From 79dc46d8e3ed8a7cad6197f48327830f2f7c5686 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Wed, 27 Sep 2023 06:14:25 +0200
Subject: WG allow multiple routes.

---
 manifests/wg_exit_node.pp | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/manifests/wg_exit_node.pp b/manifests/wg_exit_node.pp
index 91070d5..efdaae3 100644
--- a/manifests/wg_exit_node.pp
+++ b/manifests/wg_exit_node.pp
@@ -4,6 +4,14 @@ class profiles::wg_exit_node (
 ) {
   $base = "/etc/systemd/network/20-${iface_name}"
 
+  # TODO
+  # iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
+  # ip6tables -t nat -A POSTROUTING -o br0 -j MASQUERADE
+  #
+  # echo 1 > /proc/sys/net/ipv4/ip_forward
+  # echo 1 > /proc/sys/net/ipv6/conf/br0/forwarding
+  # echo 1 > /proc/sys/net/ipv6/conf/wg0/forwarding
+
   file { "${base}.netdev":
     content => @("EOF")
     # File managed by Puppet
@@ -34,10 +42,18 @@ class profiles::wg_exit_node (
   }
 
   $peers.each |$peer| {
+    $peer_addresses = $peer['peer_addresses'] ? {
+      Array  => $peer['peer_addresses'],
+      String => [$peer['peer_addresses']],
+    }.map |$addr| {
+      "Destination=${addr}"
+    }.join("\n")
+
+
     file { "${base}.network.d/${peer['name']}.conf":
       content => @("EOF")
       [Route]
-      Destination=${peer['peer_address']}
+      ${peer_addresses}
       | EOF
     }
 
-- 
cgit v1.2.3