X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/84cfea597ff6d2b2320cf2f164730da1f5eefd8b..ed524a3afc8f43c16510de915662632e3b186a88:/cookbooks/networking/recipes/default.rb diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb index 3a30f20f9..81437acc0 100644 --- a/cookbooks/networking/recipes/default.rb +++ b/cookbooks/networking/recipes/default.rb @@ -262,11 +262,19 @@ if node[:networking][:wireguard][:enabled] :endpoint => "gate.compton.nu:51820" } + # Grant home node.default[:networking][:wireguard][:peers] << { :public_key => "RofATnvlWxP3mt87+QKRXFE5MVxtoCcTsJ+yftZYEE4=", :allowed_ips => "10.89.122.1/32", :endpoint => "gate.firefishy.com:51820" } + + # Grant roaming + node.default[:networking][:wireguard][:peers] << { + :public_key => "YbUkREE9TAmomqgL/4Fh2e5u2Hh7drN/2o5qg3ndRxg=", + :allowed_ips => "10.89.123.1/32", + :endpoint => "roaming.firefishy.com:51820" + } end template "/etc/systemd/network/wireguard.netdev" do @@ -512,16 +520,24 @@ if node[:networking][:wireguard][:enabled] end end +file "/etc/shorewall/masq" do + action :delete +end + +file "/etc/shorewall/masq.bak" do + action :delete +end + if node[:roles].include?("gateway") - template "/etc/shorewall/masq" do - source "shorewall-masq.erb" + template "/etc/shorewall/snat" do + source "shorewall-snat.erb" owner "root" group "root" mode "644" notifies :restart, "service[shorewall]" end else - file "/etc/shorewall/masq" do + file "/etc/shorewall/snat" do action :delete notifies :restart, "service[shorewall]" end