From 4e068609184e2ff5ff0e0688568eb5e56fd0c4be Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Tue, 11 May 2021 13:20:31 +0100
Subject: [PATCH] Sort wireguard peers to keep file content stable

---
 cookbooks/networking/templates/default/wireguard.netdev.erb  | 2 +-
 cookbooks/networking/templates/default/wireguard.network.erb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cookbooks/networking/templates/default/wireguard.netdev.erb b/cookbooks/networking/templates/default/wireguard.netdev.erb
index 7866f97a4..248bde252 100644
--- a/cookbooks/networking/templates/default/wireguard.netdev.erb
+++ b/cookbooks/networking/templates/default/wireguard.netdev.erb
@@ -9,7 +9,7 @@ PrivateKey=<%= IO.read("/var/lib/systemd/wireguard/private.key").chomp %>
 PrivateKeyFile=/var/lib/systemd/wireguard/private.key
 <% end -%>
 ListenPort=51820
-<% node[:networking][:wireguard][:peers].each do |peer| -%>
+<% node[:networking][:wireguard][:peers].sort_by { |p| p[:public_key] }.each do |peer| -%>
 
 [WireGuardPeer]
 PublicKey=<%= peer[:public_key] %>
diff --git a/cookbooks/networking/templates/default/wireguard.network.erb b/cookbooks/networking/templates/default/wireguard.network.erb
index 5e215b184..481fe14ff 100644
--- a/cookbooks/networking/templates/default/wireguard.network.erb
+++ b/cookbooks/networking/templates/default/wireguard.network.erb
@@ -12,7 +12,7 @@ Address=<%= node[:networking][:wireguard][:address] %>/128
 
 [Route]
 Destination=fd43:e709:ea6d:1::/64
-<% node[:networking][:wireguard][:peers].each do |peer| -%>
+<% node[:networking][:wireguard][:peers].sort_by { |p| p[:public_key] }.each do |peer| -%>
 <% Array(peer[:allowed_ips]).sort.each do |ip| -%>
 <% unless ip =~ /^fd43:e709:ea6d:1::/ -%>
 
-- 
2.43.2