ExternalMirrors
/
wireguard-formula
peilaus alkaen https://github.com/MEschenbacher/wireguard-formula
Tarkkaile 1
Äänestä 0
Fork 1
Koodi Ongelmat 0 Julkaisut 6 Wiki Activity
MEschenbacher's Wireguard Saltstack Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
69 Commitit
2 Branchit
Haara: missingprivkey
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from 'missingprivkey'
${ noResults }
wireguard-formula/wireguard/init.sls

76 lines
2.2KB
Raaka Pysyvä linkki Blame Historia 

  1. {% from "wireguard/map.jinja" import wireguard with context %}

  2. 

  3. wireguard_software:

  4.   pkg.installed:

  5.     - pkgs:

  6. {%- for pkg in wireguard.packages %}

  7.       - {{ pkg }}

  8. {%- endfor %}

  9. {%- if wireguard.get('repository', False) %}

  10.     - require:

  11.       - pkgrepo: wireguard_repo

  12. 

  13. wireguard_repo:

  14.   pkgrepo.managed:

  15. {%- for k,v in wireguard.repository.items() %}

  16.     - {{ k }}: {{ v }}

  17. {%- endfor %}

  18. {%- endif %}

  19. 

  20. {%- for interface_name, interface_dict in salt['pillar.get']('wireguard:interfaces', {}).items() %}

  21. 

  22.   {% if interface_dict.get('delete', False) %}

  23. stop and disable wg-quick@{{interface_name}}:

  24.   service.dead:

  25.     - name: wg-quick@{{interface_name}}

  26.     - enable: False

  27. remove wireguard_interface_{{interface_name}}:

  28.   file.absent:

  29.     - name: /etc/wireguard/{{interface_name}}.conf

  30.   {% else %}

  31.     {% if not interface_dict.get('enable', True) %}

  32. stop and disable wg-quick@{{interface_name}}:

  33.   service.dead:

  34.     - name: wg-quick@{{interface_name}}

  35.     - enable: False

  36.     {% else %}

  37. restart wg-quick@{{interface_name}}:

  38.   service.running:

  39.     - name: wg-quick@{{interface_name}}

  40.     - enable: True

  41.     - watch:

  42.       - file: wireguard_interface_{{interface_name}}_config

  43.     - require:

  44.       - pkg: wireguard_software

  45.     {% endif %}

  46. 

  47.     {% if interface_dict.get('raw_config') %}

  48. wireguard_interface_{{interface_name}}_config:

  49.   file.managed:

  50.     - name: /etc/wireguard/{{interface_name}}.conf

  51.     - makedirs: True

  52.     - contents_pillar: wireguard:interfaces:{{interface_name}}:raw_config

  53.     - mode: 600

  54.     {% else %}

  55. {% if (interface_dict.get('enable', True) and not interface_dict.get('delete', False)) and (not interface_dict.get('config', {}).get('PrivateKey') and not interface_dict.get('raw_config')) %}

  56. wireguard_{{interface_name}}_privatekey_missing:

  57.   test.fail_without_changes:

  58.     - name: "no wireguard private key for interface {{interface_name}} in pillars"

  59.     - failhard: True

  60. {% endif %}

  61. wireguard_interface_{{interface_name}}_config:

  62.   file.managed:

  63.     - name: /etc/wireguard/{{interface_name}}.conf

  64.     - makedirs: True

  65.     - source: salt://wireguard/files/wg.conf

  66.     - template: jinja

  67.     - context:

  68.       interface: {{interface_dict.get('config', {})}}

  69.       peers: {{interface_dict.get('peers', [])}}

  70.     - mode: 600

  71.     {% endif %}

  72. 

  73.   {% endif %}

  74. 

  75. {%- endfor %}