init.sls 922 B

12345678910111213141516171819202122232425262728293031323334353637383940
  1. #
  2. # Wireguard VPNs
  3. #
  4. {% set wg_cfg = salt['pillar.get']('nodes:' ~ grains.id ~ ':wireguard', {}) %}
  5. include:
  6. - sysctl # Make sure udp_l3mdev_accept is set
  7. # Install wireguard-tools (from backports currently)
  8. wireguard-tools:
  9. pkg.installed
  10. Create /etc/wireguard:
  11. file.directory:
  12. - name: /etc/wireguard
  13. - require:
  14. - pkg: wireguard-tools
  15. Cleanup /etc/wireguard:
  16. file.directory:
  17. - name: /etc/wireguard
  18. - clean: true
  19. # Add cleanup action for active tunnels
  20. {% for iface, tunnel_config in wg_cfg.get ('tunnels', {}).items () %}
  21. /etc/wireguard/{{ iface }}.conf:
  22. file.managed:
  23. - source: salt://wireguard/wireguard.conf.tmpl
  24. - template: jinja
  25. - context:
  26. config: {{ tunnel_config }}
  27. privkey: {{ wg_cfg.get ('privkey') }}
  28. - require:
  29. - file: Create /etc/wireguard
  30. - require_in:
  31. - file: Cleanup /etc/wireguard
  32. # start/reload tunnel
  33. {% endfor %}