X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/ed505da4d7553ab26bda2169bec0b08ee76cfd1f..9d484a34c1141e82a1565d1d6a21f9b68077e1b7:/cookbooks/networking/recipes/default.rb

diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb
index 162e0c3a8..0ae4a12fb 100644
--- a/cookbooks/networking/recipes/default.rb
+++ b/cookbooks/networking/recipes/default.rb
@@ -240,7 +240,7 @@ if node[:networking][:wireguard][:enabled]
       }
     end
 
-    search(:node, "roles:mail OR roles:prometheus") do |server|
+    search(:node, "roles:shenron OR roles:prometheus") do |server|
       allowed_ips = server.interfaces(:role => :internal).map do |interface|
         "#{interface[:network]}/#{interface[:prefix]}"
       end
@@ -262,11 +262,31 @@ if node[:networking][:wireguard][:enabled]
       :endpoint => "gate.compton.nu:51820"
     }
 
+    # Grant home
     node.default[:networking][:wireguard][:peers] << {
       :public_key => "RofATnvlWxP3mt87+QKRXFE5MVxtoCcTsJ+yftZYEE4=",
       :allowed_ips => "10.89.122.1/32",
       :endpoint => "gate.firefishy.com:51820"
     }
+
+    # Grant roaming
+    node.default[:networking][:wireguard][:peers] << {
+      :public_key => "YbUkREE9TAmomqgL/4Fh2e5u2Hh7drN/2o5qg3ndRxg=",
+      :allowed_ips => "10.89.123.1/32",
+      :endpoint => "roaming.firefishy.com:51820"
+    }
+  elsif node[:roles].include?("shenron")
+    search(:node, "roles:gateway") do |gateway|
+      allowed_ips = gateway.interfaces(:role => :internal).map do |interface|
+        "#{interface[:network]}/#{interface[:prefix]}"
+      end
+
+      node.default[:networking][:wireguard][:peers] << {
+        :public_key => gateway[:networking][:wireguard][:public_key],
+        :allowed_ips => allowed_ips,
+        :endpoint => "#{gateway.name}:51820"
+      }
+    end
   end
 
   template "/etc/systemd/network/wireguard.netdev" do