forked from saltstack-formulas/wireguard-formula
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pillar.example
87 lines (81 loc) · 2.71 KB
/
pillar.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
wireguard:
lookup:
# Just for testing purposes
winner: lookup
added_in_lookup: lookup_value
tofs:
# The files_switch key serves as a selector for alternative
# directories under the formula files directory. See TOFS pattern
# doc for more info.
# Note: Any value not evaluated by `config.get` will be used literally.
# This can be used to set custom paths, as many levels deep as required.
files_switch:
- any/path/can/be/used/here
- id
- roles
- osfinger
- os
- os_family
# All aspects of path/file resolution are customisable using the options below.
# This is unnecessary in most cases; there are sensible defaults.
# Default path: salt://< path_prefix >/< dirs.files >/< dirs.default >
# I.e.: salt://wireguard/files/default
# path_prefix: template_alt
# dirs:
# files: files_alt
# default: default_alt
# The entries under `source_files` are prepended to the default source files
# given for the state
# source_files:
# wireguard-config-file-file-managed:
# - 'example_alt.tmpl'
# - 'example_alt.tmpl.jinja'
# For testing purposes
source_files:
wireguard-config-file-interface-wg0-config:
- 'wireguard.conf.jinja'
# Background:
# - https://bsdrp.net/documentation/examples/gre_ipsec_and_openvpn#wireguard
# - https://manpages.debian.org/unstable/wireguard-tools/wg.8.en.html
interfaces:
wg0:
Interface:
# If this is not set, we will generate the private key
# (together with the public key) and set it via PostUp
# PrivateKey: PRIVATE_KEY
ListenPort: 51820
Peers:
# We name the peers so we can automatically exclude them
# on the node with the same minion ID.
# It's also easy to alter the dicts via salt.pillar.stack.
minion_id1:
PublicKey: FSvVqj2s1FZqsSIvPLrE1RRTgbaPLbfG87P36F21M1g=
AllowedIPs:
# Arrays are joined by a comma.
- 10.0.45.0/24
- 10.0.47.0/24
# - 2001:db8:45::2/64
Endpoint: 10.0.34.4:51820
minion_id2:
# Requires the mine_functions to be configured (see below)
PublicKey: mine:minion_id2:wg0
AllowedIPs: 0.0.0.0/0
Endpoint: 10.0.0.1:51820
# Just for testing purposes
winner: pillar
added_in_pillar: pillar_value
# Required for fetching of public keys
mine_functions:
public_wireguard_keys:
mine_function: cmd.run
python_shell: true
cmd: |
set -e
cd /etc/wireguard/
for key in `ls -1 *.pub`
do
echo "`basename \"${key}\" '.pub'` `head -n1 \"${key}\"`"
done