diff options
author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-09-27 06:14:25 +0200 |
---|---|---|
committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-09-27 06:14:25 +0200 |
commit | 79dc46d8e3ed8a7cad6197f48327830f2f7c5686 (patch) | |
tree | 5c7d0ab7ce520c5f140e5c93042e316f6252b966 /manifests | |
parent | wg flip netdev and network. (diff) | |
download | profiles-79dc46d8e3ed8a7cad6197f48327830f2f7c5686.tar.gz profiles-79dc46d8e3ed8a7cad6197f48327830f2f7c5686.tar.xz |
WG allow multiple routes.
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/wg_exit_node.pp | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/manifests/wg_exit_node.pp b/manifests/wg_exit_node.pp index 91070d5..efdaae3 100644 --- a/manifests/wg_exit_node.pp +++ b/manifests/wg_exit_node.pp @@ -4,6 +4,14 @@ class profiles::wg_exit_node ( ) { $base = "/etc/systemd/network/20-${iface_name}" + # TODO + # iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE + # ip6tables -t nat -A POSTROUTING -o br0 -j MASQUERADE + # + # echo 1 > /proc/sys/net/ipv4/ip_forward + # echo 1 > /proc/sys/net/ipv6/conf/br0/forwarding + # echo 1 > /proc/sys/net/ipv6/conf/wg0/forwarding + file { "${base}.netdev": content => @("EOF") # File managed by Puppet @@ -34,10 +42,18 @@ class profiles::wg_exit_node ( } $peers.each |$peer| { + $peer_addresses = $peer['peer_addresses'] ? { + Array => $peer['peer_addresses'], + String => [$peer['peer_addresses']], + }.map |$addr| { + "Destination=${addr}" + }.join("\n") + + file { "${base}.network.d/${peer['name']}.conf": content => @("EOF") [Route] - Destination=${peer['peer_address']} + ${peer_addresses} | EOF } |