cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
mwiegand 2021-10-10 01:35:12 +02:00
parent 7c3c1cabf5
commit cbaded9f8a
3 changed files with 11 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
bin/wireguard_client_config
View file

@ -8,7 +8,6 @@ from ipaddress import ip_network, ip_interface
repo = Repository(dirname(dirname(realpath(__file__)))) repo = Repository(dirname(dirname(realpath(__file__))))
server_node = repo.get_node('htz.mails') server_node = repo.get_node('htz.mails')
server_pubkey = repo.libs.wireguard.pubkey(server_node.metadata.get('id'))
data = server_node.metadata.get(f'wireguard/clients/{argv[1]}') data = server_node.metadata.get(f'wireguard/clients/{argv[1]}')
sortable_client_routes = [ sortable_client_routes = [
@ -26,14 +25,14 @@ client_routes = [
print( print(
f'''[Interface] f'''[Interface]
PrivateKey = {data['privkey']} PrivateKey = {repo.libs.wireguard.privkey(data['id'])}
ListenPort = 51820 ListenPort = 51820
Address = {data['ip']} Address = {data['ip']}
DNS = 8.8.8.8 DNS = 8.8.8.8
[Peer] [Peer]
PublicKey = {server_pubkey} PublicKey = {repo.libs.wireguard.pubkey(server_node.metadata.get('id'))}
PresharedKey = {data['psk']} PresharedKey = {repo.libs.wireguard.psk(data['id'], server_node.metadata.get('id'))}
AllowedIPs = {', '.join(str(client_route) for client_route in client_routes)} AllowedIPs = {', '.join(str(client_route) for client_route in client_routes)}
Endpoint = {ip_interface(server_node.metadata.get('network/external/ipv4')).ip}:51820 Endpoint = {ip_interface(server_node.metadata.get('network/external/ipv4')).ip}:51820
PersistentKeepalive = 10''' PersistentKeepalive = 10'''

2
bundles/wireguard/items.py
View file

@ -1,3 +1 @@
from ipaddress import ip_network
repo.libs.tools.require_bundle(node, 'systemd-networkd') repo.libs.tools.require_bundle(node, 'systemd-networkd')

47
bundles/wireguard/metadata.py
View file

@ -5,6 +5,7 @@ from bundlewrap.metadata import atomic
repo.libs.wireguard.repo = repo repo.libs.wireguard.repo = repo
defaults = { defaults = {
'apt': { 'apt': {
'packages': { 'packages': {
@ -20,20 +21,13 @@ defaults = {
}, },
}, },
}, },
'wireguard': {
'peers': {},
'clients': {},
},
} }
@metadata_reactor.provides(
'wireguard/privkey',
)
def privkey(metadata):
return {
'wireguard': {
'privkey': repo.libs.wireguard.privkey(metadata.get('id')),
}
}
@metadata_reactor.provides( @metadata_reactor.provides(
'wireguard/peers', 'wireguard/peers',
) )
@ -43,10 +37,8 @@ def s2s_peer_specific(metadata):
'peers': { 'peers': {
peer: { peer: {
'id': repo.get_node(peer).metadata.get(f'id'), 'id': repo.get_node(peer).metadata.get(f'id'),
'privkey': repo.get_node(peer).metadata.get(f'wireguard/privkey'),
'ip': repo.get_node(peer).metadata.get(f'wireguard/my_ip'), 'ip': repo.get_node(peer).metadata.get(f'wireguard/my_ip'),
'endpoint': f'{repo.get_node(peer).hostname}:51820', 'endpoint': f'{repo.get_node(peer).hostname}:51820',
} }
for peer in metadata.get('wireguard/peers') for peer in metadata.get('wireguard/peers')
}, },
@ -63,7 +55,6 @@ def client_peer_specific(metadata):
'clients': { 'clients': {
client: { client: {
'id': client, 'id': client,
'privkey': repo.libs.wireguard.privkey(client),
} }
for client in metadata.get('wireguard/clients') for client in metadata.get('wireguard/clients')
}, },
@ -71,28 +62,6 @@ def client_peer_specific(metadata):
} }
@metadata_reactor.provides(
'wireguard/peers',
'wireguard/clients',
)
def common_peer_data(metadata):
peers = {
'peers': {},
'clients': {},
}
for peer_type in peers:
for peer_name, peer_data in metadata.get(f'wireguard/{peer_type}', {}).items():
peers[peer_type][peer_name] = {
'psk': repo.libs.wireguard.psk(node.metadata.get('id'), peer_data['id']),
'pubkey': repo.libs.wireguard.pubkey(peer_data['id']),
}
return {
'wireguard': peers,
}
@metadata_reactor.provides( @metadata_reactor.provides(
'systemd/units', 'systemd/units',
) )
@ -150,7 +119,7 @@ def systemd_networkd_netdevs(metadata):
'Description': 'WireGuard server', 'Description': 'WireGuard server',
}, },
'WireGuard': { 'WireGuard': {
'PrivateKey': metadata.get('wireguard/privkey'), 'PrivateKey': repo.libs.wireguard.privkey(metadata.get('id')),
'ListenPort': 51820, 'ListenPort': 51820,
}, },
} }
@ -161,8 +130,8 @@ def systemd_networkd_netdevs(metadata):
}.items(): }.items():
netdev.update({ netdev.update({
f'WireGuardPeer#{peer}': { f'WireGuardPeer#{peer}': {
'PublicKey': config['pubkey'], 'PublicKey': repo.libs.wireguard.pubkey(config['id']),
'PresharedKey': config['psk'], 'PresharedKey': repo.libs.wireguard.psk(config['id'], metadata.get('id')),
'AllowedIPs': ', '.join([ 'AllowedIPs': ', '.join([
str(ip_interface(config['ip']).ip), str(ip_interface(config['ip']).ip),
*config.get('route', []), *config.get('route', []),