From 534db28fdc4ceb449c338d707e55fe384dfaff52 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Wed, 27 Sep 2023 05:04:20 +0200
Subject: New wireguard rewrite.

---
 manifests/wg_exit_node.pp | 51 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 manifests/wg_exit_node.pp

(limited to 'manifests/wg_exit_node.pp')

diff --git a/manifests/wg_exit_node.pp b/manifests/wg_exit_node.pp
new file mode 100644
index 0000000..c3dca74
--- /dev/null
+++ b/manifests/wg_exit_node.pp
@@ -0,0 +1,51 @@
+class profiles::wg_exit_node (
+  String $iface_name = 'wg0',
+  Array[Hash] $peers = [],
+) {
+  $base = "/etc/systemd/network/20-${iface_name}"
+
+  file { "${base}.netdev":
+    content => @("EOF")
+    # File managed by Puppet
+    [NetDev]
+    Name=${iface_name}
+    Kind=wireguard
+    Description=Wireguard tunnel ${iface_name}
+
+    [WireGuard]
+    PrivateKeyFile=/etc/wireguard/gandalf.adrift.space.key
+    | EOF
+  }
+
+  file { "${base}.network":
+    content => @("EOF")
+    # File managed by Puppet
+    [Match]
+    Name=${iface_name}
+    | EOF
+  }
+
+  file { [
+    "${base}.netdev.d",
+    "${base}.network.d",
+  ]:
+    ensure => directory,
+  }
+
+  $peers.each |$peer| {
+    file { "${base}.netdev.d/${peer['name']}.conf":
+      content => @("EOF")
+      [Route]
+      Destination=${peer['peer_address']}
+      | EOF
+    }
+
+    file { "${base}.network.d/${peer['name']}.conf":
+      content => @("EOF")
+      [WireGuardPeer]
+      PublicKey=${peer['public_key']}
+      AllowedIPs=${peer['peer_address']}
+      | EOF
+    }
+  }
+}
-- 
cgit v1.2.3