cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
mwiegand 2021-10-09 21:50:22 +02:00
parent 811a3caf98
commit 3eee733daf
3 changed files with 89 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

89
bundles/wireguard/metadata.py
View file

@ -48,12 +48,15 @@ def systemd_networkd_networks(metadata):
}, },
} }
for peer, config in metadata.get('wireguard/peers').items(): for peer, config in {
**metadata.get('wireguard/peers'),
**metadata.get('wireguard/clients'),
}.items():
for route in config.get('route', []): for route in config.get('route', []):
network.update({ network.update({
f'Route#{peer}_{route}': { f'Route#{peer}_{route}': {
'Destination': route, 'Destination': route,
'Gateway': str(ip_interface(repo.get_node(peer).metadata.get(f'wireguard/my_ip')).ip), 'Gateway': str(ip_interface(config['ip']).ip),
'GatewayOnlink': 'yes', 'GatewayOnlink': 'yes',
'PreferredSource': str(ip_interface(metadata.get('network/internal/ipv4')).ip), 'PreferredSource': str(ip_interface(metadata.get('network/internal/ipv4')).ip),
} }
@ -84,19 +87,23 @@ def systemd_networkd_netdevs(metadata):
}, },
} }
for peer, config in metadata.get('wireguard/peers').items(): for peer, config in {
**metadata.get('wireguard/peers'),
**metadata.get('wireguard/clients'),
}.items():
netdev.update({ netdev.update({
f'WireGuardPeer#{peer}': { f'WireGuardPeer#{peer}': {
'Endpoint': config['endpoint'],
'PublicKey': config['pubkey'], 'PublicKey': config['pubkey'],
'PresharedKey': config['psk'], 'PresharedKey': config['psk'],
'AllowedIPs': ', '.join([ 'AllowedIPs': ', '.join([
str(ip_interface(repo.get_node(peer).metadata.get(f'wireguard/my_ip')).ip), str(ip_interface(config['ip']).ip),
*config.get('route', []), *config.get('route', []),
]), # FIXME ]), # FIXME
'PersistentKeepalive': 30, 'PersistentKeepalive': 30,
} }
}) })
if config.get('endpoint'):
netdev[f'WireGuardPeer#{peer}']['Endpoint'] = config['endpoint']
return { return {
'systemd': { 'systemd': {
@ -110,28 +117,58 @@ def systemd_networkd_netdevs(metadata):
@metadata_reactor.provides( @metadata_reactor.provides(
'wireguard/peers', 'wireguard/peers',
) )
def peer_keys(metadata): def s2s_peer_specific(metadata):
peers = {}
for peer_name in metadata.get('wireguard/peers', {}):
peer_node = repo.get_node(peer_name)
first, second = sorted([node.metadata.get('id'), peer_node.metadata.get('id')])
psk = repo.vault.random_bytes_as_base64_for(f'{first} wireguard {second}')
pubkey = repo.libs.keys.get_pubkey_from_privkey(
f'{peer_name} wireguard pubkey',
peer_node.metadata.get('wireguard/privatekey'),
)
peers[peer_name] = {
'psk': psk,
'pubkey': pubkey,
'endpoint': f'{peer_node.hostname}:51820',
}
return { return {
'wireguard': { 'wireguard': {
'peers': peers, 'peers': {
peer: {
'id': repo.get_node(peer).metadata.get(f'id'),
'privkey': repo.get_node(peer).metadata.get(f'wireguard/privatekey'),
'ip': repo.get_node(peer).metadata.get(f'wireguard/my_ip'),
'endpoint': f'{repo.get_node(peer).hostname}:51820',
}
for peer in metadata.get('wireguard/peers')
},
}, },
} }
@metadata_reactor.provides(
'wireguard/clients',
)
def client_peer_specific(metadata):
return {
'wireguard': {
'clients': {
client: {
'id': client,
'privkey': repo.vault.random_bytes_as_base64_for(f'{client} wireguard privatekey'),
}
for client in metadata.get('wireguard/clients')
},
},
}
@metadata_reactor.provides(
'wireguard/peers',
)
def common_peer_data(metadata):
peers = {
'peers': {},
'clients': {},
}
for peer_type in peers:
for peer_name, peer_data in metadata.get(f'wireguard/{peer_type}', {}).items():
first, second = sorted([node.metadata.get('id'), peer_data['id']])
peers[peer_type][peer_name] = {
'psk': repo.vault.random_bytes_as_base64_for(f'{first} wireguard {second}'),
'pubkey': repo.libs.keys.get_pubkey_from_privkey(f'{peer_name} wireguard pubkey', peer_data['privkey']),
}
return {
'wireguard': peers,
}

15
libs/wireguard.py Normal file
View file

@ -0,0 +1,15 @@
connections = {}
def get_connection(node, other_node):
global connections
node_id, other_node_id = node.metadata.get('id'), other_node.metadata.get('id')
sorted_ids = tuple(sorted([node_id, other_node_id]))
if sorted_ids not in connections:
connections[sorted_ids] = {
'pubkey': node.repo.libs.keys.get_pubkey_from_privkey(f'{other_node_id} wireguard pubkey', other_node.metadata.get('wireguard/privatekey')),
'psk': node.repo.vault.random_bytes_as_base64_for(f"{sorted_ids[0]} wireguard {sorted_ids[1]}"),
}
return connections[sorted_ids]

11
nodes/htz.mails.py
View file

@ -160,6 +160,17 @@
], ],
}, },
}, },
'clients': {
'macbook': {
'ip': '172.30.0.100/24',
},
'phone': {
'ip': '172.30.0.101/24',
},
'ipad': {
'ip': '172.30.0.102/24',
},
},
}, },
'zfs': { 'zfs': {
'pools': { 'pools': {