MEschenbacher's Wireguard Saltstack Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

129 lines
4.1KB

  1. __virtualname__ = 'wg'
  2. def __virtual__():
  3. if 'wg.show' in __salt__:
  4. return __virtualname__
  5. return False
  6. def present(name, listen_port=None, fwmark=None, private_key=None,
  7. preshared_key=None):
  8. """
  9. Make sure a wireguard interface exists.
  10. """
  11. ret = dict(name=name, changes=dict(), result=False, comment=None)
  12. interface = __salt__['wg.show'](name)
  13. if not interface:
  14. interface = __salt__['wg.create'](name)
  15. ret['changes'][name] = 'Interface created.'
  16. show = __salt__['wg.show'](name)
  17. if int(show.get('listening port', 0)) != int(listen_port):
  18. __salt__['wg.set'](name, listen_port=listen_port)
  19. ret['changes']['listening port'] = dict(
  20. old=show.get('listening port', 0),
  21. new=listen_port,
  22. )
  23. if show.get('fwmark', None) != fwmark:
  24. __salt__['wg.set'](name, fwmark=fwmark)
  25. ret['changes']['fwmark'] = dict(
  26. old=show.get('fwmark', None),
  27. new=fwmark,
  28. )
  29. if show.get('private key') != private_key:
  30. __salt__['wg.set'](name, private_key=private_key)
  31. ret['changes']['private key'] = 'private key changed.'
  32. if show.get('preshared key') != preshared_key:
  33. __salt__['wg.set'](name, preshared_key=preshared_key)
  34. ret['changes']['preshared key'] = 'preshared key changed.'
  35. ret['result'] = True
  36. return ret
  37. def absent(name):
  38. """
  39. Make sure a wireguard interface is absent.
  40. """
  41. ret = dict(name=name, changes=dict(), result=False, comment=None)
  42. interface = __salt__['wg.show'](name)
  43. if not interface:
  44. ret['comment'] = 'Interface %s already absent.' % (name,)
  45. ret['result'] = True
  46. return ret
  47. __salt__['wg.delete'](name)
  48. ret['changes'][name] = dict(old=name, new=None)
  49. ret['result'] = True
  50. return ret
  51. def peer_present(name, interface, endpoint=None, persistent_keepalive=None,
  52. allowed_ips=None):
  53. ret = dict(name=name, changes=dict(), result=False, comment=None)
  54. show = __salt__['wg.show'](interface)
  55. if not show:
  56. ret['comment'] = 'Interface %s does not exist.' % (interface)
  57. return ret
  58. show = __salt__['wg.show'](name=interface, peer=name)
  59. if not show:
  60. __salt__['wg.set'](interface, peer=name, endpoint=endpoint,
  61. persistent_keepalive=persistent_keepalive,
  62. allowed_ips=','.join(allowed_ips))
  63. ret['changes'][name] = 'Peer created.'
  64. ret['result'] = True
  65. return ret
  66. if show.get('endpoint') and endpoint and show.get('endpoint') != endpoint:
  67. __salt__['wg.set'](interface, peer=name, endpoint=endpoint)
  68. ret['changes']['endpoint'] = dict(
  69. old=show.get('endpoint'), new=endpoint)
  70. if persistent_keepalive and show.get('persistent keepalive', '').startswith('every %s second' % (persistent_keepalive,)):
  71. __salt__['wg.set'](interface, peer=name,
  72. persistent_keepalive=persistent_keepalive)
  73. ret['changes']['persistent keepalive'] = 'persistent keepalive changed.'
  74. elif not persistent_keepalive and show.get('persistent keepalive'):
  75. __salt__['wg.set'](interface, peer=name, persistent_keepalive=0)
  76. ret['changes']['persistent keepalive'] = 'persistent keepalive removed.'
  77. if sorted(show.get('allowed ips')) != sorted(allowed_ips):
  78. __salt__['wg.set'](interface, peer=name, allowed_ips=','.join(allowed_ips))
  79. ret['changes']['allowed ips'] = dict(new=allowed_ips, old=show.get('allowed ips'))
  80. ret['result'] = True
  81. return ret
  82. def peer_absent(name, interface):
  83. ret = dict(name=name, changes=dict(), result=False, comment=None)
  84. show = __salt__['wg.show'](interface)
  85. if not show:
  86. ret['comment'] = 'Interface %s does not exist.' % (interface)
  87. return ret
  88. show = __salt__['wg.show'](name=interface, peer=name)
  89. if not show:
  90. ret['comment'] = 'Peer %s already absent.' % (name)
  91. ret['result'] = True
  92. return ret
  93. __salt__['wg.set'](interface, peer=name, remove=True)
  94. ret['changes'][name] = dict(old=name, new=None)
  95. ret['result'] = True
  96. return ret