Wireguard is a module for wireguard config managing. Both client and server configs are supported.
This module was tested on CentOS 7. It also should work on Fedora 19 and higher and RHEL 7, but no tests were performed.
mod 'wireguard',
:git => 'https://github.com/arrnorets/puppet-wireguard.git',
:ref => 'main'
This module follows the concept of so called "XaaH in Puppet". The principles are described here and here.
Here is the example of config in Hiera:
---
wireguard:
package: 'present'
enable: true
is_dkms_needed: 'no'
is_wireguard_server: 'no'
config:
wg0:
Interface:
Address: 'define_in_module'
ListenPort: 32700
PrivateKey: 'define_in_module'
Peer:
PublicKey: "< public key of host wg-server.local >"
AllowedIPs: "10.10.10.0/24"
Endpoint: "192.168.1.10:32700"
PersistentKeepalive: 10
wireguard_peer_info:
wg0:
wg-server.local:
Address: "10.10.10.1/24"
PrivateKey: '< private key of host wg-server.local >'
PublicKey: '< public key of host wg-server.local >'
Endpoint: "192.168.1.10:32700"
PersistentKeepalive: 10
wg-client.local:
Address: '10.10.10.2/24'
PrivateeKey: '< private key of host wg-client.local >'
PublicKey: '< public key of host wg-client.local >'
Endpoint: '192.168.1.11:32700'
PersistentKeepalive: 10It will install wireguard-tools package, enable service wg-quick@wg0 and produce the folowing file /etc/wireguard/wg0.conf:
- On client:
[Interface] Address = 10.10.10.2/24 ListenPort = 32700 PrivateKey = < private key of host wg-client.local > [Peer] PublicKey = < public key of host wg-server.local > AllowedIPs = 10.10.10.0/24 Endpoint = 192.168.11.10:32700 PersistentKeepalive = 10
- On server:
[Interface] Address = 10.10.10.1/24 ListenPort = 32700 PrivateKey = < private key of host wg-server.local > # /* Peer list */ # // wg-client.local [Peer] AllowedIPs = 10.10.10.2/32 PublicKey = < public key of host wg-client.local > PersistentKeepalive = 10 # /* END BLOCK */