Sort wireguard peers to keep file content stable

diff --git a/cookbooks/networking/templates/default/wireguard.netdev.erb b/cookbooks/networking/templates/default/wireguard.netdev.erb
index 7866f97a4d093fb5bd25e5154c2767d6f3f07b4f..248bde252660c11b56407260aba5eda7e6972663 100644 (file)
--- a/cookbooks/networking/templates/default/wireguard.netdev.erb
+++ b/cookbooks/networking/templates/default/wireguard.netdev.erb
@@ -9,7 +9,7 @@ PrivateKey=<%= IO.read("/var/lib/systemd/wireguard/private.key").chomp %>
 PrivateKeyFile=/var/lib/systemd/wireguard/private.key
 <% end -%>
 ListenPort=51820
-<% node[:networking][:wireguard][:peers].each do |peer| -%>
+<% node[:networking][:wireguard][:peers].sort_by { |p| p[:public_key] }.each do |peer| -%>
 
 [WireGuardPeer]
 PublicKey=<%= peer[:public_key] %>

diff --git a/cookbooks/networking/templates/default/wireguard.network.erb b/cookbooks/networking/templates/default/wireguard.network.erb
index 5e215b18401b960d31141281148070210635cf3b..481fe14ffbb7a9eafae330c83fced3cf2ce9864b 100644 (file)
--- a/cookbooks/networking/templates/default/wireguard.network.erb
+++ b/cookbooks/networking/templates/default/wireguard.network.erb
@@ -12,7 +12,7 @@ Address=<%= node[:networking][:wireguard][:address] %>/128
 
 [Route]
 Destination=fd43:e709:ea6d:1::/64
-<% node[:networking][:wireguard][:peers].each do |peer| -%>
+<% node[:networking][:wireguard][:peers].sort_by { |p| p[:public_key] }.each do |peer| -%>
 <% Array(peer[:allowed_ips]).sort.each do |ip| -%>
 <% unless ip =~ /^fd43:e709:ea6d:1::/ -%>