Forge Home


Installs and manages the yggdrasil daemon.


333 latest version

4.7 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.2.1 (latest)
  • 0.1.0 (deleted)
released Feb 2nd 2022
This version is compatible with:
  • Puppet Enterprise 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet >= 6.21.0 < 8.0.0
  • , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'semaphore-yggdrasil', '0.2.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add semaphore-yggdrasil
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install semaphore-yggdrasil --version 0.2.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



semaphore/yggdrasil — version 0.2.1 Feb 2nd 2022


This module installs and configures the linux client for Yggdrasil. Yggdrasil is an implementation of a routed end-to-end encrypted IPv6 network. Node can be connected with multicast on the same network. Nodes can also tcp or tls connctions over existing ipv4 or ipv6 networks.

Table of Contents

  1. Description
  2. Setup - The basics of getting started with yggdrasil
  3. Usage - Configuration options and additional functionality
  4. Limitations - OS compatibility, etc.
  5. Development - Guide for contributing to the module


Briefly tell users why they might want to use your module. Explain what your module does and what kind of problems users can solve with it.

This should be a fairly short description helps the user decide if your module is what they want.


What yggdrasil affects OPTIONAL

If the yggdrasil::allowedpublickeys is empty, any yggdrasil host can connect, potentially joining your node to a larger network, or exposing your network to unknown traffic.

If you advertise the routes for 300::/7, any host accepting this route will gain access to your network.

Setup Requirements OPTIONAL

This module requires stdlib and augeas.

Beginning with yggdrasil

The easiest way to get started is to simply include the module. The node will find other peers on the same network via multicast. Nodes across wider networks can be linked with the listen and peers directive.

include yggdrasil

This hiera lets hosts with two keys connect, and will try to establish connections with two peers.

  - tls://
  - tls://
  - tls://
  - 0000124fbc54ed7f4be2733b6f7676ef87e46bab9adccbbfe4f3d99c5a56a75e
  - 0012010278a0599e06bee81ec46ca44646bf2c30d5037b7d50ec81ae195cf546


Another example is to add additional information to the node on the network:

  hostname: "%{::fqdn}"
  puppetversion: "%{::puppetversion}"
  ipv4: "%{::networking.ip}"


This module is documented with puppet strings.


The facts can not be loaded while the daemon is down or is still establishing a connection. It's suggested to add a fair caching lifetime to these facts. The ip address will remain the same as long as the key is not regenerated.

Advertising routes for the the 300/7 network or soliciting them is out of scope of this module.


The github repo is mirrored from my personal repo. Please file an issue on github if you discover anything.