Merge pull request #73 from sebastianrakel/feature/mtu-wgquick

Add mtu to wg-quick
voxpupuli · Jan 22, 2023 · 3f4690f · 3f4690f
2 parents 2a1a333 + 62acb59
commit 3f4690f
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 0 deletions.
diff --git a/manifests/interface.pp b/manifests/interface.pp
@@ -236,6 +236,7 @@
         postup_cmds   => $postup_cmds,
         predown_cmds  => $predown_cmds,
         postdown_cmds => $postdown_cmds,
+        mtu           => $mtu,
       }
     }
     default: {

diff --git a/manifests/provider/wgquick.pp b/manifests/provider/wgquick.pp
@@ -12,12 +12,14 @@
   Array[String[1]] $postup_cmds = [],
   Array[String[1]] $predown_cmds = [],
   Array[String[1]] $postdown_cmds = [],
+  Optional[Integer[1280, 9000]] $mtu = undef,
 ) {
   assert_private()
   $params = {
     'interface'     => $interface,
     'dport'         => $dport,
     'firewall_mark' => $firewall_mark,
+    'mtu'           => $mtu,
     'peers'         => $peers,
     'addresses'     => $addresses,
     'preup_cmds'    => $preup_cmds,

diff --git a/spec/defines/interface_spec.rb b/spec/defines/interface_spec.rb
@@ -424,6 +424,32 @@ class {"systemd":
         it { is_expected.not_to contain_ferm__rule("allow_wg_#{title}") }
       end
 
+      context 'wgquick with mtu and without firewall' do
+        let :params do
+          {
+            public_key: 'blabla==',
+            endpoint: 'wireguard.example.com:1234',
+            manage_firewall: false,
+            destination_addresses: [facts[:networking]['ip'],],
+            provider: 'wgquick',
+            addresses: [{ 'Address' => '192.168.218.87/32' }],
+            mtu: 1280,
+          }
+        end
+
+        it { is_expected.to compile.with_all_deps }
+        it { is_expected.to contain_class('wireguard') }
+        it { is_expected.to contain_exec("generate private key #{title}") }
+        it { is_expected.to contain_exec("generate public key #{title}") }
+        it { is_expected.to contain_file("/etc/wireguard/#{title}.pub") }
+        it { is_expected.to contain_file("/etc/wireguard/#{title}") }
+        it { is_expected.to contain_file("/etc/wireguard/#{title}.conf") }
+        it { is_expected.to contain_file("/etc/wireguard/#{title}.conf").with_content(%r{[Interface]}) } # rubocop:disable Lint/DuplicateRegexpCharacterClassElement
+        it { is_expected.to contain_file("/etc/wireguard/#{title}.conf").with_content(%r{Address=192.168.218.87/32}) }
+        it { is_expected.to contain_file("/etc/wireguard/#{title}.conf").with_content(%r{MTU=1280}) }
+        it { is_expected.not_to contain_ferm__rule("allow_wg_#{title}") }
+      end
+
       context 'with required params and firewall mark and without firewall rules' do
         let :params do
           {

diff --git a/templates/wireguard_conf.epp b/templates/wireguard_conf.epp
@@ -8,6 +8,7 @@
     Array[String[1]] $postup_cmds,
     Array[String[1]] $predown_cmds,
     Array[String[1]] $postdown_cmds,
+    Optional[Integer[1280, 9000]] $mtu = undef,
 | -%>
 # THIS FILE IS MANAGED BY PUPPET
 <% $addresses.each |$address| { -%>
@@ -34,6 +35,9 @@ PreDown=<%= $cmd %>
 <% $postdown_cmds.each |$cmd| { -%>
 PostDown=<%= $cmd %>
 <% } -%>
+<% if $mtu { -%>
+MTU=<%= $mtu %>
+<% } -%>
 
 <% $peers.each |$peer| { -%>