relay_from_hosts = node[:exim][:relay_from_hosts]
if node[:exim][:smarthost_name]
+ search(:node, "roles:gateway") do |gateway|
+ allowed_ips = gateway.interfaces(:role => :internal).map do |interface|
+ "#{interface[:network]}/#{interface[:prefix]}"
+ end
+
+ node.default[:networking][:wireguard][:peers] << {
+ :public_key => gateway[:networking][:wireguard][:public_key],
+ :allowed_ips => allowed_ips,
+ :endpoint => "#{gateway.name}:51820"
+ }
+ end
+
search(:node, "exim_smarthost_via:#{node[:exim][:smarthost_name]}\\:*").each do |host|
relay_from_hosts |= host.ipaddresses(:role => :external)
end
}
end
+ search(:node, "roles:mail") do |server|
+ allowed_ips = server.interfaces(:role => :internal).map do |interface|
+ "#{interface[:network]}/#{interface[:prefix]}"
+ end
+
+ if server[:networking][:private_address]
+ allowed_ips << "#{server[:networking][:private_address]}/32"
+ end
+
+ node.default[:networking][:wireguard][:peers] << {
+ :public_key => server[:networking][:wireguard][:public_key],
+ :allowed_ips => allowed_ips,
+ :endpoint => "#{server.name}:51820"
+ }
+ end
+
node.default[:networking][:wireguard][:peers] << {
:public_key => "7Oj9ufNlgidyH/xDc+aHQKMjJPqTmD/ab13agMh6AxA=",
:allowed_ips => "10.0.16.1/32",
<% if node.internal_ipaddress -%>
Address=<%= node.internal_ipaddress %>/32
<% end -%>
+<% if node[:networking][:private_address] -%>
+Address=<%= node[:networking][:private_address] %>/32
+<% end -%>
Address=<%= node[:networking][:wireguard][:address] %>/128
[Route]
:gateway => "fe80::1"
}
},
- :nameservers => ["89.16.162.20", "2001:41c9:2:d6::20"]
+ :nameservers => ["89.16.162.20", "2001:41c9:2:d6::20"],
+ :private_address => "10.0.16.100"
}
)
projects / chef.git / commitdiff