2 files changed, 10 insertions, 19 deletions

diff --git a/manifests/wireguard_peer.pp b/manifests/wireguard_peer.pp
index 0f02e39..6eaeef1 100644
--- a/manifests/wireguard_peer.pp
+++ b/manifests/wireguard_peer.pp
@@ -32,19 +32,7 @@ class profiles::wireguard_peer (
         'ListenPort' => $profiles::wireguard::port,
         'PrivateKey' => $private_key,
       },
-      'WireGuardPeer' => {
-        'PublicKey'   => $peer_key,
-        # IP addresses which the kernel will accept sending over this
-        # interface. Set it to 0.0.0.0/0 to allow anything to traverse
-        # the tunnel
-        'AllowedIPs'  => [
-          '10.0.0.0/23',  # adrift.space localnet
-          '10.0.10.2/32', # Wireguard return
-        ],
-        # TODO is IP addresses allowed here?
-        # Where the peer we want to connect to resides
-        'Endpoint' => "gandalf.adrift.space:${profiles::wireguard::port}",
-      }
+      'WireGuardPeer' => $peers,
     }
   }
 
diff --git a/manifests/wireguard_server.pp b/manifests/wireguard_server.pp
index 03c4cda..9eee2d2 100644
--- a/manifests/wireguard_server.pp
+++ b/manifests/wireguard_server.pp
@@ -1,6 +1,13 @@
+# TODO
+# - Allow access over IPv4
+# - Allow forwarding IPv6 addresses
+# 
+# - Possibly merge this and wireguard_peer
+# - manage keys
+# - allow accesss for phones
 class profiles::wireguard_server (
   Sensitive[String] $private_key,
-  String $peer_key,
+  Array[Hash] $peers,
 ) {
   include ::profiles::wireguard
 
@@ -30,11 +37,7 @@ class profiles::wireguard_server (
         'ListenPort' => $profiles::wireguard::port,
         'PrivateKey' => $private_key,
       },
-      # TODO multiple public peers
-      'WireGuardPeer' => {
-        'PublicKey'   => $peer_key,
-        'AllowedIPs'  => '10.0.10.2/32',
-      }
+      'WireGuardPeer' => $peers,
     }
   }