]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/networking/templates/default/wireguard.netdev.erb
Add alerts for planet dumps and replication feeds
[chef.git] / cookbooks / networking / templates / default / wireguard.netdev.erb
index 7f7ef31141d82bfde26e1d42f7827c9634c2e39c..248bde252660c11b56407260aba5eda7e6972663 100644 (file)
@@ -3,13 +3,21 @@ Name=wg0
 Kind=wireguard
 
 [WireGuard]
 Kind=wireguard
 
 [WireGuard]
+<% if node[:lsb][:release].to_f < 20.04 -%>
+PrivateKey=<%= IO.read("/var/lib/systemd/wireguard/private.key").chomp %>
+<% else -%>
 PrivateKeyFile=/var/lib/systemd/wireguard/private.key
 PrivateKeyFile=/var/lib/systemd/wireguard/private.key
+<% end -%>
 ListenPort=51820
 ListenPort=51820
-<% node[:networking][:wireguard][:peers].each do |peer| -%>
+<% node[:networking][:wireguard][:peers].sort_by { |p| p[:public_key] }.each do |peer| -%>
 
 [WireGuardPeer]
 PublicKey=<%= peer[:public_key] %>
 
 [WireGuardPeer]
 PublicKey=<%= peer[:public_key] %>
+<% if node[:lsb][:release].to_f < 20.04 -%>
+PresharedKey=<%= IO.read("/var/lib/systemd/wireguard/preshared.key").chomp %>
+<% else -%>
 PresharedKeyFile=/var/lib/systemd/wireguard/preshared.key
 PresharedKeyFile=/var/lib/systemd/wireguard/preshared.key
+<% end -%>
 AllowedIPs=<%= Array(peer[:allowed_ips]).sort.join(",") %>
 <% if peer[:endpoint] -%>
 Endpoint=<%= peer[:endpoint] %>
 AllowedIPs=<%= Array(peer[:allowed_ips]).sort.join(",") %>
 <% if peer[:endpoint] -%>
 Endpoint=<%= peer[:endpoint] %>