cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
mwiegand 2021-06-25 02:21:08 +02:00
parent c9297d2b37
commit 1e39b64a36
2 changed files with 16 additions and 66 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

80
bundles/wireguard/metadata.py
View file

@ -11,7 +11,7 @@ defaults = {
}, },
}, },
'wireguard': { 'wireguard': {
'privatekey': repo.libs.keys.gen_privkey(repo, f'{node.name} wireguard privatekey'), 'privatekey': repo.vault.random_bytes_as_base64_for(f'{node.name} wireguard privatekey'),
}, },
} }
@ -85,74 +85,24 @@ def systemd_networkd_netdevs(metadata):
@metadata_reactor.provides( @metadata_reactor.provides(
'wireguard/peers', 'wireguard/peers',
) )
def peer_psks(metadata): def peer_keys(metadata):
peers = {} peers = {}
for peer_name in metadata.get('wireguard/peers', {}): for peer_name in metadata.get('wireguard/peers', {}):
peers[peer_name] = {} peer_node = repo.get_node(peer_name)
if node.name < peer_name: first, second = sorted([node.name, peer_name])
peers[peer_name] = { psk = repo.vault.random_bytes_as_base64_for(f'{first} wireguard {second}')
'psk': repo.vault.random_bytes_as_base64_for(f'{node.name} wireguard {peer_name}'),
} pubkey = repo.libs.keys.get_pubkey_from_privkey(
else: f'{peer_name} wireguard pubkey',
peers[peer_name] = { peer_node.metadata.get('wireguard/privatekey'),
'psk': repo.vault.random_bytes_as_base64_for(f'{peer_name} wireguard {node.name}'), )
}
return {
'wireguard': {
'peers': peers,
},
}
@metadata_reactor.provides(
'wireguard/peers',
)
def peer_pubkeys(metadata):
peers = {}
for peer_name in metadata.get('wireguard/peers', {}):
try:
rnode = repo.get_node(peer_name)
except NoSuchNode:
continue
peers[peer_name] = { peers[peer_name] = {
'pubkey': repo.libs.keys.get_pubkey_from_privkey( 'psk': psk,
repo, 'pubkey': pubkey,
f'{rnode.name} wireguard pubkey', 'endpoint': f'{peer_node.hostname}:51820',
rnode.metadata.get('wireguard/privatekey'),
),
}
return {
'wireguard': {
'peers': peers,
},
}
@metadata_reactor.provides(
'wireguard/peers',
)
def peer_ips_and_endpoints(metadata):
peers = {}
for peer_name in metadata.get('wireguard/peers', {}):
try:
rnode = repo.get_node(peer_name)
except NoSuchNode:
continue
ips = rnode.metadata.get('wireguard/subnets', set())
ips.add(rnode.metadata.get('wireguard/my_ip').split('/')[0])
ips = repo.libs.tools.remove_more_specific_subnets(ips)
peers[rnode.name] = {
'endpoint': '{}:51820'.format(rnode.metadata.get('wireguard/external_hostname', rnode.hostname)),
'ips': ips,
} }
return { return {

2
libs/keys.py
View file

@ -6,7 +6,7 @@ from bundlewrap.utils import Fault
def gen_privkey(repo, identifier): def gen_privkey(repo, identifier):
return repo.vault.random_bytes_as_base64_for(identifier) return repo.vault.random_bytes_as_base64_for(identifier)
def get_pubkey_from_privkey(repo, identifier, privkey): def get_pubkey_from_privkey(identifier, privkey):
# FIXME this assumes the privkey is always a base64 encoded string # FIXME this assumes the privkey is always a base64 encoded string
def derive_pubkey(): def derive_pubkey():
pub_key = PrivateKey(base64.b64decode(str(privkey))).public_key pub_key = PrivateKey(base64.b64decode(str(privkey))).public_key