MEschenbacher's Wireguard Saltstack Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

56 lines
1.9KB

  1. wireguard:
  2. interfaces:
  3. wg0:
  4. # The two following keys are non-wireguard options.
  5. # Delete the config file. The interface will also be stopped and disables.
  6. # Defaults to False.
  7. #delete: False
  8. # Start and enable the service. Setting this to false causes the interface
  9. # to be stopped and disabled. Defaults to True.
  10. #enable: True
  11. config:
  12. # see wg(8) and wg-quick(8) for supported keys. We use all lowercase
  13. # letters.
  14. PrivateKey: private_key_string
  15. # address must be a list of strings or a comma separated string
  16. Address:
  17. - fe80::1/64
  18. - 10.0.0.1/24
  19. #Address: fe80::1/64, 10.0.0.1/24
  20. ListenPort: 51820
  21. # It is very important to quote off. Jinja expands off without quotes to
  22. # False which will result in 'table' not being set in the config file,
  23. # resulting in defaulting to auto.
  24. Table: 'off'
  25. peers:
  26. - PublicKey: foobar
  27. # AllowedIPs must be a list of strings or a comma separated string
  28. AllowedIPs:
  29. - fe80::2
  30. - 10.0.0.2/32
  31. PresharedKey: secret1
  32. - Publickey: bazbar
  33. AllowedIPs:
  34. - fe80::3
  35. - 10.0.0.3/32
  36. PresharedKey: secret2
  37. # the raw_config key can be used to pass a whole wireguard config in. The
  38. # raw_config key takes precendce before the regular config and peers keys.
  39. # Every other wireguard option in will then be ignored. Make sure to have
  40. # the correct indentation of 4 spaces more than the raw_config key and to
  41. # start with raw_config: |
  42. raw_config: |
  43. [Interface]
  44. Address = fe80::1/64
  45. ListenPort = 51820
  46. PrivateKey = private
  47. Table = off
  48. [Peer]
  49. PublicKey = peer
  50. AllowedIPs = fe80::2