Cleanup any old "normal" priority networking configuration

[chef.git] / cookbooks / networking / recipes / default.rb

diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb
index ac847bfc7cbe58df019246552d671d8e93aa89c1..13fd2252bd849e9752cd51f4e36f3931411aa75e 100644 (file)
--- a/cookbooks/networking/recipes/default.rb
+++ b/cookbooks/networking/recipes/default.rb
@@ -37,6 +37,8 @@ netplan = {
   }
 }
 
+node.rm_normal(:networking)
+
 node[:networking][:interfaces].each do |name, interface|
   if interface[:interface]
     if interface[:role] && (role = node[:networking][:roles][interface[:role]])
@@ -210,7 +212,7 @@ if node[:networking][:wireguard][:enabled]
     compile_time true
   end
 
-  node.default[:networking][:wireguard][:public_key] = %x(wg pubkey < /var/lib/systemd/wireguard/private.key)
+  node.default[:networking][:wireguard][:public_key] = %x(wg pubkey < /var/lib/systemd/wireguard/private.key).chomp
 
   file "/var/lib/systemd/wireguard/preshared.key" do
     action :create_if_missing
@@ -226,7 +228,7 @@ if node[:networking][:wireguard][:enabled]
       next unless gateway[:networking][:wireguard] && gateway[:networking][:wireguard][:enabled]
 
       allowed_ips = gateway.interfaces(:role => :internal).map do |interface|
-        "#{interface[:network]}/#{interface[:metric]}"
+        "#{interface[:network]}/#{interface[:prefix]}"
       end
 
       node.default[:networking][:wireguard][:peers] << {
@@ -240,8 +242,8 @@ if node[:networking][:wireguard][:enabled]
   template "/etc/systemd/network/wireguard.netdev" do
     source "wireguard.netdev.erb"
     owner "root"
-    group "root"
-    mode "644"
+    group "systemd-network"
+    mode "640"
   end
 
   template "/etc/systemd/network/wireguard.network" do
@@ -251,19 +253,35 @@ if node[:networking][:wireguard][:enabled]
     mode "644"
   end
 
-  execute "ip-link-delete-wg0" do
-    action :nothing
-    command "ip link delete wg0"
-    subscribes :run, "template[/etc/systemd/network/wireguard.netdev]"
-    only_if { ::File.exist?("/sys/class/net/wg0") }
-  end
+  if node[:lsb][:release].to_f < 20.04
+    execute "ip-link-delete-wg0" do
+      action :nothing
+      command "ip link delete wg0"
+      subscribes :run, "template[/etc/systemd/network/wireguard.netdev]"
+      only_if { ::File.exist?("/sys/class/net/wg0") }
+    end
 
-  execute "networkctl-reload" do
-    action :nothing
-    command "networkctl reload"
-    subscribes :run, "template[/etc/systemd/network/wireguard.netdev]"
-    subscribes :run, "template[/etc/systemd/network/wireguard.network]"
-    not_if { ENV.key?("TEST_KITCHEN") }
+    service "systemd-networkd" do
+      action :nothing
+      subscribes :restart, "template[/etc/systemd/network/wireguard.netdev]"
+      subscribes :restart, "template[/etc/systemd/network/wireguard.network]"
+      not_if { ENV.key?("TEST_KITCHEN") }
+    end
+  else
+    execute "networkctl-delete-wg0" do
+      action :nothing
+      command "networkctl delete wg0"
+      subscribes :run, "template[/etc/systemd/network/wireguard.netdev]"
+      only_if { ::File.exist?("/sys/class/net/wg0") }
+    end
+
+    execute "networkctl-reload" do
+      action :nothing
+      command "networkctl reload"
+      subscribes :run, "template[/etc/systemd/network/wireguard.netdev]"
+      subscribes :run, "template[/etc/systemd/network/wireguard.network]"
+      not_if { ENV.key?("TEST_KITCHEN") }
+    end
   end
 end