bundles/wireguard: support arch linux and other netmasks than /31
This commit is contained in:
parent
05a2e501ce
commit
c7e5002f17
2 changed files with 7 additions and 5 deletions
|
@ -22,9 +22,7 @@ for number, (peer, config) in enumerate(sorted(node.metadata.get('wireguard/peer
|
||||||
'psk': config['psk'],
|
'psk': config['psk'],
|
||||||
'pubkey': config['pubkey'],
|
'pubkey': config['pubkey'],
|
||||||
},
|
},
|
||||||
'needs': {
|
'needs': {'pkg_apt:wireguard'} if node.has_bundle('apt') else set(),
|
||||||
'pkg_apt:wireguard',
|
|
||||||
},
|
|
||||||
'triggers': {
|
'triggers': {
|
||||||
'svc_systemd:systemd-networkd:restart',
|
'svc_systemd:systemd-networkd:restart',
|
||||||
},
|
},
|
||||||
|
|
|
@ -200,9 +200,13 @@ def firewall(metadata):
|
||||||
def interface_ips(metadata):
|
def interface_ips(metadata):
|
||||||
interfaces = {}
|
interfaces = {}
|
||||||
for number, (peer, config) in enumerate(sorted(metadata.get('wireguard/peers', {}).items())):
|
for number, (peer, config) in enumerate(sorted(metadata.get('wireguard/peers', {}).items())):
|
||||||
|
if '/' in config['my_ip']:
|
||||||
|
my_ip = config['my_ip']
|
||||||
|
else:
|
||||||
|
my_ip = '{}/31'.format(config['my_ip'])
|
||||||
interfaces[f'wg{number}'] = {
|
interfaces[f'wg{number}'] = {
|
||||||
'ips': {
|
'ips': {
|
||||||
'{}/31'.format(config['my_ip']),
|
my_ip,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
return {
|
return {
|
||||||
|
@ -214,7 +218,7 @@ def interface_ips(metadata):
|
||||||
'nftables/rules/10-wireguard',
|
'nftables/rules/10-wireguard',
|
||||||
)
|
)
|
||||||
def snat(metadata):
|
def snat(metadata):
|
||||||
if not node.has_bundle('nftables'):
|
if not node.has_bundle('nftables') or node.os == 'arch':
|
||||||
raise DoNotRunAgain
|
raise DoNotRunAgain
|
||||||
|
|
||||||
rules = {
|
rules = {
|
||||||
|
|
Loading…
Reference in a new issue