:endpoint => "#{gateway.name}:51820"
}
end
+
+ node.default[:networking][:wireguard][:peers] << {
+ :public_key => "7Oj9ufNlgidyH/xDc+aHQKMjJPqTmD/ab13agMh6AxA=",
+ :allowed_ips => "10.0.16.1/32",
+ :endpoint => "gate.compton.nu:51820"
+ }
end
template "/etc/systemd/network/wireguard.netdev" do
source "wireguard.netdev.erb"
owner "root"
- group "root"
- mode "644"
+ group "systemd-network"
+ mode "640"
end
template "/etc/systemd/network/wireguard.network" do
end
if node[:networking][:wireguard][:enabled]
+ wireguard_source = if node[:roles].include?("gateway")
+ "net"
+ else
+ "osm"
+ end
+
firewall_rule "accept-wireguard" do
action :accept
- source "osm"
+ source wireguard_source
dest "fw"
proto "udp"
dest_ports "51820"