init.sls 860 B

123456789101112131415161718192021222324252627282930313233343536373839
  1. #
  2. # Wireguard VPNs
  3. #
  4. {% set tunnels = salt['pillar.get']('nodes:' ~ grains.id ~ ':wireguard', {}) %}
  5. include:
  6. - sysctl # Make sure udp_l3mdev_accept is set
  7. # Install wireguard-tools (from backports currently)
  8. wireguard-tools:
  9. pkg.installed
  10. Create /etc/wireguard:
  11. file.directory:
  12. - name: /etc/wireguard
  13. - require:
  14. - pkg: wireguard-tools
  15. Cleanup /etc/wireguard:
  16. file.directory:
  17. - name: /etc/wireguard
  18. - clean: true
  19. # Add cleanup action for active tunnels
  20. {% for iface, tunnel_config in tunnels.items () %}
  21. /etc/wireguard/{{ iface }}.conf:
  22. file.managed:
  23. - source: salt://wireguard/wireguard.conf.tmpl
  24. - template: jinja
  25. - context:
  26. config: {{ tunnel_config }}
  27. - require:
  28. - file: Create /etc/wireguard
  29. - require_in:
  30. - file: Cleanup /etc/wireguard
  31. # start/reload tunnel
  32. {% endfor %}