salt/wireguard: add routes to endpoints
This commit is contained in:
parent
48418f5909
commit
4d6c5b0c89
|
@ -4,6 +4,15 @@ wireguard-tools:
|
||||||
/etc/systemd/system/wireguard@.service:
|
/etc/systemd/system/wireguard@.service:
|
||||||
file.managed:
|
file.managed:
|
||||||
- source: salt://wireguard/wireguard.service
|
- source: salt://wireguard/wireguard.service
|
||||||
|
- template: 'jinja'
|
||||||
|
- context:
|
||||||
|
gateway: {{ pillar['hosts-inet']['core']['upstream2']
|
||||||
|
endpoints:
|
||||||
|
{%- for instance, conf in pillar['wireguard-instances'].items() %}
|
||||||
|
{%- for peer in conf['peers'] %}
|
||||||
|
- {{ peer['endpoint'] }}
|
||||||
|
{%- endfor %}
|
||||||
|
{%- endfor %}
|
||||||
|
|
||||||
{%- for instance, conf in pillar['wireguard-instances'].items() %}
|
{%- for instance, conf in pillar['wireguard-instances'].items() %}
|
||||||
/etc/wireguard/{{ instance }}.conf:
|
/etc/wireguard/{{ instance }}.conf:
|
||||||
|
|
|
@ -4,6 +4,9 @@ PartOf=wireguard.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
|
{%- for endpoint in endpoints %}
|
||||||
|
ExecStart=-/bin/ip route add {{ endpoint }} via {{ gateway }}
|
||||||
|
{%- endfor %}
|
||||||
ExecStart=/usr/bin/wg-quick up /etc/wireguard/%i.conf
|
ExecStart=/usr/bin/wg-quick up /etc/wireguard/%i.conf
|
||||||
ExecStop=/usr/bin/wg-quick down /etc/wireguard/%i.conf
|
ExecStop=/usr/bin/wg-quick down /etc/wireguard/%i.conf
|
||||||
RemainAfterExit=true
|
RemainAfterExit=true
|
||||||
|
|
Loading…
Reference in New Issue
Block a user