Browse Source

refactor/simplify peer configuration

tags/v0.9
Maximilian Eschenbacher 6 years ago
parent
commit
4272b14728
2 changed files with 21 additions and 22 deletions
  1. +12
    -15
      pillar.example
  2. +9
    -7
      wireguard/init.sls

+ 12
- 15
pillar.example View File

@@ -5,21 +5,18 @@ wireguard:
fwmark: 0x1
private_key: secret
preshared_key: secret
peers:
wgtest:
-
peer: 1ymBfBty05PNhD/QJKUlu4aL2p4jKSWVVqVQWIQG6wM=
endpoint: '127.0.0.1:1338'
allowed_ips:
- 10.0.0.2/32
- 'fdff::2/128'
persistent_keepalive: 25
-
peer: 2ymBfBty05PNhD/QJKUlu4aL2p4jKSWVVqVQWIQG6wM=
endpoint: '127.0.0.1:1339'
allowed_ips:
- 10.0.0.3/32
- 'fdff::3/128'
peers:
- peer: 1ymBfBty05PNhD/QJKUlu4aL2p4jKSWVVqVQWIQG6wM=
endpoint: '127.0.0.1:1338'
allowed_ips:
- 10.0.0.2/32
- 'fdff::2/128'
persistent_keepalive: 25
- peer: 2ymBfBty05PNhD/QJKUlu4aL2p4jKSWVVqVQWIQG6wM=
endpoint: '127.0.0.1:1339'
allowed_ips:
- 10.0.0.3/32
- 'fdff::3/128'

# optionally, a list of interfaces can be specified for which forwarding will
# be set to 1 via sysctl.present

+ 9
- 7
wireguard/init.sls View File

@@ -4,17 +4,17 @@ wireguard:
pkg.installed:
- name: {{ wireguard.package }}

{% for name, values in salt['pillar.get']('wireguard:interfaces', {}).items() %}
wireguard_{{ name }}:
{% for interface, values in salt['pillar.get']('wireguard:interfaces', {}).items() %}
wireguard_{{ interface }}:
wg.present:
- name: {{ name }}
- name: {{ interface }}
{% for k, v in values.items() %}
{% if k in ['listen_port', 'fwmark', 'private_key', 'preshared_key'] %}
- {{k}}: {{v}}
{% endfor %}
{% endfor %}
{% endif %}
{% endfor %} {# values.items() #}

{% for interface, peerlist in salt['pillar.get']('wireguard:peers', {}).items() %}
{% for peer in peerlist %}
{% for peer in values.get('peers', {}) %}
wireguard_{{ interface }}_peer_{{ peer.get('peer') }}:
wg.peer_present:
- interface: {{ interface }}
@@ -32,8 +32,10 @@ wireguard_{{ interface }}_peer_{{ peer.get('peer') }}:
{% endfor %}
{% endif %}
{% endfor %}

{% endfor %}


{% for interface in salt['pillar.get']('wireguard:set_forward_interfaces', []) %}
net.ipv4.conf.{{interface}}.forwarding:
sysctl.present:

Loading…
Cancel
Save