From fd90dfe70a2ae8bc4d1d24f8ce8ca90e33e8ae8a Mon Sep 17 00:00:00 2001
From: DasSkelett <git@dasskelett.dev>
Date: Tue, 12 Mar 2024 22:07:00 +0100
Subject: [PATCH] Fix wgkex worker venv permission bug

---
 wgkex/init.sls                         |  7 ++++++-
 wgkex/{wgkex.yaml => wgkex.yaml.jinja} | 14 ++++++++++----
 2 files changed, 16 insertions(+), 5 deletions(-)
 rename wgkex/{wgkex.yaml => wgkex.yaml.jinja} (63%)

diff --git a/wgkex/init.sls b/wgkex/init.sls
index db36229..8c53bb7 100644
--- a/wgkex/init.sls
+++ b/wgkex/init.sls
@@ -15,12 +15,14 @@ python3-virtualenv:
     - rev: main
     - target: /srv/wgkex/wgkex
     - user: wgkex
+    - force_reset: True
 
 /srv/wgkex/wgkex/venv:
   virtualenv.managed:
     - name: /srv/wgkex/wgkex/venv
     - requirements: /srv/wgkex/wgkex/requirements.txt
     - user: wgkex
+    - runas: wgkex  {# workaround for https://github.com/saltstack/salt/issues/59088 #}
 
 /etc/systemd/system/wgkex.service:
   file.managed:
@@ -28,7 +30,8 @@ python3-virtualenv:
 
 /etc/wgkex.yaml:
   file.managed:
-    - source: salt://wgkex/wgkex.yaml
+    - source: salt://wgkex/wgkex.yaml.jinja
+    - template: jinja
 
 wgkex-service:
   service.running:
@@ -36,7 +39,9 @@ wgkex-service:
     - enable: True
     - require:
         - file: /etc/wgkex.yaml
+        - git: /srv/wgkex/wgkex
     - watch:
         - file: /etc/wgkex.yaml
+        - git: /srv/wgkex/wgkex
 
 {% endif %}
diff --git a/wgkex/wgkex.yaml b/wgkex/wgkex.yaml.jinja
similarity index 63%
rename from wgkex/wgkex.yaml
rename to wgkex/wgkex.yaml.jinja
index e0550f6..ffa4539 100644
--- a/wgkex/wgkex.yaml
+++ b/wgkex/wgkex.yaml.jinja
@@ -1,5 +1,6 @@
 ---
 
+# [broker, worker] The domains that should be accepted by clients and for which matching WireGuard interfaces exist
 domains:
   - ffmuc_augsburg
   - ffmuc_freising
@@ -19,6 +20,15 @@ domains:
   - ffdon_sued
   - ffwert_city
   - ffwert_events
+# [broker, worker] The prefix is trimmed from the domain name and replaced with 'wg-' and 'vx-'
+# to calculate the WireGuard and VXLAN interface names
+domain_prefixes:
+  - ffmuc_
+  - ffdon_
+  - ffwert_
+# [worker] The external hostname of this worker
+externalName: {{ grains['id'] | regex_replace('in\.ffmuc\.net','ext.ffmuc.net') }}
+# [broker, worker] MQTT connection informations
 mqtt:
   broker_url: broker.ov.ffmuc.net
   username:
@@ -26,10 +36,6 @@ mqtt:
   tls: False
   broker_port: 1883
   keepalive: 20
-domain_prefixes:
-  - ffmuc_
-  - ffdon_
-  - ffwert_
 logging_config:
   formatters:
     standard: