diff options
Diffstat (limited to 'manifests/wg_exit_node.pp')
| -rw-r--r-- | manifests/wg_exit_node.pp | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/manifests/wg_exit_node.pp b/manifests/wg_exit_node.pp new file mode 100644 index 0000000..c3dca74 --- /dev/null +++ b/manifests/wg_exit_node.pp @@ -0,0 +1,51 @@ +class profiles::wg_exit_node ( + String $iface_name = 'wg0', + Array[Hash] $peers = [], +) { + $base = "/etc/systemd/network/20-${iface_name}" + + file { "${base}.netdev": + content => @("EOF") + # File managed by Puppet + [NetDev] + Name=${iface_name} + Kind=wireguard + Description=Wireguard tunnel ${iface_name} + + [WireGuard] + PrivateKeyFile=/etc/wireguard/gandalf.adrift.space.key + | EOF + } + + file { "${base}.network": + content => @("EOF") + # File managed by Puppet + [Match] + Name=${iface_name} + | EOF + } + + file { [ + "${base}.netdev.d", + "${base}.network.d", + ]: + ensure => directory, + } + + $peers.each |$peer| { + file { "${base}.netdev.d/${peer['name']}.conf": + content => @("EOF") + [Route] + Destination=${peer['peer_address']} + | EOF + } + + file { "${base}.network.d/${peer['name']}.conf": + content => @("EOF") + [WireGuardPeer] + PublicKey=${peer['public_key']} + AllowedIPs=${peer['peer_address']} + | EOF + } + } +} |