bundles/wireguard: support arch linux and other netmasks than /31

This commit is contained in:
Franzi 2022-03-09 13:05:01 +01:00
parent 05a2e501ce
commit c7e5002f17
Signed by: kunsi
GPG key ID: 12E3D2136B818350
2 changed files with 7 additions and 5 deletions

View file

@ -22,9 +22,7 @@ for number, (peer, config) in enumerate(sorted(node.metadata.get('wireguard/peer
'psk': config['psk'], 'psk': config['psk'],
'pubkey': config['pubkey'], 'pubkey': config['pubkey'],
}, },
'needs': { 'needs': {'pkg_apt:wireguard'} if node.has_bundle('apt') else set(),
'pkg_apt:wireguard',
},
'triggers': { 'triggers': {
'svc_systemd:systemd-networkd:restart', 'svc_systemd:systemd-networkd:restart',
}, },

View file

@ -200,9 +200,13 @@ def firewall(metadata):
def interface_ips(metadata): def interface_ips(metadata):
interfaces = {} interfaces = {}
for number, (peer, config) in enumerate(sorted(metadata.get('wireguard/peers', {}).items())): for number, (peer, config) in enumerate(sorted(metadata.get('wireguard/peers', {}).items())):
if '/' in config['my_ip']:
my_ip = config['my_ip']
else:
my_ip = '{}/31'.format(config['my_ip'])
interfaces[f'wg{number}'] = { interfaces[f'wg{number}'] = {
'ips': { 'ips': {
'{}/31'.format(config['my_ip']), my_ip,
}, },
} }
return { return {
@ -214,7 +218,7 @@ def interface_ips(metadata):
'nftables/rules/10-wireguard', 'nftables/rules/10-wireguard',
) )
def snat(metadata): def snat(metadata):
if not node.has_bundle('nftables'): if not node.has_bundle('nftables') or node.os == 'arch':
raise DoNotRunAgain raise DoNotRunAgain
rules = { rules = {