12345678910111213141516171819202122232425262728293031323334353637383940 |
- {% set wg_cfg = salt['pillar.get']('nodes:' ~ grains.id ~ ':wireguard', {}) %}
- include:
- - sysctl
- wireguard-tools:
- pkg.installed
- Create /etc/wireguard:
- file.directory:
- - name: /etc/wireguard
- - require:
- - pkg: wireguard-tools
- Cleanup /etc/wireguard:
- file.directory:
- - name: /etc/wireguard
- - clean: true
-
- {% for iface, tunnel_config in wg_cfg.get ('tunnels', {}).items () %}
- /etc/wireguard/{{ iface }}.conf:
- file.managed:
- - source: salt://wireguard/wireguard.conf.tmpl
- - template: jinja
- - context:
- config: {{ tunnel_config }}
- privkey: {{ wg_cfg.get ('privkey') }}
- - require:
- - file: Create /etc/wireguard
- - require_in:
- - file: Cleanup /etc/wireguard
-
- {% endfor %}
|