]> git.openstreetmap.org Git - chef.git/commitdiff
projects / chef.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d32d778)
Fix configuration of wireguard keys on 18.04
authorTom Hughes <tom@compton.nu>
Mon, 14 Sep 2020 18:07:24 +0000 (19:07 +0100)
committerTom Hughes <tom@compton.nu>
Mon, 14 Sep 2020 18:07:24 +0000 (19:07 +0100)
cookbooks/networking/recipes/default.rb patch | blob | history
cookbooks/networking/templates/default/wireguard.netdev.erb patch | blob | history

diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb
index 0f7b2e49ab804f2258c7c6174ab2fcfc68b70bb0..34a1a52afba33d0e3e860cf3e6eb6ddcdc975000 100644 (file)
--- a/cookbooks/networking/recipes/default.rb
+++ b/cookbooks/networking/recipes/default.rb
@@ -240,8 +240,8 @@ if node[:networking][:wireguard][:enabled]
   template "/etc/systemd/network/wireguard.netdev" do
     source "wireguard.netdev.erb"
     owner "root"
-    group "root"
-    mode "644"
+    group "systemd-network"
+    mode "640"
   end
 
   template "/etc/systemd/network/wireguard.network" do
diff --git a/cookbooks/networking/templates/default/wireguard.netdev.erb b/cookbooks/networking/templates/default/wireguard.netdev.erb
index 7f7ef31141d82bfde26e1d42f7827c9634c2e39c..7866f97a4d093fb5bd25e5154c2767d6f3f07b4f 100644 (file)
--- a/cookbooks/networking/templates/default/wireguard.netdev.erb
+++ b/cookbooks/networking/templates/default/wireguard.netdev.erb
@@ -3,13 +3,21 @@ Name=wg0
 Kind=wireguard
 
 [WireGuard]
+<% if node[:lsb][:release].to_f < 20.04 -%>
+PrivateKey=<%= IO.read("/var/lib/systemd/wireguard/private.key").chomp %>
+<% else -%>
 PrivateKeyFile=/var/lib/systemd/wireguard/private.key
+<% end -%>
 ListenPort=51820
 <% node[:networking][:wireguard][:peers].each do |peer| -%>
 
 [WireGuardPeer]
 PublicKey=<%= peer[:public_key] %>
+<% if node[:lsb][:release].to_f < 20.04 -%>
+PresharedKey=<%= IO.read("/var/lib/systemd/wireguard/preshared.key").chomp %>
+<% else -%>
 PresharedKeyFile=/var/lib/systemd/wireguard/preshared.key
+<% end -%>
 AllowedIPs=<%= Array(peer[:allowed_ips]).sort.join(",") %>
 <% if peer[:endpoint] -%>
 Endpoint=<%= peer[:endpoint] %>
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.