cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
mwiegand 2021-10-10 15:02:15 +02:00
parent d87c77b441
commit 7c72fbb044
6 changed files with 24 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
bin/wireguard_client_config
View file

@ -14,7 +14,7 @@ sortable_client_routes = [
ip_interface(server_node.metadata.get('network/internal/ipv4')).network, ip_interface(server_node.metadata.get('network/internal/ipv4')).network,
] ]
for peer in server_node.metadata.get('wireguard/s2s').values(): for peer in server_node.metadata.get('wireguard/s2s').values():
for network in peer.get('route'): for network in peer['allowed_ips']:
sortable_client_routes.append(ip_network(network)) sortable_client_routes.append(ip_network(network))
client_routes = [ client_routes = [
@ -25,14 +25,14 @@ client_routes = [
print( print(
f'''[Interface] f'''[Interface]
PrivateKey = {repo.libs.wireguard.privkey(data['id'])} PrivateKey = {repo.libs.wireguard.privkey(data['peer_id'])}
ListenPort = 51820 ListenPort = 51820
Address = {data['ip']} Address = {data['peer_ip']}
DNS = 8.8.8.8 DNS = 8.8.8.8
[Peer] [Peer]
PublicKey = {repo.libs.wireguard.pubkey(server_node.metadata.get('id'))} PublicKey = {repo.libs.wireguard.pubkey(server_node.metadata.get('id'))}
PresharedKey = {repo.libs.wireguard.psk(data['id'], server_node.metadata.get('id'))} PresharedKey = {repo.libs.wireguard.psk(data['peer_id'], server_node.metadata.get('id'))}
AllowedIPs = {', '.join(str(client_route) for client_route in client_routes)} AllowedIPs = {', '.join(str(client_route) for client_route in client_routes)}
Endpoint = {ip_interface(server_node.metadata.get('network/external/ipv4')).ip}:51820 Endpoint = {ip_interface(server_node.metadata.get('network/external/ipv4')).ip}:51820
PersistentKeepalive = 10''' PersistentKeepalive = 10'''

25
bundles/wireguard/metadata.py
View file

@ -32,10 +32,10 @@ def s2s_peer_specific(metadata):
'wireguard': { 'wireguard': {
's2s': { 's2s': {
s2s: { s2s: {
'id': repo.get_node(s2s).metadata.get(f'id'), 'peer_id': repo.get_node(s2s).metadata.get(f'id'),
'ip': repo.get_node(s2s).metadata.get(f'wireguard/my_ip'), 'peer_ip': repo.get_node(s2s).metadata.get(f'wireguard/my_ip'),
'endpoint': f'{repo.get_node(s2s).hostname}:51820', 'endpoint': f'{repo.get_node(s2s).hostname}:51820',
'route': [ 'allowed_ips': [
str(ip_interface(repo.get_node(s2s).metadata.get(f'wireguard/my_ip')).network), str(ip_interface(repo.get_node(s2s).metadata.get(f'wireguard/my_ip')).network),
], ],
} }
@ -53,10 +53,10 @@ def client_peer_specific(metadata):
'wireguard': { 'wireguard': {
'clients': { 'clients': {
client: { client: {
'id': client, 'peer_id': client,
'route': [ 'allowed_ips': [
str(ip_interface(conf['ip']).network), str(ip_interface(conf['peer_ip']).network),
] ],
} }
for client, conf in metadata.get('wireguard/clients').items() for client, conf in metadata.get('wireguard/clients').items()
}, },
@ -83,7 +83,7 @@ def systemd_networkd_networks(metadata):
} }
for peer, config in metadata.get('wireguard/s2s').items(): for peer, config in metadata.get('wireguard/s2s').items():
for route in config.get('route', []): for route in config.get('allowed_ips', []):
network.update({ network.update({
f'Route#{peer}_{route}': { f'Route#{peer}_{route}': {
'Destination': route, 'Destination': route,
@ -122,12 +122,9 @@ def systemd_networkd_netdevs(metadata):
}.items(): }.items():
netdev.update({ netdev.update({
f'WireGuardPeer#{peer}': { f'WireGuardPeer#{peer}': {
'PublicKey': repo.libs.wireguard.pubkey(config['id']), 'PublicKey': repo.libs.wireguard.pubkey(config['peer_id']),
'PresharedKey': repo.libs.wireguard.psk(config['id'], metadata.get('id')), 'PresharedKey': repo.libs.wireguard.psk(config['peer_id'], metadata.get('id')),
'AllowedIPs': ', '.join([ 'AllowedIPs': ', '.join(config.get('allowed_ips', [])),
# '172.30.0.0/24', # FIXME
*config.get('route', []),
]), # FIXME
'PersistentKeepalive': 30, 'PersistentKeepalive': 30,
} }
}) })

2
nodes/home.server.py
View file

@ -61,7 +61,7 @@
'my_ip': '172.30.0.2/32', 'my_ip': '172.30.0.2/32',
's2s': { 's2s': {
'htz.mails': { 'htz.mails': {
'route': [ 'allowed_ips': [
'10.0.10.0/24', '10.0.10.0/24',
'10.0.11.0/24', '10.0.11.0/24',
'10.0.20.0/24', '10.0.20.0/24',

12
nodes/htz.mails.py
View file

@ -143,32 +143,32 @@
'my_ip': '172.30.0.1/24', 'my_ip': '172.30.0.1/24',
's2s': { 's2s': {
'home.server': { 'home.server': {
'route': [ 'allowed_ips': [
'10.0.0.0/24', '10.0.0.0/24',
'10.0.2.0/24', '10.0.2.0/24',
'10.0.9.0/24', '10.0.9.0/24',
], ],
}, },
'netcup.secondary': { 'netcup.secondary': {
'route': [ 'allowed_ips': [
'10.0.11.0/24', '10.0.11.0/24',
], ],
}, },
'wb.offsite-backups': { 'wb.offsite-backups': {
'route': [ 'allowed_ips': [
'192.168.178.0/24', '192.168.178.0/24',
], ],
}, },
}, },
'clients': { 'clients': {
'macbook': { 'macbook': {
'ip': '172.30.0.100/32', 'peer_ip': '172.30.0.100/32',
}, },
'phone': { 'phone': {
'ip': '172.30.0.101/32', 'peer_ip': '172.30.0.101/32',
}, },
'ipad': { 'ipad': {
'ip': '172.30.0.102/32', 'peer_ip': '172.30.0.102/32',
}, },
}, },
}, },

2
nodes/netcup.secondary.py
View file

@ -34,7 +34,7 @@
'my_ip': '172.30.0.3/32', 'my_ip': '172.30.0.3/32',
's2s': { 's2s': {
'htz.mails': { 'htz.mails': {
'route': [ 'allowed_ips': [
'10.0.0.0/24', '10.0.0.0/24',
'10.0.2.0/24', '10.0.2.0/24',
'10.0.9.0/24', '10.0.9.0/24',

2
nodes/wb.offsite-backups.py
View file

@ -25,7 +25,7 @@
'my_ip': '172.30.0.4/32', 'my_ip': '172.30.0.4/32',
's2s': { 's2s': {
'htz.mails': { 'htz.mails': {
'route': [ 'allowed_ips': [
'10.0.0.0/24', '10.0.0.0/24',
'10.0.2.0/24', '10.0.2.0/24',
'10.0.9.0/24', '10.0.9.0/24',