modules/ipsec/templates/ipsec.secrets-10-puppet-peers.secrets.erb

   1 ##
   2 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
   3 ##
   4
   5 <%=
   6
   7 lines = []
   8
   9 config = YAML.load(@ipsec_config)
  10
  11 unless config.keys.include?(@fqdn) then
  12         fail("Host #{@fqdn} not found in ipsec config.")
  13 end
  14
  15 config.keys.each do |host|
  16         next if @fqdn == host
  17
  18         pair = [@fqdn, host]
  19         pair.sort!
  20         connname = pair.join('-')
  21         key = scope.function_hkdf(['/etc/puppet/secret', "puppet-key-ipsec:PSK:tor:#{connname}"])
  22
  23         lines << "#{config[pair[0]]['address']} #{config[pair[1]]['address']} : PSK \"#{key}\""
  24 end
  25 lines.join("\n")
  26
  27 %>