cronekorkn/bundlewrap
1
0
Fork 0
Code Issues Pull requests 8 Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
mwiegand 2021-06-25 01:13:48 +02:00
parent a08b24dca5
commit f0a9074dcb
6 changed files with 91 additions and 113 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
bundles/systemd-networkd/items.py
View file

@ -32,6 +32,21 @@ for interface, config in node.metadata['interfaces'].items():
}, },
} }
for type, path in {
'networks': '/etc/systemd/network/{}.network',
'netdevs': '/etc/systemd/network/{}.netdev',
}.items():
for name, config in node.metadata.get(f'systemd-networkd/{type}').items():
files[path.format(name)] = {
'content': repo.libs.systemd.generate_unitfile(config),
'needed_by': {
'svc_systemd:systemd-networkd',
},
'triggers': {
'svc_systemd:systemd-networkd:restart',
},
}
svc_systemd = { svc_systemd = {
'systemd-networkd': {}, 'systemd-networkd': {},
} }

24
bundles/systemd-networkd/metadata.py
View file

@ -6,24 +6,8 @@ defaults = {
}, },
}, },
}, },
'systemd-networkd': {
'netdevs': {},
'networks': {},
},
} }
@metadata_reactor.provides(
'interfaces',
)
def add_vlan_infos_to_interface(metadata):
interfaces = {}
for iface in metadata.get('interfaces', {}):
if not '.' in iface:
continue
interface,vlan = iface.split('.')
interfaces.setdefault(interface, {}).setdefault('vlans', set())
interfaces[interface]['vlans'].add(vlan)
return {
'interfaces': interfaces,
}

26
bundles/wireguard/files/wg0.netdev
View file

@ -1,26 +0,0 @@
[NetDev]
Name=wg0
Kind=wireguard
Description=WireGuard server
[WireGuard]
PrivateKey=${privatekey}
ListenPort=51820
% for peer, config in sorted(peers.items()):
# Peer ${peer}
[WireGuardPeer]
PublicKey=${config['pubkey']}
AllowedIPs=0.0.0.0/0
% if len(peers) == 1: # FIXME
#AllowedIPs=${network}
% else:
#AllowedIPs=${','.join(sorted(config['ips']))}
% endif
PresharedKey=${config['psk']}
% if 'endpoint' in config:
Endpoint=${config['endpoint']}
% endif
PersistentKeepalive=30
% endfor

18
bundles/wireguard/items.py
View file

@ -1,21 +1,3 @@
from ipaddress import ip_network from ipaddress import ip_network
repo.libs.tools.require_bundle(node, 'systemd-networkd') repo.libs.tools.require_bundle(node, 'systemd-networkd')
network = ip_network(node.metadata['wireguard']['my_ip'], strict=False)
files = {
'/etc/systemd/network/wg0.netdev': {
'content_type': 'mako',
'context': {
'network': f'{network.network_address}/{network.prefixlen}',
**node.metadata['wireguard'],
},
'needs': {
'pkg_apt:wireguard',
},
'triggers': {
'svc_systemd:systemd-networkd:restart',
},
},
}

110
bundles/wireguard/metadata.py
View file

@ -1,4 +1,4 @@
from ipaddress import ip_network from ipaddress import ip_network, ip_interface
from bundlewrap.exceptions import NoSuchNode from bundlewrap.exceptions import NoSuchNode
from bundlewrap.metadata import atomic from bundlewrap.metadata import atomic
@ -16,6 +16,70 @@ defaults = {
} }
@metadata_reactor.provides(
'systemd-networkd/networks',
)
def systemd_networkd_networks(metadata):
return {
'systemd-networkd': {
'networks': {
'wg0': {
'Match': {
'Name': 'wg0',
},
'Address': {
'Address': metadata.get('wireguard/my_ip'),
},
'Route': {
'Destination': str(ip_interface(metadata.get('wireguard/my_ip')).network),
'GatewayOnlink': 'yes',
},
'Network': {
'DHCP': 'no',
'IPv6AcceptRA': 'no',
},
},
},
},
}
@metadata_reactor.provides(
'systemd-networkd/netdevs',
)
def systemd_networkd_netdevs(metadata):
wg0 = {
'NetDev': {
'Name': 'wg0',
'Kind': 'wireguard',
'Description': 'WireGuard server',
},
'WireGuard': {
'PrivateKey': metadata.get('wireguard/privatekey'),
'ListenPort': 51820,
},
}
for name, config in metadata.get('wireguard/peers').items():
wg0.update({
f'WireGuardPeer#{name}': {
'Endpoint': config['endpoint'],
'PublicKey': config['pubkey'],
'PresharedKey': config['psk'],
'AllowedIPs': '0.0.0.0/0', # FIXME
'PersistentKeepalive': 30,
}
})
return {
'systemd-networkd': {
'netdevs': {
'wg0': wg0,
},
},
}
@metadata_reactor.provides( @metadata_reactor.provides(
'wireguard/peers', 'wireguard/peers',
) )
@ -94,47 +158,3 @@ def peer_ips_and_endpoints(metadata):
'peers': peers, 'peers': peers,
}, },
} }
@metadata_reactor.provides(
'interfaces/wg0/ips',
)
def interface_ips(metadata):
return {
'interfaces': {
'wg0': {
'ips': {
metadata.get('wireguard/my_ip'),
},
},
},
}
@metadata_reactor.provides(
'interfaces/wg0/routes',
)
def routes(metadata):
network = ip_network(metadata.get('wireguard/my_ip'), strict=False)
ips = {
f'{network.network_address}/{network.prefixlen}',
}
routes = {}
for _, peer_config in metadata.get('wireguard/peers', {}).items():
for ip in peer_config['ips']:
ips.add(ip)
if '0.0.0.0/0' in ips:
ips.remove('0.0.0.0/0')
for ip in repo.libs.tools.remove_more_specific_subnets(ips):
routes[ip] = {}
return {
'interfaces': {
'wg0': {
'routes': routes,
},
},
}

11
libs/systemd.py
View file

@ -1,9 +1,12 @@
from mako.template import Template from mako.template import Template
template = ''' template = '''
% for i, (segment, options) in enumerate(data.items()): % for segment, options in data.items():
[${segment}] % if '#' in segment:
# ${segment.split('#', 2)[1]}
% endif
[${segment.split('#')[0]}]
% for option, value in options.items(): % for option, value in options.items():
% if isinstance(value, dict): % if isinstance(value, dict):
% for k, v in value.items(): % for k, v in value.items():
@ -13,8 +16,8 @@ ${option}=${k}=${v}
% for item in sorted(value): % for item in sorted(value):
${option}=${item} ${option}=${item}
% endfor % endfor
% elif isinstance(value, str): % else:
${option}=${value} ${option}=${str(value)}
% endif % endif
% endfor % endfor
% endfor % endfor