cdist-type__wiregurad_peer(7)

NAME

cdist-type__wiregurad_peer - Add an authorized peer to a wireguard interface.

DESCRIPTION

This type configures a peer to be authorized on a wireguard interface. The ${__object_id} is used to differentiate the cdist-type__block(7) where each peer is defined. See wg(8) for details on the options.

Note that this type requires a configuration file named after the iface parameter to add and remove the peers from. The recommended way to accomplish this is to call cdist-type__wireguard(7), and set it as a requirement for calls to this type adding peers to that interface.

Currently, this type is only implemented for Alpine Linux.

REQUIRED PARAMETERS

iface

The name of the wireguard interface to add the peer to.

public-key

The peer’s public key.

OPTIONAL PARAMETERS

endpoint

The endpoint for this peer.

persistent-keepalive

Send a keepalive packet every n seconds, expects an integer.

preshared-key

A pre-shared symmetric key. Used for “post-quantum resistance”.

state

Directly passed on the cdist-type__block(7), to enable removing a user.

OPTIONAL MULTIPLE PARAMETERS

allowed-ip

A comma-separated list of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.

SEE ALSO

wg(8), wg-quick(8), cdist-type__wireguard(7), cdist-type__block(7)

AUTHORS

Joachim Desroches <joachim.desroches@epfl.ch>

COPYING

Copyright (C) 2020 Joachim Desroches. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.