Browse Source

refactor/simplify peer configuration

tags/v0.9
Maximilian Eschenbacher 6 years ago
parent
commit
4272b14728
2 changed files with 21 additions and 22 deletions
  1. +12
    -15
      pillar.example
  2. +9
    -7
      wireguard/init.sls

+ 12
- 15
pillar.example View File

fwmark: 0x1 fwmark: 0x1
private_key: secret private_key: secret
preshared_key: secret preshared_key: secret
peers:
wgtest:
-
peer: 1ymBfBty05PNhD/QJKUlu4aL2p4jKSWVVqVQWIQG6wM=
endpoint: '127.0.0.1:1338'
allowed_ips:
- 10.0.0.2/32
- 'fdff::2/128'
persistent_keepalive: 25
-
peer: 2ymBfBty05PNhD/QJKUlu4aL2p4jKSWVVqVQWIQG6wM=
endpoint: '127.0.0.1:1339'
allowed_ips:
- 10.0.0.3/32
- 'fdff::3/128'
peers:
- peer: 1ymBfBty05PNhD/QJKUlu4aL2p4jKSWVVqVQWIQG6wM=
endpoint: '127.0.0.1:1338'
allowed_ips:
- 10.0.0.2/32
- 'fdff::2/128'
persistent_keepalive: 25
- peer: 2ymBfBty05PNhD/QJKUlu4aL2p4jKSWVVqVQWIQG6wM=
endpoint: '127.0.0.1:1339'
allowed_ips:
- 10.0.0.3/32
- 'fdff::3/128'


# optionally, a list of interfaces can be specified for which forwarding will # optionally, a list of interfaces can be specified for which forwarding will
# be set to 1 via sysctl.present # be set to 1 via sysctl.present

+ 9
- 7
wireguard/init.sls View File

pkg.installed: pkg.installed:
- name: {{ wireguard.package }} - name: {{ wireguard.package }}


{% for name, values in salt['pillar.get']('wireguard:interfaces', {}).items() %}
wireguard_{{ name }}:
{% for interface, values in salt['pillar.get']('wireguard:interfaces', {}).items() %}
wireguard_{{ interface }}:
wg.present: wg.present:
- name: {{ name }}
- name: {{ interface }}
{% for k, v in values.items() %} {% for k, v in values.items() %}
{% if k in ['listen_port', 'fwmark', 'private_key', 'preshared_key'] %}
- {{k}}: {{v}} - {{k}}: {{v}}
{% endfor %}
{% endfor %}
{% endif %}
{% endfor %} {# values.items() #}


{% for interface, peerlist in salt['pillar.get']('wireguard:peers', {}).items() %}
{% for peer in peerlist %}
{% for peer in values.get('peers', {}) %}
wireguard_{{ interface }}_peer_{{ peer.get('peer') }}: wireguard_{{ interface }}_peer_{{ peer.get('peer') }}:
wg.peer_present: wg.peer_present:
- interface: {{ interface }} - interface: {{ interface }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}

{% endfor %} {% endfor %}



{% for interface in salt['pillar.get']('wireguard:set_forward_interfaces', []) %} {% for interface in salt['pillar.get']('wireguard:set_forward_interfaces', []) %}
net.ipv4.conf.{{interface}}.forwarding: net.ipv4.conf.{{interface}}.forwarding:
sysctl.present: sysctl.present:

Loading…
Cancel
Save