Skip to content
This repository has been archived by the owner on Apr 4, 2022. It is now read-only.

Latest commit

 

History

History
28 lines (24 loc) · 966 Bytes

README.md

File metadata and controls

28 lines (24 loc) · 966 Bytes

Puppet Wireguard

Stopped using this module once example42-network got deprecated. Leaving this here for anyone who still wants to use or fork it

Generate keys:

wg genkey | tee privatekey | wg pubkey > publickey

Example (hiera)

wireguard::interfaces:
  wg0:
    private_key: YourPrivateKey
    listen_port: 51820
    address4: 192.168.20.1/24
    peers:
      SomePeer:
        public_key: SomePeerPublicKey
        endpoint: some.peer.com:51820
        allowed_ips: ['192.168.0.0/16']
        persistent_keepalive: 10

Updating config: setconf vs syncconf

Summarised from the wg manpage: setconf will set the configuration of specified interface to the contents of the specified config file. syncconf will read the current configuration of the interface and only make changes that are explicitely different from the config file and the current config. Slower then setconf, but less disruptive to current peer sessions