Merge remote-tracking branch 'github/pull/514'

[chef.git] / cookbooks / networking / recipes / default.rb

diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb
index 3a30f20f969ede3e6f314e27b6a4867d702cd5dd..81437acc0869664f0213ce50759b2ec22465c03e 100644 (file)
--- a/cookbooks/networking/recipes/default.rb
+++ b/cookbooks/networking/recipes/default.rb
@@ -262,11 +262,19 @@ if node[:networking][:wireguard][:enabled]
       :endpoint => "gate.compton.nu:51820"
     }
 
+    # Grant home
     node.default[:networking][:wireguard][:peers] << {
       :public_key => "RofATnvlWxP3mt87+QKRXFE5MVxtoCcTsJ+yftZYEE4=",
       :allowed_ips => "10.89.122.1/32",
       :endpoint => "gate.firefishy.com:51820"
     }
+
+    # Grant roaming
+    node.default[:networking][:wireguard][:peers] << {
+      :public_key => "YbUkREE9TAmomqgL/4Fh2e5u2Hh7drN/2o5qg3ndRxg=",
+      :allowed_ips => "10.89.123.1/32",
+      :endpoint => "roaming.firefishy.com:51820"
+    }
   end
 
   template "/etc/systemd/network/wireguard.netdev" do
@@ -512,16 +520,24 @@ if node[:networking][:wireguard][:enabled]
   end
 end
 
+file "/etc/shorewall/masq" do
+  action :delete
+end
+
+file "/etc/shorewall/masq.bak" do
+  action :delete
+end
+
 if node[:roles].include?("gateway")
-  template "/etc/shorewall/masq" do
-    source "shorewall-masq.erb"
+  template "/etc/shorewall/snat" do
+    source "shorewall-snat.erb"
     owner "root"
     group "root"
     mode "644"
     notifies :restart, "service[shorewall]"
   end
 else
-  file "/etc/shorewall/masq" do
+  file "/etc/shorewall/snat" do
     action :delete
     notifies :restart, "service[shorewall]"
   end