bundles/wireguard: add option to set settings based on a specific peer

2023-12-10 14:48:24 +01:00 · 2023-12-10 14:48:24 +01:00 · ffb5125ddd
parent 0084257872
commit ffb5125ddd
3 changed files with 10 additions and 0 deletions
--- a/bundles/wireguard/files/wg.netdev
+++ b/bundles/wireguard/files/wg.netdev
@ -14,4 +14,6 @@ PresharedKey=${psk}
 % if endpoint:
 Endpoint=${endpoint}
 % endif
+% if specials.get('persistent_keepalive', True):
 PersistentKeepalive=30
+% endif
--- a/bundles/wireguard/items.py
+++ b/bundles/wireguard/items.py
@ -27,6 +27,7 @@ for peer, config in sorted(node.metadata.get('wireguard/peers', {}).items()):
            'privatekey': node.metadata.get('wireguard/privatekey'),
            'psk': config['psk'],
            'pubkey': config['pubkey'],
+            'specials': repo.libs.s2s.WG_AUTOGEN_SETTINGS.get(peer, {}),
        },
        'needs': deps,
        'triggers': {
--- a/libs/s2s.py
+++ b/libs/s2s.py
@ -20,6 +20,13 @@ WG_AUTOGEN_NODES = [
    'daisy',
 ]

+WG_AUTOGEN_SETTINGS = {
+    # special settings to apply when peering with a specific node
+    'home.router': {
+        'persistent_keepalive': False,
+    },
+}
+
 def get_subnet_for_connection(repo, peer_a, peer_b):
    assert peer_a in WG_AUTOGEN_NODES
    assert peer_b in WG_AUTOGEN_NODES