From dff3bc670c9f8e544275cb8c12945a08dc6985e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= Date: Wed, 3 May 2023 15:50:46 +0200 Subject: Test new wireguard stuff. --- manifests/wireguard_peer.pp | 35 +++++++---------------------------- 1 file changed, 7 insertions(+), 28 deletions(-) (limited to 'manifests/wireguard_peer.pp') diff --git a/manifests/wireguard_peer.pp b/manifests/wireguard_peer.pp index d00bb23..53fe617 100644 --- a/manifests/wireguard_peer.pp +++ b/manifests/wireguard_peer.pp @@ -1,55 +1,34 @@ class profiles::wireguard_peer ( Sensitive[String] $private_key, Array[Hash] $peers, + String $ifname = 'wg0', ) { include ::profiles::wireguard - - # ithryn $ - # [root@ithryn hugo]# ip link add dev wg0 type wireguard - # [root@ithryn hugo]# ip addr add 10.0.10.2/24 dev wg0 - # [root@ithryn hugo]# ip addr add fdc9:281f:04d7:9ee9::2/64 dev wg0 - # [root@ithryn hugo]# wg set wg0 listen-port 51902 private-key peer_B.key - # [root@ithryn hugo]# wg set wg0 peer MSplIgjOqQoODOOWkkJd3x/FWuxTirTrsVwqJOJzAEQ= - # [root@ithryn hugo]# wg set wg0 peer MSplIgjOqQoODOOWkkJd3x/FWuxTirTrsVwqJOJzAEQ= allowed-ips 10.0.10.0/24,[THAT IPV6 ADDRESS]/64 - # [root@ithryn hugo]# wg set wg0 peer MSplIgjOqQoODOOWkkJd3x/FWuxTirTrsVwqJOJzAEQ= endpoint gandalf.adrift.space:51781 - # [root@ithryn hugo]# ip link set wg0 up - # - - # ip addr add 10.0.0.45/23 dev wg0 - # ip addr add 10.0.0.0/23 via 10.0.0.45 dev wg0 - # [root@gandalf manifests]# iptables -t nat -A POSTROUTING -s 10.0.10.0/24 -o br0 -j MASQUERADE - - networking::networkd_instance { 'wg0': + networking::networkd_instance { $ifname: type => 'netdev', content => { 'NetDev' => { - 'Name' => 'wg0', + 'Name' => $ifname, 'Kind' => 'wireguard', - 'Description' => 'WireGuard tunnal wg0' + 'Description' => "WireGuard tunnel ${ifname}" }, 'WireGuard' => { - 'ListenPort' => $profiles::wireguard::port, 'PrivateKey' => $private_key, }, 'WireGuardPeer' => $peers, } } - networking::networkd_instance { 'wg0-network': + networking::networkd_instance { "${ifname}-network": type => 'network', content => { 'Match' => { - 'Name' => 'wg0', + 'Name' => $ifname, }, 'Network' => { - 'Address' => '10.0.10.2/24', + 'Address' => '2001:9b1:eff:a600:22cf:30ff:fe45:629e/128', }, - 'Route' => { - 'Destination' => '10.0.0.0/23', - 'Source' => '10.0.10.2', - 'Gateway' => '10.0.10.1', - } } } } -- cgit v1.2.3 From 5886e6165f219205f55dd64e488d9c3fed3970f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= Date: Wed, 3 May 2023 15:53:55 +0200 Subject: Allow non-sensitive wireguard keys. --- manifests/wireguard_peer.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests/wireguard_peer.pp') diff --git a/manifests/wireguard_peer.pp b/manifests/wireguard_peer.pp index 53fe617..51df0d8 100644 --- a/manifests/wireguard_peer.pp +++ b/manifests/wireguard_peer.pp @@ -1,5 +1,5 @@ class profiles::wireguard_peer ( - Sensitive[String] $private_key, + Variant[String,Sensitive[String]] $private_key, Array[Hash] $peers, String $ifname = 'wg0', ) { -- cgit v1.2.3