}
}
-node.rm_normal(:networking)
-
node[:networking][:interfaces].each do |name, interface|
if interface[:interface]
if interface[:role] && (role = node[:networking][:roles][interface[:role]])
:endpoint => "#{gateway.name}:51820"
}
end
+
+ node.default[:networking][:wireguard][:peers] << {
+ :public_key => "7Oj9ufNlgidyH/xDc+aHQKMjJPqTmD/ab13agMh6AxA=",
+ :allowed_ips => "10.0.16.1/32",
+ :endpoint => "gate.compton.nu:51820"
+ }
end
template "/etc/systemd/network/wireguard.netdev" do
end
if node[:networking][:wireguard][:enabled]
+ wireguard_source = if node[:roles].include?("gateway")
+ "net"
+ else
+ "osm"
+ end
+
firewall_rule "accept-wireguard" do
action :accept
- source "osm"
+ source wireguard_source
dest "fw"
proto "udp"
dest_ports "51820"