diff --git a/REFERENCE.md b/REFERENCE.md
index cbca8c1..ee84fdf 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -33,6 +33,7 @@ manages the wireguard package
The following parameters are available in the `wireguard` class:
+* [`config_directory_group`](#-wireguard--config_directory_group)
* [`manage_package`](#-wireguard--manage_package)
* [`package_name`](#-wireguard--package_name)
* [`package_ensure`](#-wireguard--package_ensure)
@@ -41,6 +42,12 @@ The following parameters are available in the `wireguard` class:
* [`interfaces`](#-wireguard--interfaces)
* [`default_allowlist`](#-wireguard--default_allowlist)
+##### `config_directory_group`
+
+Data type: `String`
+
+specify the group on `$config_directory`
+
##### `manage_package`
Data type: `Boolean`
diff --git a/data/common.yaml b/data/common.yaml
new file mode 100644
index 0000000..d5881d7
--- /dev/null
+++ b/data/common.yaml
@@ -0,0 +1,3 @@
+---
+
+wireguard::config_directory_group: 'systemd-network'
diff --git a/data/os/RedHat.yaml b/data/os/RedHat.yaml
new file mode 100644
index 0000000..a257e53
--- /dev/null
+++ b/data/os/RedHat.yaml
@@ -0,0 +1,3 @@
+---
+
+wireguard::config_directory_group: 'root'
diff --git a/hiera.yaml b/hiera.yaml
new file mode 100644
index 0000000..658105e
--- /dev/null
+++ b/hiera.yaml
@@ -0,0 +1,13 @@
+---
+version: 5
+
+defaults: # Used for any hierarchy level that omits these keys.
+ datadir: data # This path is relative to hiera.yaml's directory.
+ data_hash: yaml_data # Use the built-in YAML backend.
+
+hierarchy:
+ - name: "osfamily"
+ paths:
+ - "os/%{facts.os.family}.yaml"
+ - name: 'common'
+ path: 'common.yaml'
diff --git a/manifests/init.pp b/manifests/init.pp
index 35033ab..9ec9b0a 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,6 +1,7 @@
#
# @summary manages the wireguard package
#
+# @param config_directory_group specify the group on `$config_directory`
# @param manage_package if the package should be managed or not
# @param package_name the name of the package
# @param package_ensure the ensure state of the package
@@ -12,6 +13,7 @@
# @author Tim Meusel
#
class wireguard (
+ String $config_directory_group,
Boolean $manage_package = true,
String[1] $package_name = 'wireguard-tools',
Enum['installed', 'latest', 'absent'] $package_ensure = 'installed',
@@ -40,7 +42,7 @@
ensure => $_file_ensure,
owner => 'root',
mode => '0750',
- group => 'systemd-network',
+ group => $config_directory_group,
* => $options,
}
diff --git a/manifests/interface.pp b/manifests/interface.pp
index 0e85133..29600d7 100644
--- a/manifests/interface.pp
+++ b/manifests/interface.pp
@@ -270,7 +270,7 @@
ensure => 'file',
content => $private_key,
owner => 'root',
- group => 'systemd-network',
+ group => $wireguard::config_directory_group,
mode => '0640',
notify => Exec["generate public key ${interface}"],
}
@@ -287,7 +287,7 @@
file { $private_key_path:
ensure => 'file',
owner => 'root',
- group => 'systemd-network',
+ group => $wireguard::config_directory_group,
mode => '0640',
}
}
@@ -303,7 +303,7 @@
ensure => 'file',
owner => 'root',
group => 'root',
- mode => '0600',
+ mode => '0644',
require => Exec["generate public key ${interface}"],
}
diff --git a/manifests/provider/systemd.pp b/manifests/provider/systemd.pp
index ad2f714..1baf31b 100644
--- a/manifests/provider/systemd.pp
+++ b/manifests/provider/systemd.pp
@@ -38,7 +38,7 @@
owner => 'root',
group => 'systemd-network',
mode => '0440',
- require => File["/etc/wireguard/${interface}"],
+ require => File["${wireguard::config_directory}/${interface}"],
}
$network_epp_params = {
diff --git a/manifests/provider/wgquick.pp b/manifests/provider/wgquick.pp
index b302c53..7603178 100644
--- a/manifests/provider/wgquick.pp
+++ b/manifests/provider/wgquick.pp
@@ -32,10 +32,11 @@
'default_allowlist' => $default_allowlist,
}
- file { "/etc/wireguard/${interface}.conf":
+ file { "${wireguard::config_directory}/${interface}.conf":
ensure => $ensure,
content => epp("${module_name}/wireguard_conf.epp", $params),
owner => 'root',
- mode => '0600',
+ group => $wireguard::config_directory_group,
+ mode => '0640',
}
}
diff --git a/metadata.json b/metadata.json
index b179d64..4eec499 100644
--- a/metadata.json
+++ b/metadata.json
@@ -44,6 +44,12 @@
"11",
"12"
]
+ },
+ {
+ "operatingsystem": "RedHat",
+ "operatingsystemrelease": [
+ "9"
+ ]
}
],
"requirements": [