From ce58be29befe0697cbae824c12f09064670c4560 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Sun, 6 Nov 2022 16:28:05 +0100
Subject: Move more wireguard config to hiera.

---
 manifests/wireguard_server.pp | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

(limited to 'manifests/wireguard_server.pp')

diff --git a/manifests/wireguard_server.pp b/manifests/wireguard_server.pp
index 03c4cda..9eee2d2 100644
--- a/manifests/wireguard_server.pp
+++ b/manifests/wireguard_server.pp
@@ -1,6 +1,13 @@
+# TODO
+# - Allow access over IPv4
+# - Allow forwarding IPv6 addresses
+# 
+# - Possibly merge this and wireguard_peer
+# - manage keys
+# - allow accesss for phones
 class profiles::wireguard_server (
   Sensitive[String] $private_key,
-  String $peer_key,
+  Array[Hash] $peers,
 ) {
   include ::profiles::wireguard
 
@@ -30,11 +37,7 @@ class profiles::wireguard_server (
         'ListenPort' => $profiles::wireguard::port,
         'PrivateKey' => $private_key,
       },
-      # TODO multiple public peers
-      'WireGuardPeer' => {
-        'PublicKey'   => $peer_key,
-        'AllowedIPs'  => '10.0.10.2/32',
-      }
+      'WireGuardPeer' => $peers,
     }
   }
 
-- 
cgit v1.2.3