diff options
author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-05-03 15:50:46 +0200 |
---|---|---|
committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-05-03 15:50:46 +0200 |
commit | dff3bc670c9f8e544275cb8c12945a08dc6985e4 (patch) | |
tree | 9d40e65f6aae3f31e60d867dee9c285a6e03e131 /manifests/wireguard_server.pp | |
parent | Change default hiera to be inlined. (diff) | |
download | profiles-dff3bc670c9f8e544275cb8c12945a08dc6985e4.tar.gz profiles-dff3bc670c9f8e544275cb8c12945a08dc6985e4.tar.xz |
Test new wireguard stuff.
Diffstat (limited to '')
-rw-r--r-- | manifests/wireguard_server.pp | 38 |
1 files changed, 8 insertions, 30 deletions
diff --git a/manifests/wireguard_server.pp b/manifests/wireguard_server.pp index 9eee2d2..00a72e6 100644 --- a/manifests/wireguard_server.pp +++ b/manifests/wireguard_server.pp @@ -1,37 +1,17 @@ -# TODO -# - Allow access over IPv4 -# - Allow forwarding IPv6 addresses -# -# - Possibly merge this and wireguard_peer -# - manage keys -# - allow accesss for phones class profiles::wireguard_server ( Sensitive[String] $private_key, Array[Hash] $peers, + String $ifname = 'wg0', ) { include ::profiles::wireguard - # gandalf $ - # ip link add dev wg0 type wireguard - # ip addr add 10.0.10.1/24 dev wg0 - # [root@gandalf profiles]# ip addr add fdc9:281f:04df:9ee9::1/64 dev wg0 - # wg set wg0 listen-port 51871 private-key ~/peer_A.key - # ## wg set wg0 peer CONTENTS_OF<peer_B.pub> - # ip link set wg0 up - # wg set wg0 peer 87Erkb8rXeSd162eBEXuuKUft/frF2iqdPdrMTStNVM= \ - # allowed-ips 10.0.10.0/24,fdc9:281f:4d7:9ee9::/64 - - # på B - # wg set wg0 peer <> endpoint gandalf.adrift.space:51871 - - - networking::networkd_instance { 'wg0': + networking::networkd_instance { $ifname: type => 'netdev', content => { 'NetDev' => { - 'Name' => 'wg0', + 'Name' => $ifname, 'Kind' => 'wireguard', - 'Description' => 'Wireguard tunnel wg0', + 'Description' => "Wireguard tunnel ${ifname}", }, 'WireGuard' => { 'ListenPort' => $profiles::wireguard::port, @@ -41,14 +21,14 @@ class profiles::wireguard_server ( } } - networking::networkd_instance { 'wg0-network': + networking::networkd_instance { "${ifname}-network": type => 'network', content => { 'Match' => { - 'Name' => 'wg0', + 'Name' => $ifname, }, - 'Network' => { - 'Address' => '10.0.10.1/24', + 'Route' => { + 'Destination' => '2001:9b1:eff:a600:22cf:30ff:fe45:629e/128', } } } @@ -58,8 +38,6 @@ class profiles::wireguard_server ( chain => 'POSTROUTING', jump => 'MASQUERADE', outiface => 'br0', - #iniface => 'wg0', - #source => '10.0.10.0/24', } # -A FORWARD -p udp -m udp --dport 51871 --destination $(dig +short gandalf.adrift.space AAAA) |