##
## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
##

<%=

lines = []

config = YAML.load(@ipsec_config)

unless config.keys.include?(@fqdn) then
	fail("Host #{@fqdn} not found in ipsec config.")
end

config.keys.each do |host|
	next if @fqdn == host

	pair = [@fqdn, host]
	pair.sort!
	connname = pair.join('-')
	key = scope.function_hkdf(['/etc/puppet/secret', "puppet-key-ipsec:PSK:tor:#{connname}"])

	lines << "#{config[pair[0]]['address']} #{config[pair[1]]['address']} : PSK \"#{key}\""
end
lines.join("\n")

%>