Add custom sections to systemd network

sallchr · sallchr · commit 0caa7b83ed9f · 2024-07-12T13:21:11.000+02:00
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -187,6 +187,26 @@ wireguard::interface { 'wg0':
 }
 ```
 
+##### Peer with one node, setup dualstack firewall rules and RoutingPolicyRule
+
+```puppet
+wireguard::interface {'as2273':
+  source_addresses => ['2003:4f8:c17:4cf::1', '149.9.255.4'],
+  public_key       => 'BcxLll1BVxGQ5DeijroesjroiesjrjvX+EBhS4vcDn0R0=',
+  endpoint         => 'wg.example.com:53668',
+  addresses        => [{'Address' => '192.168.123.6/30',},{'Address' => 'fe80::beef:1/64'},],
+  sections         => {
+    'RoutingPolicyRule' => [
+      {
+        'From'              => '10.0.0.0/24',
+        'Table'             => '1010',
+        'IncomingInterface' => 'as2273',
+      },
+    ],
+  },
+}
+```
+
 #### Parameters
 
 The following parameters are available in the `wireguard::interface` defined type:
@@ -208,6 +228,7 @@ The following parameters are available in the `wireguard::interface` defined typ
 * [`mtu`](#-wireguard--interface--mtu)
 * [`peers`](#-wireguard--interface--peers)
 * [`routes`](#-wireguard--interface--routes)
+* [`sections`](#-wireguard--interface--sections)
 * [`private_key`](#-wireguard--interface--private_key)
 * [`preshared_key`](#-wireguard--interface--preshared_key)
 * [`provider`](#-wireguard--interface--provider)
@@ -353,6 +374,15 @@ different routes for the systemd-networkd configuration
 
 Default value: `[]`
 
+##### <a name="-wireguard--interface--sections"></a>`sections`
+
+Data type: `Hash`
+
+different sections for the systemd-networkd configuration
+
+Default value: `{}`
+
+
 ##### <a name="-wireguard--interface--private_key"></a>`private_key`
 
 Data type: `Optional[String[1]]`
diff --git a/manifests/provider/systemd.pp b/manifests/provider/systemd.pp
@@ -12,6 +12,7 @@
   Optional[String[1]] $description = undef,
   Optional[Integer[1200, 9000]] $mtu = undef,
   Array[Hash[String[1], Variant[String[1], Boolean]]] $routes = [],
+  Hash $sections = {},
   Array[Stdlib::IP::Address] $default_allowlist = [],
 ) {
   assert_private()
@@ -44,6 +45,7 @@
     'interface'       => $interface,
     'addresses'       => $addresses,
     'routes'          => $routes,
+    'sections'        => $sections,
   }
 
   systemd::network { "${interface}.network":
diff --git a/templates/network.epp b/templates/network.epp
@@ -31,3 +31,11 @@ KeepConfiguration=yes
 <% } -%>
 <% } -%>
 
+<% $sections.each |$section_key, $section_value| { -%>
+<% $section_value.each |$section| { -%>
+[<%= $section_key %>]
+<% $section.each |$key, $value| { -%>
+<%= $key %>=<%= $value %>
+<% } -%>
+<% } -%>
+<% } -%>
