From fe9045e126e17f6206840c1866909a0f1e9c7d65 Mon Sep 17 00:00:00 2001 From: Ben Magee Date: Wed, 17 Apr 2019 19:01:21 +0100 Subject: [PATCH] Inline templating of interface configuration, allow deferred lookup of public and private key values. Minimum requirement of Puppet 6 --- manifests/interface.pp | 50 +++++++++++++++++++++++++++++------- templates/interface.conf.erb | 24 ----------------- 2 files changed, 41 insertions(+), 33 deletions(-) delete mode 100644 templates/interface.conf.erb diff --git a/manifests/interface.pp b/manifests/interface.pp index a7cf079..1a55b90 100644 --- a/manifests/interface.pp +++ b/manifests/interface.pp @@ -16,28 +16,60 @@ # @param config_dir # Path to wireguard configuration files define wireguard::interface ( - Variant[Array,String] $address, - String $private_key, - Integer[1,65535] $listen_port, - Enum['present','absent'] $ensure = 'present', + Variant[Array,String] $address, + Variant[String, Deferred] $private_key, + Integer[1,65535] $listen_port, + Enum['present','absent'] $ensure = 'present', Optional[Array[Struct[ { - 'PublicKey' => String, + 'PublicKey' => Variant[String,Deferred], 'AllowedIPs' => Optional[String], 'Endpoint' => Optional[String], + 'PersistentKeepalive' => Optional[Integer], } - ]]] $peers = [], - Boolean $saveconfig = true, - Stdlib::Absolutepath $config_dir = '/etc/wireguard', + ]]] $peers = [], + Boolean $saveconfig = true, + Stdlib::Absolutepath $config_dir = '/etc/wireguard', ) { + $interface_template = @(EOF) +# This file is managed by puppet +[Interface] +Address = <%= $address %> +<% if $saveconfig { -%> +SaveConfig = true +<% } -%> +PrivateKey = <%= $private_key %> +ListenPort = <%= $listen_port %> +<%- if $peers { -%> +# Peers +<% $peers.each |$peer| { -%> +[Peer] +<% $peer.each |$key,$value| { -%> +<% if $value { -%> +<%= $key %> = <%= $value %> +<% } -%> +<% } -%> +<% } -%> +<% } -%> +EOF + + + $content_hash = { + 'address' => $address, + 'private_key' => $private_key, + 'listen_port' => $listen_port, + 'peers' => $peers, + 'saveconfig' => $saveconfig + } + file {"${config_dir}/${name}.conf": ensure => $ensure, mode => '0600', owner => 'root', group => 'root', show_diff => false, - content => template("${module_name}/interface.conf.erb"), + content => Deferred('inline_epp', [$interface_template, $content_hash]), notify => Service["wg-quick@${name}.service"], } diff --git a/templates/interface.conf.erb b/templates/interface.conf.erb deleted file mode 100644 index ef0f1a2..0000000 --- a/templates/interface.conf.erb +++ /dev/null @@ -1,24 +0,0 @@ -# This file is managed by puppet -[Interface] -<% if @address.is_a? Array -%> - <%- @address.flatten.each do |adr| -%> -Address = <%= adr %> - <%- end -%> -<%- else -%> -Address = <%= @address %> -<%- end -%> -<% if @saveconfig -%> -SaveConfig = true -<% end -%> -PrivateKey = <%= @private_key %> -ListenPort = <%= @listen_port %> -<%- if @peers -%> - -# Peers - <%- @peers.each do |peer| -%> -[Peer] - <%- peer.each do |key,value| -%> -<%= key %> = <%= value %> - <%- end %> - <%- end -%> -<%- end -%>