Test new wireguard stuff.

1 files changed, 8 insertions, 30 deletions

diff --git a/manifests/wireguard_server.pp b/manifests/wireguard_server.pp
index 9eee2d2..00a72e6 100644
--- a/manifests/wireguard_server.pp
+++ b/manifests/wireguard_server.pp
@@ -1,37 +1,17 @@
-# TODO
-# - Allow access over IPv4
-# - Allow forwarding IPv6 addresses
-# 
-# - Possibly merge this and wireguard_peer
-# - manage keys
-# - allow accesss for phones
 class profiles::wireguard_server (
   Sensitive[String] $private_key,
   Array[Hash] $peers,
+  String $ifname = 'wg0',
 ) {
   include ::profiles::wireguard
 
-  # gandalf $
-  # ip link add dev wg0 type wireguard
-  # ip addr add 10.0.10.1/24 dev wg0
-  # [root@gandalf profiles]# ip addr add fdc9:281f:04df:9ee9::1/64 dev wg0
-  # wg set wg0 listen-port 51871 private-key ~/peer_A.key
-  # ## wg set wg0 peer CONTENTS_OF<peer_B.pub>
-  # ip link set wg0 up
-  # wg set wg0 peer 87Erkb8rXeSd162eBEXuuKUft/frF2iqdPdrMTStNVM= \
-  #   allowed-ips 10.0.10.0/24,fdc9:281f:4d7:9ee9::/64
-
-  # på B
-  # wg set wg0 peer <> endpoint gandalf.adrift.space:51871
-
-
-  networking::networkd_instance { 'wg0':
+  networking::networkd_instance { $ifname:
     type            => 'netdev',
     content         => {
       'NetDev'      => {
-        'Name'        => 'wg0',
+        'Name'        => $ifname,
         'Kind'        => 'wireguard',
-        'Description' => 'Wireguard tunnel wg0',
+        'Description' => "Wireguard tunnel ${ifname}",
       },
       'WireGuard'    => {
         'ListenPort' => $profiles::wireguard::port,
@@ -41,14 +21,14 @@ class profiles::wireguard_server (
     }
   }
 
-  networking::networkd_instance { 'wg0-network':
+  networking::networkd_instance { "${ifname}-network":
     type       => 'network',
     content    => {
       'Match'  => {
-        'Name' => 'wg0',
+        'Name' => $ifname,
       },
-      'Network'   => {
-        'Address' => '10.0.10.1/24',
+      'Route'         => {
+        'Destination' => '2001:9b1:eff:a600:22cf:30ff:fe45:629e/128',
       }
     }
   }
@@ -58,8 +38,6 @@ class profiles::wireguard_server (
     chain    => 'POSTROUTING',
     jump     => 'MASQUERADE',
     outiface => 'br0',
-    #iniface  => 'wg0',
-    #source   => '10.0.10.0/24',
   }
 
   # -A FORWARD -p udp -m udp --dport 51871 --destination $(dig +short gandalf.adrift.space AAAA)