diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-11-06 16:28:05 +0100 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-11-06 16:28:05 +0100 |
| commit | ce58be29befe0697cbae824c12f09064670c4560 (patch) | |
| tree | a3ec579c7de7580f710160e0e21821f4ac879afe /manifests/wireguard_server.pp | |
| parent | Add initial wireguard profiles. (diff) | |
| download | profiles-ce58be29befe0697cbae824c12f09064670c4560.tar.gz profiles-ce58be29befe0697cbae824c12f09064670c4560.tar.xz | |
Move more wireguard config to hiera.
Diffstat (limited to 'manifests/wireguard_server.pp')
| -rw-r--r-- | manifests/wireguard_server.pp | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/manifests/wireguard_server.pp b/manifests/wireguard_server.pp index 03c4cda..9eee2d2 100644 --- a/manifests/wireguard_server.pp +++ b/manifests/wireguard_server.pp @@ -1,6 +1,13 @@ +# TODO +# - Allow access over IPv4 +# - Allow forwarding IPv6 addresses +# +# - Possibly merge this and wireguard_peer +# - manage keys +# - allow accesss for phones class profiles::wireguard_server ( Sensitive[String] $private_key, - String $peer_key, + Array[Hash] $peers, ) { include ::profiles::wireguard @@ -30,11 +37,7 @@ class profiles::wireguard_server ( 'ListenPort' => $profiles::wireguard::port, 'PrivateKey' => $private_key, }, - # TODO multiple public peers - 'WireGuardPeer' => { - 'PublicKey' => $peer_key, - 'AllowedIPs' => '10.0.10.2/32', - } + 'WireGuardPeer' => $peers, } } |