cookbooks/networking/templates/default/wireguard.netdev.erb

   1 [NetDev]
   2 Name=wg0
   3 Kind=wireguard
   4
   5 [WireGuard]
   6 <% if node[:lsb][:release].to_f < 20.04 -%>
   7 PrivateKey=<%= IO.read("/var/lib/systemd/wireguard/private.key").chomp %>
   8 <% else -%>
   9 PrivateKeyFile=/var/lib/systemd/wireguard/private.key
  10 <% end -%>
  11 ListenPort=51820
  12 <% node[:networking][:wireguard][:peers].sort_by { |p| p[:public_key] }.each do |peer| -%>
  13
  14 [WireGuardPeer]
  15 PublicKey=<%= peer[:public_key] %>
  16 <% if node[:lsb][:release].to_f < 20.04 -%>
  17 PresharedKey=<%= IO.read("/var/lib/systemd/wireguard/preshared.key").chomp %>
  18 <% else -%>
  19 PresharedKeyFile=/var/lib/systemd/wireguard/preshared.key
  20 <% end -%>
  21 AllowedIPs=<%= Array(peer[:allowed_ips]).sort.join(",") %>
  22 <% if peer[:endpoint] -%>
  23 Endpoint=<%= peer[:endpoint] %>
  24 <% end -%>
  25 <% if node[:networking][:wireguard][:keepalive] -%>
  26 PersistentKeepalive=<%= node[:networking][:wireguard][:keepalive] %>
  27 <% end -%>
  28 <% end -%>