From 1e39b64a3600646730305117224fa9603b8a35ad Mon Sep 17 00:00:00 2001
From: mwiegand <mwiegand@seibert-media.net>
Date: Fri, 25 Jun 2021 02:21:08 +0200
Subject: [PATCH] wip

---
 bundles/wireguard/metadata.py | 80 +++++++----------------------------
 libs/keys.py                  |  2 +-
 2 files changed, 16 insertions(+), 66 deletions(-)

diff --git a/bundles/wireguard/metadata.py b/bundles/wireguard/metadata.py
index bf1efb5..8a7d345 100644
--- a/bundles/wireguard/metadata.py
+++ b/bundles/wireguard/metadata.py
@@ -11,7 +11,7 @@ defaults = {
         },
     },
     'wireguard': {
-        'privatekey': repo.libs.keys.gen_privkey(repo, f'{node.name} wireguard privatekey'),
+        'privatekey': repo.vault.random_bytes_as_base64_for(f'{node.name} wireguard privatekey'),
     },
 }
 
@@ -85,74 +85,24 @@ def systemd_networkd_netdevs(metadata):
 @metadata_reactor.provides(
     'wireguard/peers',
 )
-def peer_psks(metadata):
+def peer_keys(metadata):
     peers = {}
 
     for peer_name in metadata.get('wireguard/peers', {}):
-        peers[peer_name] = {}
-
-        if node.name < peer_name:
-            peers[peer_name] = {
-                'psk': repo.vault.random_bytes_as_base64_for(f'{node.name} wireguard {peer_name}'),
-            }
-        else:
-            peers[peer_name] = {
-                'psk': repo.vault.random_bytes_as_base64_for(f'{peer_name} wireguard {node.name}'),
-            }
-
-    return {
-        'wireguard': {
-            'peers': peers,
-        },
-    }
-
-
-@metadata_reactor.provides(
-    'wireguard/peers',
-)
-def peer_pubkeys(metadata):
-    peers = {}
-
-    for peer_name in metadata.get('wireguard/peers', {}):
-        try:
-            rnode = repo.get_node(peer_name)
-        except NoSuchNode:
-            continue
-
+        peer_node = repo.get_node(peer_name)
+        
+        first, second = sorted([node.name, peer_name])
+        psk = repo.vault.random_bytes_as_base64_for(f'{first} wireguard {second}')
+        
+        pubkey = repo.libs.keys.get_pubkey_from_privkey(
+            f'{peer_name} wireguard pubkey',
+            peer_node.metadata.get('wireguard/privatekey'),
+        )
+        
         peers[peer_name] = {
-            'pubkey': repo.libs.keys.get_pubkey_from_privkey(
-                repo,
-                f'{rnode.name} wireguard pubkey',
-                rnode.metadata.get('wireguard/privatekey'),
-            ),
-        }
-
-    return {
-        'wireguard': {
-            'peers': peers,
-        },
-    }
-
-
-@metadata_reactor.provides(
-    'wireguard/peers',
-)
-def peer_ips_and_endpoints(metadata):
-    peers = {}
-
-    for peer_name in metadata.get('wireguard/peers', {}):
-        try:
-            rnode = repo.get_node(peer_name)
-        except NoSuchNode:
-            continue
-
-        ips = rnode.metadata.get('wireguard/subnets', set())
-        ips.add(rnode.metadata.get('wireguard/my_ip').split('/')[0])
-        ips = repo.libs.tools.remove_more_specific_subnets(ips)
-
-        peers[rnode.name] = {
-            'endpoint': '{}:51820'.format(rnode.metadata.get('wireguard/external_hostname', rnode.hostname)),
-            'ips': ips,
+            'psk': psk,
+            'pubkey': pubkey,
+            'endpoint': f'{peer_node.hostname}:51820',
         }
 
     return {
diff --git a/libs/keys.py b/libs/keys.py
index 1565fee..427a85f 100644
--- a/libs/keys.py
+++ b/libs/keys.py
@@ -6,7 +6,7 @@ from bundlewrap.utils import Fault
 def gen_privkey(repo, identifier):
     return repo.vault.random_bytes_as_base64_for(identifier)
 
-def get_pubkey_from_privkey(repo, identifier, privkey):
+def get_pubkey_from_privkey(identifier, privkey):
     # FIXME this assumes the privkey is always a base64 encoded string
     def derive_pubkey():
         pub_key = PrivateKey(base64.b64decode(str(privkey))).public_key