X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/3e8b676750834c173b58619b4b8a10fc8204cc2a..f8d80d1e42b9677462a5f0bc9a57d3a693a8e226:/cookbooks/networking/recipes/default.rb?ds=sidebyside diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb index bf6ff6c57..9bf834522 100644 --- a/cookbooks/networking/recipes/default.rb +++ b/cookbooks/networking/recipes/default.rb @@ -94,12 +94,12 @@ node[:networking][:interfaces].each do |name, interface| deviceplan["parameters"] = { "mode" => interface[:bond][:mode] || "active-backup", - "primary" => interface[:bond][:slaves].first, "mii-monitor-interval" => interface[:bond][:miimon] || 100, "down-delay" => interface[:bond][:downdelay] || 200, "up-delay" => interface[:bond][:updelay] || 200 } + deviceplan["parameters"]["primary"] = interface[:bond][:slaves].first if deviceplan["parameters"]["mode"] == "active-backup" deviceplan["parameters"]["transmit-hash-policy"] = interface[:bond][:xmithashpolicy] if interface[:bond][:xmithashpolicy] deviceplan["parameters"]["lacp-rate"] = interface[:bond][:lacprate] if interface[:bond][:lacprate] end @@ -196,6 +196,7 @@ if node[:networking][:wireguard][:enabled] package "wireguard-tools" do compile_time true + options "--no-install-recommends" end directory "/var/lib/systemd/wireguard" do @@ -240,7 +241,7 @@ if node[:networking][:wireguard][:enabled] } end - search(:node, "roles:mail OR roles:prometheus") do |server| + search(:node, "roles:shenron OR roles:prometheus") do |server| allowed_ips = server.interfaces(:role => :internal).map do |interface| "#{interface[:network]}/#{interface[:prefix]}" end @@ -272,8 +273,21 @@ if node[:networking][:wireguard][:enabled] # Grant roaming node.default[:networking][:wireguard][:peers] << { :public_key => "YbUkREE9TAmomqgL/4Fh2e5u2Hh7drN/2o5qg3ndRxg=", - :allowed_ips => "10.89.123.1/32" + :allowed_ips => "10.89.123.1/32", + :endpoint => "roaming.firefishy.com:51820" } + elsif node[:roles].include?("shenron") + search(:node, "roles:gateway") do |gateway| + allowed_ips = gateway.interfaces(:role => :internal).map do |interface| + "#{interface[:network]}/#{interface[:prefix]}" + end + + node.default[:networking][:wireguard][:peers] << { + :public_key => gateway[:networking][:wireguard][:public_key], + :allowed_ips => allowed_ips, + :endpoint => "#{gateway.name}:51820" + } + end end template "/etc/systemd/network/wireguard.netdev" do