Move more wireguard config to hiera.

author: Hugo Hörnquist <hugo@lysator.liu.se> 2022-11-06 16:28:05 +0100
committer: Hugo Hörnquist <hugo@lysator.liu.se> 2022-11-06 16:28:05 +0100
commit: ce58be29befe0697cbae824c12f09064670c4560 (patch)
tree: a3ec579c7de7580f710160e0e21821f4ac879afe /manifests/wireguard_peer.pp
parent: Add initial wireguard profiles. (diff)
download: profiles-ce58be29befe0697cbae824c12f09064670c4560.tar.gz
profiles-ce58be29befe0697cbae824c12f09064670c4560.tar.xz
1 files changed, 1 insertions, 13 deletions
diff --git a/manifests/wireguard_peer.pp b/manifests/wireguard_peer.pp
index 0f02e39..6eaeef1 100644
--- a/manifests/wireguard_peer.pp
+++ b/manifests/wireguard_peer.pp
@@ -32,19 +32,7 @@ class profiles::wireguard_peer (
         'ListenPort' => $profiles::wireguard::port,
         'PrivateKey' => $private_key,
       },
-      'WireGuardPeer' => {
-        'PublicKey'   => $peer_key,
-        # IP addresses which the kernel will accept sending over this
-        # interface. Set it to 0.0.0.0/0 to allow anything to traverse
-        # the tunnel
-        'AllowedIPs'  => [
-          '10.0.0.0/23',  # adrift.space localnet
-          '10.0.10.2/32', # Wireguard return
-        ],
-        # TODO is IP addresses allowed here?
-        # Where the peer we want to connect to resides
-        'Endpoint' => "gandalf.adrift.space:${profiles::wireguard::port}",
-      }
+      'WireGuardPeer' => $peers,
     }
   }
author	Hugo Hörnquist <hugo@lysator.liu.se>	2022-11-06 16:28:05 +0100
committer	Hugo Hörnquist <hugo@lysator.liu.se>	2022-11-06 16:28:05 +0100
commit	ce58be29befe0697cbae824c12f09064670c4560 (patch)
tree	a3ec579c7de7580f710160e0e21821f4ac879afe /manifests/wireguard_peer.pp
parent	Add initial wireguard profiles. (diff)
download	profiles-ce58be29befe0697cbae824c12f09064670c4560.tar.gz profiles-ce58be29befe0697cbae824c12f09064670c4560.tar.xz