diff --git a/REFERENCE.md b/REFERENCE.md
index 6c3971b..f395472 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -112,6 +112,7 @@ The following parameters are available in the `wireguard::interface` defined typ
* [`endpoint`](#endpoint)
* [`addresses`](#addresses)
* [`persistent_keepalive`](#persistent_keepalive)
+* [`description`](#description)
##### `interface`
@@ -191,3 +192,11 @@ is set to 1 or greater, that's the interval in seconds wireguard sends a keepali
Default value: `0`
+##### `description`
+
+Data type: `Optional[String[1]]`
+
+an optional string that will be added to the wireguard network interface
+
+Default value: ``undef``
+
diff --git a/manifests/interface.pp b/manifests/interface.pp
index e7e667e..c17f95b 100644
--- a/manifests/interface.pp
+++ b/manifests/interface.pp
@@ -11,6 +11,7 @@
# @param endpoint fqdn:port or ip:port where we connect to
# @param addresses different addresses for the systemd-networkd configuration
# @param persistent_keepalive is set to 1 or greater, that's the interval in seconds wireguard sends a keepalive to the other peer(s). Useful if the sender is behind a NAT gateway or has a dynamic ip address
+# @param description an optional string that will be added to the wireguard network interface
#
# @author Tim Meusel
#
@@ -51,6 +52,7 @@
Boolean $manage_firewall = true,
Array[Stdlib::IP::Address] $source_addresses = [],
Array[Hash[String,Variant[Stdlib::IP::Address::V4::CIDR,Stdlib::IP::Address::V6::CIDR]]] $addresses = [],
+ Optional[String[1]] $description = undef,
) {
require wireguard
@@ -92,12 +94,15 @@
}
# lint:ignore:strict_indent
$netdev_config = @(EOT)
- <%- | $interface, $dport, $public_key, $endpoint | -%>
+ <%- | $interface, $dport, $public_key, $endpoint, $description | -%>
# THIS FILE IS MANAGED BY PUPPET
# based on https://dn42.dev/howto/wireguard
[NetDev]
Name=<%= $interface %>
Kind=wireguard
+ <% if $description { -%>
+ Description=<%= $description %>
+ <%} -%>
[WireGuard]
PrivateKeyFile=/etc/wireguard/<%= $interface %>
@@ -114,7 +119,7 @@
AllowedIPs=0.0.0.0/0
| EOT
systemd::network { "${interface}.netdev":
- content => inline_epp($netdev_config, { 'interface' => $interface, 'dport' => $dport, 'public_key' => $public_key, 'endpoint' => $endpoint }),
+ content => inline_epp($netdev_config, { 'interface' => $interface, 'dport' => $dport, 'public_key' => $public_key, 'endpoint' => $endpoint, 'description' => $description }),
restart_service => true,
owner => 'root',
group => 'systemd-network',
diff --git a/spec/defines/interface_spec.rb b/spec/defines/interface_spec.rb
index cbd6fd9..6ef67d0 100644
--- a/spec/defines/interface_spec.rb
+++ b/spec/defines/interface_spec.rb
@@ -36,6 +36,7 @@
it { is_expected.to contain_file("/etc/systemd/network/#{title}.netdev").with_content(%r{ListenPort=1234}) }
it { is_expected.to contain_file("/etc/systemd/network/#{title}.netdev").with_content(%r{Endpoint=#{params[:endpoint]}}) }
it { is_expected.to contain_file("/etc/systemd/network/#{title}.network").without_content(%r{Address}) }
+ it { is_expected.to contain_file("/etc/systemd/network/#{title}.network").without_content(%r{Description}) }
it { is_expected.not_to contain_ferm__rule("allow_wg_#{title}") }
end
context 'with required params and with firewall rules' do
@@ -118,6 +119,22 @@ class {"systemd":
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_ferm__rule("allow_wg_#{title}").without_daddr }
end
+ context 'with description' do
+ let :params do
+ {
+ public_key: 'blabla==',
+ endpoint: 'wireguard.example.com:1234',
+ manage_firewall: false,
+ description: 'bla',
+ # we need to set destination_addresses to overwrite the default
+ # that would configure IPv4+IPv6, but GHA doesn't provide IPv6 for us
+ destination_addresses: [facts[:networking]['ip'],],
+ }
+ end
+
+ it { is_expected.to compile.with_all_deps }
+ it { is_expected.to contain_file("/etc/systemd/network/#{title}.netdev").with_content(%r{Description=bla}) }
+ end
end
end
end