diffstat (limited to '')
-rw-r--r-- | manifests/wg_exit_node.pp | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/manifests/wg_exit_node.pp b/manifests/wg_exit_node.pp new file mode 100644 index 0000000..c3dca74 --- /dev/null +++ b/manifests/wg_exit_node.pp @@ -0,0 +1,51 @@ +class profiles::wg_exit_node ( + String $iface_name = 'wg0', + Array[Hash] $peers = [], +) { + $base = "/etc/systemd/network/20-${iface_name}" + + file { "${base}.netdev": + content => @("EOF") + # File managed by Puppet + [NetDev] + Name=${iface_name} + Kind=wireguard + Description=Wireguard tunnel ${iface_name} + + [WireGuard] + PrivateKeyFile=/etc/wireguard/gandalf.adrift.space.key + | EOF + } + + file { "${base}.network": + content => @("EOF") + # File managed by Puppet + [Match] + Name=${iface_name} + | EOF + } + + file { [ + "${base}.netdev.d", + "${base}.network.d", + ]: + ensure => directory, + } + + $peers.each |$peer| { + file { "${base}.netdev.d/${peer['name']}.conf": + content => @("EOF") + [Route] + Destination=${peer['peer_address']} + | EOF + } + + file { "${base}.network.d/${peer['name']}.conf": + content => @("EOF") + [WireGuardPeer] + PublicKey=${peer['public_key']} + AllowedIPs=${peer['peer_address']} + | EOF + } + } +} |