from ipaddress import ip_network repo.libs.tools.require_bundle(node, 'systemd-networkd') files = { '/usr/local/share/icinga/plugins/check_wireguard_connected': { 'mode': '0755', }, } deps = set() if node.has_bundle('apt'): deps.add('pkg_apt:wireguard') for peer, config in sorted(node.metadata.get('wireguard/peers', {}).items()): files[f'/etc/systemd/network/wg_{config["iface"]}.netdev'] = { 'content_type': 'mako', 'source': 'wg.netdev', 'owner': 'systemd-network', 'mode': '0600', 'context': { 'endpoint': config.get('endpoint'), 'iface': config['iface'], 'peer': peer, 'port': config['my_port'], 'privatekey': node.metadata.get('wireguard/privatekey'), 'psk': config['psk'], 'pubkey': config['pubkey'], }, 'needs': deps, 'triggers': { 'svc_systemd:systemd-networkd:restart', }, } files['/usr/local/bin/wg_health_check'] = { 'content_type': 'mako', 'context': { 'peers': node.metadata.get('wireguard/health_checks'), }, 'mode': '0755', } if node.has_bundle('pppd'): files['/etc/ppp/ip-up.d/reconnect-wireguard'] = { 'source': 'pppd-ip-up', 'content_type': 'mako', 'mode': '0755', }