wireguard-formula/wireguard/init.sls

{% from "wireguard/map.jinja" import wireguard with context %}

wireguard:
  pkg.installed:
    - name: {{ wireguard.package }}

{% for interface, values in salt['pillar.get']('wireguard:interfaces', {}).items() %}
wireguard_{{ interface }}:
  wg.present:
    - name: {{ interface }}
{% for k, v in values.items() %}
{% if k in ['listen_port', 'fwmark', 'private_key', 'preshared_key'] %}
    - {{k}}: {{v}}
{% endif %}
{% endfor %} {# values.items() #}

{% for peer in values.get('peers', {}) %}
wireguard_{{ interface }}_peer_{{ peer.get('peer') }}:
  wg.peer_present:
    - interface: {{ interface }}
    - name: {{ peer.get('peer') }}
{% if peer.get('endpoint') != None %}
    - endpoint: '{{ peer.get('endpoint') }}'
{% endif %}
{% if peer.get('persistent_keepalive') != None %}
    - persistent_keepalive: {{ peer.get('persistent_keepalive') }}
{% endif %}
{% if peer.get('allowed_ips') != None %}
    - allowed_ips:
{% for subnet in peer.get('allowed_ips', []) %}
      - {{subnet}}
{% endfor %}
{% endif %}
{% endfor %}

{% endfor %}


{% for interface in salt['pillar.get']('wireguard:set_forward_interfaces', []) %}
net.ipv4.conf.{{interface}}.forwarding:
  sysctl.present:
    - value: 1
net.ipv6.conf.{{interface}}.forwarding:
  sysctl.present:
    - value: 1
{% endfor %}