-
Notifications
You must be signed in to change notification settings - Fork 9
/
pillar.example
64 lines (58 loc) · 2.14 KB
/
pillar.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
wireguard:
interfaces:
wg0:
# The two following keys are non-wireguard options.
# Delete the config file. The interface will also be stopped and disables.
# Defaults to False.
#delete: False
# Start and enable the service. Setting this to false causes the interface
# to be stopped and disabled. Defaults to True.
#enable: True
config:
# see wg(8) and wg-quick(8) for supported keys.
# wg genkey
PrivateKey: private_key_string
# Address accepts a list of addresses or a string. Additionally wg-quick
# will expand comma separated addresses.
Address:
- fe80::1/64
- 10.0.0.1/24
#Address: fe80::1/64, 10.0.0.1/24
ListenPort: 51820
# It is very important to quote off. Jinja expands off without quotes to
# False which will result in 'table' not being set in the config file,
# resulting in defaulting to auto.
Table: 'off'
peers:
- PublicKey: foobar
# AllowedIPs must be a list of strings or a comma separated string
AllowedIPs:
- fe80::2
- 10.0.0.2/32
PresharedKey: secret1
- Publickey: bazbar
AllowedIPs:
- fe80::3
- 10.0.0.3/32
PresharedKey: secret2
# the raw_config key can be used to pass a whole wireguard config in. The
# raw_config key takes precendce before the regular config and peers keys.
# Every other wireguard option in will then be ignored. Make sure to have
# the correct indentation of 4 spaces more than the raw_config key and to
# start with raw_config: |
raw_config: |
[Interface]
Address = fe80::1/64
ListenPort = 51820
PrivateKey = private
Table = off
[Peer]
PublicKey = peer
AllowedIPs = fe80::2
# Internal formula configuration can be overridden using values placed
# in this lookup table. For more variables that can be overridden, see
# defaults.yaml and os*map.yaml
# lookup:
# packages:
# - wireguard-tools
# - wireguard-kmod