| 12345678910111213141516171819202122232425262728293031323334353637383940 |
- #
- # Wireguard VPNs
- #
- {% set wg_cfg = salt['pillar.get']('nodes:' ~ grains.id ~ ':wireguard', {}) %}
- include:
- - sysctl # Make sure udp_l3mdev_accept is set
- # Install wireguard-tools (from backports currently)
- wireguard-tools:
- pkg.installed
- Create /etc/wireguard:
- file.directory:
- - name: /etc/wireguard
- - require:
- - pkg: wireguard-tools
- Cleanup /etc/wireguard:
- file.directory:
- - name: /etc/wireguard
- - clean: true
- # Add cleanup action for active tunnels
- {% for iface, tunnel_config in wg_cfg.get ('tunnels', {}).items () %}
- /etc/wireguard/{{ iface }}.conf:
- file.managed:
- - source: salt://wireguard/wireguard.conf.tmpl
- - template: jinja
- - context:
- config: {{ tunnel_config }}
- privkey: {{ wg_cfg.get ('privkey') }}
- - require:
- - file: Create /etc/wireguard
- - require_in:
- - file: Cleanup /etc/wireguard
- # start/reload tunnel
- {% endfor %}
|
