MEschenbacher's Wireguard Saltstack Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

6 년 전
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475
  1. {% from "wireguard/map.jinja" import wireguard with context %}
  2. wireguard_software:
  3. pkg.installed:
  4. - pkgs:
  5. {%- for pkg in wireguard.packages %}
  6. - {{ pkg }}
  7. {%- endfor %}
  8. {%- if wireguard.get('repository', False) %}
  9. - require:
  10. - pkgrepo: wireguard_repo
  11. wireguard_repo:
  12. pkgrepo.managed:
  13. {%- for k,v in wireguard.repository.items() %}
  14. - {{ k }}: {{ v }}
  15. {%- endfor %}
  16. {%- endif %}
  17. {%- for interface_name, interface_dict in salt['pillar.get']('wireguard:interfaces', {}).items() %}
  18. {% if interface_dict.get('delete', False) %}
  19. stop and disable wg-quick@{{interface_name}}:
  20. service.dead:
  21. - name: wg-quick@{{interface_name}}
  22. - enable: False
  23. remove wireguard_interface_{{interface_name}}:
  24. file.absent:
  25. - name: /etc/wireguard/{{interface_name}}.conf
  26. {% else %}
  27. {% if not interface_dict.get('enable', True) %}
  28. stop and disable wg-quick@{{interface_name}}:
  29. service.dead:
  30. - name: wg-quick@{{interface_name}}
  31. - enable: False
  32. {% else %}
  33. restart wg-quick@{{interface_name}}:
  34. service.running:
  35. - name: wg-quick@{{interface_name}}
  36. - enable: True
  37. - watch:
  38. - file: wireguard_interface_{{interface_name}}_config
  39. - require:
  40. - pkg: wireguard_software
  41. {% endif %}
  42. {% if interface_dict.get('raw_config') %}
  43. wireguard_interface_{{interface_name}}_config:
  44. file.managed:
  45. - name: /etc/wireguard/{{interface_name}}.conf
  46. - makedirs: True
  47. - contents_pillar: wireguard:interfaces:{{interface_name}}:raw_config
  48. - mode: 600
  49. {% else %}
  50. {% if (interface_dict.get('enable', True) and not interface_dict.get('delete', False)) and (not interface_dict.get('config', {}).get('PrivateKey') and not interface_dict.get('raw_config')) %}
  51. wireguard_{{interface_name}}_privatekey_missing:
  52. test.fail_without_changes:
  53. - name: "no wireguard private key for interface {{interface_name}} in pillars"
  54. - failhard: True
  55. {% endif %}
  56. wireguard_interface_{{interface_name}}_config:
  57. file.managed:
  58. - name: /etc/wireguard/{{interface_name}}.conf
  59. - makedirs: True
  60. - source: salt://wireguard/files/wg.conf
  61. - template: jinja
  62. - context:
  63. interface: {{interface_dict.get('config', {})}}
  64. peers: {{interface_dict.get('peers', [])}}
  65. - mode: 600
  66. {% endif %}
  67. {% endif %}
  68. {%- endfor %}