Browse Source
preshared_key is a per-peer option
this commit also handles removal of preshared keys. Fixes #5.tags/v0.9
Maximilian Eschenbacher
6 years ago
3 changed files with 15 additions and 10 deletions
+ 10
- 8
_states/wireguard.py
View File
| return False | return False | ||||
| def present(name, listen_port=None, fwmark=None, private_key=None, | |||||
| preshared_key=None): | |||||
| def present(name, listen_port=None, fwmark=None, private_key=None): | |||||
| """ | """ | ||||
| Make sure a wireguard interface exists. | Make sure a wireguard interface exists. | ||||
| """ | """ | ||||
| __salt__['wg.set'](name, private_key=private_key) | __salt__['wg.set'](name, private_key=private_key) | ||||
| ret['changes']['private key'] = 'private key changed.' | ret['changes']['private key'] = 'private key changed.' | ||||
| if show.get('preshared key') != preshared_key: | |||||
| __salt__['wg.set'](name, preshared_key=preshared_key) | |||||
| ret['changes']['preshared key'] = 'preshared key changed.' | |||||
| ret['result'] = True | ret['result'] = True | ||||
| return ret | return ret | ||||
| def peer_present(name, interface, endpoint=None, persistent_keepalive=None, | def peer_present(name, interface, endpoint=None, persistent_keepalive=None, | ||||
| allowed_ips=None): | |||||
| allowed_ips=None, preshared_key=None): | |||||
| ret = dict(name=name, changes=dict(), result=False, comment=None) | ret = dict(name=name, changes=dict(), result=False, comment=None) | ||||
| show = __salt__['wg.show'](interface) | show = __salt__['wg.show'](interface) | ||||
| if not show: | if not show: | ||||
| __salt__['wg.set'](interface, peer=name, endpoint=endpoint, | __salt__['wg.set'](interface, peer=name, endpoint=endpoint, | ||||
| persistent_keepalive=persistent_keepalive, | persistent_keepalive=persistent_keepalive, | ||||
| allowed_ips=','.join(allowed_ips)) | |||||
| allowed_ips=','.join(allowed_ips), preshared_key=preshared_key) | |||||
| ret['changes'][name] = 'Peer created.' | ret['changes'][name] = 'Peer created.' | ||||
| ret['result'] = True | ret['result'] = True | ||||
| return ret | return ret | ||||
| if sorted(show.get('allowed ips')) != sorted(allowed_ips): | if sorted(show.get('allowed ips')) != sorted(allowed_ips): | ||||
| __salt__['wg.set'](interface, peer=name, allowed_ips=','.join(allowed_ips)) | __salt__['wg.set'](interface, peer=name, allowed_ips=','.join(allowed_ips)) | ||||
| ret['changes']['allowed ips'] = dict(new=allowed_ips, old=show.get('allowed ips')) | ret['changes']['allowed ips'] = dict(new=allowed_ips, old=show.get('allowed ips')) | ||||
| if show.get('preshared key') and preshared_key and show.get('preshared key') != preshared_key: | |||||
| __salt__['wg.set'](interface, peer=name, preshared_key=preshared_key) | |||||
| ret['changes']['preshared key'] = 'preshared key changed.' | |||||
| if show.get('preshared key') and not preshared_key: | |||||
| __salt__['wg.set'](interface, peer=name, preshared_key='') | |||||
| ret['changes']['preshared key'] = 'preshared key deleted.' | |||||
| ret['result'] = True | ret['result'] = True |
+ 1
- 1
pillar.example
View File
| listen_port: 51820 | listen_port: 51820 | ||||
| # fwmark: 0x1 | # fwmark: 0x1 | ||||
| private_key: secret | private_key: secret | ||||
| # preshared_key: secret | |||||
| peers: | peers: | ||||
| - peer: 1ymBfBty05PNhD/QJKUlu4aL2p4jKSWVVqVQWIQG6wM= | - peer: 1ymBfBty05PNhD/QJKUlu4aL2p4jKSWVVqVQWIQG6wM= | ||||
| # the note: will not go into wireguard configuration | # the note: will not go into wireguard configuration | ||||
| - 10.0.0.2/32 | - 10.0.0.2/32 | ||||
| - 'fdff::2/128' | - 'fdff::2/128' | ||||
| persistent_keepalive: 25 | persistent_keepalive: 25 | ||||
| # preshared_key: secret | |||||
| - peer: 2ymBfBty05PNhD/QJKUlu4aL2p4jKSWVVqVQWIQG6wM= | - peer: 2ymBfBty05PNhD/QJKUlu4aL2p4jKSWVVqVQWIQG6wM= | ||||
| endpoint: '[2001:db8::1]:1339' | endpoint: '[2001:db8::1]:1339' | ||||
| allowed_ips: | allowed_ips: |
+ 4
- 1
wireguard/init.sls
View File
| wg.present: | wg.present: | ||||
| - name: {{ interface }} | - name: {{ interface }} | ||||
| {% for k, v in values.items() %} | {% for k, v in values.items() %} | ||||
| {% if k in ['listen_port', 'fwmark', 'private_key', 'preshared_key'] %} | |||||
| {% if k in ['listen_port', 'fwmark', 'private_key'] %} | |||||
| - {{k}}: {{v}} | - {{k}}: {{v}} | ||||
| {% endif %} | {% endif %} | ||||
| {% endfor %} {# values.items() #} | {% endfor %} {# values.items() #} | ||||
| {% for subnet in peer.get('allowed_ips', []) %} | {% for subnet in peer.get('allowed_ips', []) %} | ||||
| - {{subnet}} | - {{subnet}} | ||||
| {% endfor %} | {% endfor %} | ||||
| {% if peer.get('preshared_key') != None %} | |||||
| - preshared_key: {{ peer.get('preshared_key') }} | |||||
| {% endif %} | |||||
| {% endif %} | {% endif %} | ||||
| {% endfor %} | {% endfor %} | ||||
Loading…