diff --git a/bin/wireguard_client_config b/bin/wireguard_client_config index 6afd113..3841253 100755 --- a/bin/wireguard_client_config +++ b/bin/wireguard_client_config @@ -8,7 +8,6 @@ from ipaddress import ip_network, ip_interface repo = Repository(dirname(dirname(realpath(__file__)))) server_node = repo.get_node('htz.mails') -server_pubkey = repo.libs.wireguard.pubkey(server_node.metadata.get('id')) data = server_node.metadata.get(f'wireguard/clients/{argv[1]}') sortable_client_routes = [ @@ -26,14 +25,14 @@ client_routes = [ print( f'''[Interface] -PrivateKey = {data['privkey']} +PrivateKey = {repo.libs.wireguard.privkey(data['id'])} ListenPort = 51820 Address = {data['ip']} DNS = 8.8.8.8 [Peer] -PublicKey = {server_pubkey} -PresharedKey = {data['psk']} +PublicKey = {repo.libs.wireguard.pubkey(server_node.metadata.get('id'))} +PresharedKey = {repo.libs.wireguard.psk(data['id'], server_node.metadata.get('id'))} AllowedIPs = {', '.join(str(client_route) for client_route in client_routes)} Endpoint = {ip_interface(server_node.metadata.get('network/external/ipv4')).ip}:51820 PersistentKeepalive = 10''' diff --git a/bundles/wireguard/items.py b/bundles/wireguard/items.py index 609bddc..7de1d37 100644 --- a/bundles/wireguard/items.py +++ b/bundles/wireguard/items.py @@ -1,3 +1 @@ -from ipaddress import ip_network - repo.libs.tools.require_bundle(node, 'systemd-networkd') diff --git a/bundles/wireguard/metadata.py b/bundles/wireguard/metadata.py index 8ea0f9f..181d890 100644 --- a/bundles/wireguard/metadata.py +++ b/bundles/wireguard/metadata.py @@ -5,6 +5,7 @@ from bundlewrap.metadata import atomic repo.libs.wireguard.repo = repo + defaults = { 'apt': { 'packages': { @@ -20,20 +21,13 @@ defaults = { }, }, }, + 'wireguard': { + 'peers': {}, + 'clients': {}, + }, } -@metadata_reactor.provides( - 'wireguard/privkey', -) -def privkey(metadata): - return { - 'wireguard': { - 'privkey': repo.libs.wireguard.privkey(metadata.get('id')), - } - } - - @metadata_reactor.provides( 'wireguard/peers', ) @@ -43,10 +37,8 @@ def s2s_peer_specific(metadata): 'peers': { peer: { 'id': repo.get_node(peer).metadata.get(f'id'), - 'privkey': repo.get_node(peer).metadata.get(f'wireguard/privkey'), 'ip': repo.get_node(peer).metadata.get(f'wireguard/my_ip'), 'endpoint': f'{repo.get_node(peer).hostname}:51820', - } for peer in metadata.get('wireguard/peers') }, @@ -63,7 +55,6 @@ def client_peer_specific(metadata): 'clients': { client: { 'id': client, - 'privkey': repo.libs.wireguard.privkey(client), } for client in metadata.get('wireguard/clients') }, @@ -71,28 +62,6 @@ def client_peer_specific(metadata): } -@metadata_reactor.provides( - 'wireguard/peers', - 'wireguard/clients', -) -def common_peer_data(metadata): - peers = { - 'peers': {}, - 'clients': {}, - } - - for peer_type in peers: - for peer_name, peer_data in metadata.get(f'wireguard/{peer_type}', {}).items(): - peers[peer_type][peer_name] = { - 'psk': repo.libs.wireguard.psk(node.metadata.get('id'), peer_data['id']), - 'pubkey': repo.libs.wireguard.pubkey(peer_data['id']), - } - - return { - 'wireguard': peers, - } - - @metadata_reactor.provides( 'systemd/units', ) @@ -150,7 +119,7 @@ def systemd_networkd_netdevs(metadata): 'Description': 'WireGuard server', }, 'WireGuard': { - 'PrivateKey': metadata.get('wireguard/privkey'), + 'PrivateKey': repo.libs.wireguard.privkey(metadata.get('id')), 'ListenPort': 51820, }, } @@ -161,8 +130,8 @@ def systemd_networkd_netdevs(metadata): }.items(): netdev.update({ f'WireGuardPeer#{peer}': { - 'PublicKey': config['pubkey'], - 'PresharedKey': config['psk'], + 'PublicKey': repo.libs.wireguard.pubkey(config['id']), + 'PresharedKey': repo.libs.wireguard.psk(config['id'], metadata.get('id')), 'AllowedIPs': ', '.join([ str(ip_interface(config['ip']).ip), *config.get('route', []),