bundles/wireguard: support arch linux and other netmasks than /31

2022-03-09 13:05:01 +01:00 · 2022-03-09 13:05:01 +01:00 · c7e5002f17
parent 05a2e501ce
commit c7e5002f17
2 changed files with 7 additions and 5 deletions
--- a/bundles/wireguard/items.py
+++ b/bundles/wireguard/items.py
@ -22,9 +22,7 @@ for number, (peer, config) in enumerate(sorted(node.metadata.get('wireguard/peer
            'psk': config['psk'],
            'pubkey': config['pubkey'],
        },
-        'needs': {
-            'pkg_apt:wireguard',
-        },
+        'needs': {'pkg_apt:wireguard'} if node.has_bundle('apt') else set(),
        'triggers': {
            'svc_systemd:systemd-networkd:restart',
        },
--- a/bundles/wireguard/metadata.py
+++ b/bundles/wireguard/metadata.py
@ -200,9 +200,13 @@ def firewall(metadata):
 def interface_ips(metadata):
    interfaces = {}
    for number, (peer, config) in enumerate(sorted(metadata.get('wireguard/peers', {}).items())):
+        if '/' in config['my_ip']:
+            my_ip = config['my_ip']
+        else:
+            my_ip = '{}/31'.format(config['my_ip'])
        interfaces[f'wg{number}'] = {
            'ips': {
-                '{}/31'.format(config['my_ip']),
+                my_ip,
            },
        }
    return {
@ -214,7 +218,7 @@ def interface_ips(metadata):
    'nftables/rules/10-wireguard',
 )
 def snat(metadata):
-    if not node.has_bundle('nftables'):
+    if not node.has_bundle('nftables') or node.os == 'arch':
        raise DoNotRunAgain

    rules = {