Sfoglia il codice sorgente

preshared_key is a per-peer option

this commit also handles removal of preshared keys. Fixes #5.
tags/v0.9
Maximilian Eschenbacher 6 anni fa
parent
commit
aa2099ae9a
3 ha cambiato i file con 15 aggiunte e 10 eliminazioni
  1. +10
    -8
      _states/wireguard.py
  2. +1
    -1
      pillar.example
  3. +4
    -1
      wireguard/init.sls

+ 10
- 8
_states/wireguard.py Vedi File

@@ -6,8 +6,7 @@ def __virtual__():
return False


def present(name, listen_port=None, fwmark=None, private_key=None,
preshared_key=None):
def present(name, listen_port=None, fwmark=None, private_key=None):
"""
Make sure a wireguard interface exists.
"""
@@ -39,10 +38,6 @@ def present(name, listen_port=None, fwmark=None, private_key=None,
__salt__['wg.set'](name, private_key=private_key)
ret['changes']['private key'] = 'private key changed.'

if show.get('preshared key') != preshared_key:
__salt__['wg.set'](name, preshared_key=preshared_key)
ret['changes']['preshared key'] = 'preshared key changed.'

ret['result'] = True

return ret
@@ -68,7 +63,7 @@ def absent(name):


def peer_present(name, interface, endpoint=None, persistent_keepalive=None,
allowed_ips=None):
allowed_ips=None, preshared_key=None):
ret = dict(name=name, changes=dict(), result=False, comment=None)

show = __salt__['wg.show'](interface)
@@ -80,7 +75,7 @@ def peer_present(name, interface, endpoint=None, persistent_keepalive=None,
if not show:
__salt__['wg.set'](interface, peer=name, endpoint=endpoint,
persistent_keepalive=persistent_keepalive,
allowed_ips=','.join(allowed_ips))
allowed_ips=','.join(allowed_ips), preshared_key=preshared_key)
ret['changes'][name] = 'Peer created.'
ret['result'] = True
return ret
@@ -100,6 +95,13 @@ def peer_present(name, interface, endpoint=None, persistent_keepalive=None,
if sorted(show.get('allowed ips')) != sorted(allowed_ips):
__salt__['wg.set'](interface, peer=name, allowed_ips=','.join(allowed_ips))
ret['changes']['allowed ips'] = dict(new=allowed_ips, old=show.get('allowed ips'))
if show.get('preshared key') and preshared_key and show.get('preshared key') != preshared_key:
__salt__['wg.set'](interface, peer=name, preshared_key=preshared_key)
ret['changes']['preshared key'] = 'preshared key changed.'
if show.get('preshared key') and not preshared_key:
__salt__['wg.set'](interface, peer=name, preshared_key='')
ret['changes']['preshared key'] = 'preshared key deleted.'



ret['result'] = True

+ 1
- 1
pillar.example Vedi File

@@ -4,7 +4,6 @@ wireguard:
listen_port: 51820
# fwmark: 0x1
private_key: secret
# preshared_key: secret
peers:
- peer: 1ymBfBty05PNhD/QJKUlu4aL2p4jKSWVVqVQWIQG6wM=
# the note: will not go into wireguard configuration
@@ -15,6 +14,7 @@ wireguard:
- 10.0.0.2/32
- 'fdff::2/128'
persistent_keepalive: 25
# preshared_key: secret
- peer: 2ymBfBty05PNhD/QJKUlu4aL2p4jKSWVVqVQWIQG6wM=
endpoint: '[2001:db8::1]:1339'
allowed_ips:

+ 4
- 1
wireguard/init.sls Vedi File

@@ -5,7 +5,7 @@ wireguard_{{ interface }}:
wg.present:
- name: {{ interface }}
{% for k, v in values.items() %}
{% if k in ['listen_port', 'fwmark', 'private_key', 'preshared_key'] %}
{% if k in ['listen_port', 'fwmark', 'private_key'] %}
- {{k}}: {{v}}
{% endif %}
{% endfor %} {# values.items() #}
@@ -26,6 +26,9 @@ wireguard_{{ interface }}_peer_{{ peer.get('peer') }}:
{% for subnet in peer.get('allowed_ips', []) %}
- {{subnet}}
{% endfor %}
{% if peer.get('preshared_key') != None %}
- preshared_key: {{ peer.get('preshared_key') }}
{% endif %}
{% endif %}
{% endfor %}


Loading…
Annulla
Salva