.
This commit is contained in:
14
salt/states/wireguard/files/interface.conf.template
Normal file
14
salt/states/wireguard/files/interface.conf.template
Normal file
@@ -0,0 +1,14 @@
|
||||
[Interface]
|
||||
Address = {{ pillar['wireguard']['address'] }}
|
||||
PrivateKey = {{ pillar['wireguard']['privatekey'] }}
|
||||
ListenPort = {{ pillar['wireguard']['port'] }}
|
||||
PostUp = iptables -A FORWARD -i {{ pillar['wireguard']['iface'] }} -j ACCEPT; iptables -t nat -A POSTROUTING -o {{ pillar['network']['interface']['internal'] }} -j MASQUERADE
|
||||
PostDOWN = iptables -D FORWARD -i {{ pillar['wireguard']['iface'] }} -j ACCEPT; iptables -t nat -D POSTROUTING -o {{ pillar['network']['interface']['internal'] }} -j MASQUERADE
|
||||
|
||||
{% for peer in pillar['wireguard']['peers'] -%}
|
||||
[peer]
|
||||
PublicKey = {{ peer['publickey'] }}
|
||||
PresharedKey = {{ peer['presharedkey'] }}
|
||||
AllowedIPs = {{ peer['allowedips'] }}
|
||||
{% endfor %}
|
||||
|
26
salt/states/wireguard/init.sls
Normal file
26
salt/states/wireguard/init.sls
Normal file
@@ -0,0 +1,26 @@
|
||||
Install wireguard tools:
|
||||
pkg.installed:
|
||||
- name: wireguard-tools
|
||||
|
||||
{% if pillar['wireguard']['privatekey'] %}
|
||||
configure wireguard interface:
|
||||
file.managed:
|
||||
- name: /etc/wireguard/{{ pillar['wireguard']['iface'] }}.conf
|
||||
- source: salt://wireguard/files/interface.conf.template
|
||||
- template: jinja
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: "0600"
|
||||
|
||||
stop wireguard interface:
|
||||
cmd.run:
|
||||
- name: wg-quick down {{ pillar['wireguard']['iface'] }}
|
||||
- onlyif: wg show {{ pillar['wireguard']['iface'] }}
|
||||
- onchanges:
|
||||
- file: configure wireguard interface
|
||||
|
||||
start wireguard interface:
|
||||
cmd.run:
|
||||
- name: wg-quick up {{ pillar['wireguard']['iface'] }}
|
||||
- unless: wg show {{ pillar['wireguard']['iface'] }}
|
||||
{% endif %}
|
Reference in New Issue
Block a user