cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
mwiegand 2021-10-10 01:35:12 +02:00
parent 7c3c1cabf5
commit cbaded9f8a
3 changed files with 11 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
bin/wireguard_client_config
View file

@ -8,7 +8,6 @@ from ipaddress import ip_network, ip_interface
repo = Repository(dirname(dirname(realpath(__file__))))
server_node = repo.get_node('htz.mails')
server_pubkey = repo.libs.wireguard.pubkey(server_node.metadata.get('id'))
data = server_node.metadata.get(f'wireguard/clients/{argv[1]}')
sortable_client_routes = [
@ -26,14 +25,14 @@ client_routes = [
print(
f'''[Interface]
PrivateKey = {data['privkey']}
PrivateKey = {repo.libs.wireguard.privkey(data['id'])}
ListenPort = 51820
Address = {data['ip']}
DNS = 8.8.8.8
[Peer]
PublicKey = {server_pubkey}
PresharedKey = {data['psk']}
PublicKey = {repo.libs.wireguard.pubkey(server_node.metadata.get('id'))}
PresharedKey = {repo.libs.wireguard.psk(data['id'], server_node.metadata.get('id'))}
AllowedIPs = {', '.join(str(client_route) for client_route in client_routes)}
Endpoint = {ip_interface(server_node.metadata.get('network/external/ipv4')).ip}:51820
PersistentKeepalive = 10'''

2
bundles/wireguard/items.py
View file

@ -1,3 +1 @@
from ipaddress import ip_network
repo.libs.tools.require_bundle(node, 'systemd-networkd')

47
bundles/wireguard/metadata.py
View file

@ -5,6 +5,7 @@ from bundlewrap.metadata import atomic
repo.libs.wireguard.repo = repo
defaults = {
'apt': {
'packages': {
@ -20,20 +21,13 @@ defaults = {
},
},
},
'wireguard': {
'peers': {},
'clients': {},
},
}
@metadata_reactor.provides(
'wireguard/privkey',
)
def privkey(metadata):
return {
'wireguard': {
'privkey': repo.libs.wireguard.privkey(metadata.get('id')),
}
}
@metadata_reactor.provides(
'wireguard/peers',
)
@ -43,10 +37,8 @@ def s2s_peer_specific(metadata):
'peers': {
peer: {
'id': repo.get_node(peer).metadata.get(f'id'),
'privkey': repo.get_node(peer).metadata.get(f'wireguard/privkey'),
'ip': repo.get_node(peer).metadata.get(f'wireguard/my_ip'),
'endpoint': f'{repo.get_node(peer).hostname}:51820',
}
for peer in metadata.get('wireguard/peers')
},
@ -63,7 +55,6 @@ def client_peer_specific(metadata):
'clients': {
client: {
'id': client,
'privkey': repo.libs.wireguard.privkey(client),
}
for client in metadata.get('wireguard/clients')
},
@ -71,28 +62,6 @@ def client_peer_specific(metadata):
}
@metadata_reactor.provides(
'wireguard/peers',
'wireguard/clients',
)
def common_peer_data(metadata):
peers = {
'peers': {},
'clients': {},
}
for peer_type in peers:
for peer_name, peer_data in metadata.get(f'wireguard/{peer_type}', {}).items():
peers[peer_type][peer_name] = {
'psk': repo.libs.wireguard.psk(node.metadata.get('id'), peer_data['id']),
'pubkey': repo.libs.wireguard.pubkey(peer_data['id']),
}
return {
'wireguard': peers,
}
@metadata_reactor.provides(
'systemd/units',
)
@ -150,7 +119,7 @@ def systemd_networkd_netdevs(metadata):
'Description': 'WireGuard server',
},
'WireGuard': {
'PrivateKey': metadata.get('wireguard/privkey'),
'PrivateKey': repo.libs.wireguard.privkey(metadata.get('id')),
'ListenPort': 51820,
},
}
@ -161,8 +130,8 @@ def systemd_networkd_netdevs(metadata):
}.items():
netdev.update({
f'WireGuardPeer#{peer}': {
'PublicKey': config['pubkey'],
'PresharedKey': config['psk'],
'PublicKey': repo.libs.wireguard.pubkey(config['id']),
'PresharedKey': repo.libs.wireguard.psk(config['id'], metadata.get('id')),
'AllowedIPs': ', '.join([
str(ip_interface(config['ip']).ip),
*config.get('route', []),