CroneKorkN
730625e36c
every libs/*.py and hooks/*.py now starts with a one-line module docstring; every bin/* script starts with a `# purpose:` header. discovery-by-`ls`-and-read instead of by index. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
59 lines
No EOL
2.1 KiB
Python
Executable file
59 lines
No EOL
2.1 KiB
Python
Executable file
#!/usr/bin/env python3
|
|
# purpose: print or QR-render a WireGuard client config from htz.mails metadata — usage: wireguard-client-config <client>.
|
|
|
|
from bundlewrap.repo import Repository
|
|
from os.path import realpath, dirname
|
|
from sys import argv
|
|
from ipaddress import ip_network, ip_interface
|
|
import argparse
|
|
|
|
|
|
# get info from repo
|
|
repo = Repository(dirname(dirname(realpath(__file__))))
|
|
server_node = repo.get_node('htz.mails')
|
|
available_clients = server_node.metadata.get('wireguard/clients').keys()
|
|
|
|
# parse args
|
|
parser = argparse.ArgumentParser(description='Generate WireGuard client configuration.')
|
|
parser.add_argument('client', choices=available_clients, help='The client name to generate the configuration for.')
|
|
args = parser.parse_args()
|
|
|
|
# get cert
|
|
data = server_node.metadata.get(f'wireguard/clients/{args.client}')
|
|
vpn_network = ip_interface(server_node.metadata.get('wireguard/my_ip')).network
|
|
allowed_ips = [
|
|
vpn_network,
|
|
ip_interface(server_node.metadata.get('network/internal/ipv4')).network,
|
|
]
|
|
for peer in server_node.metadata.get('wireguard/s2s').values():
|
|
for network in peer['allowed_ips']:
|
|
if not ip_network(network).subnet_of(vpn_network):
|
|
allowed_ips.append(ip_network(network))
|
|
|
|
conf = f'''
|
|
[Interface]
|
|
PrivateKey = {repo.libs.wireguard.privkey(data['peer_id'])}
|
|
ListenPort = 51820
|
|
Address = {data['peer_ip']}
|
|
DNS = 172.30.0.1
|
|
|
|
[Peer]
|
|
PublicKey = {repo.libs.wireguard.pubkey(server_node.metadata.get('id'))}
|
|
PresharedKey = {repo.libs.wireguard.psk(data['peer_id'], server_node.metadata.get('id'))}
|
|
AllowedIPs = {', '.join(str(client_route) for client_route in sorted(allowed_ips))}
|
|
Endpoint = {ip_interface(server_node.metadata.get('network/external/ipv4')).ip}:51820
|
|
PersistentKeepalive = 10
|
|
'''
|
|
|
|
answer = input("print config or qrcode? [Cq]: ").strip().upper()
|
|
match answer:
|
|
case '' | 'C':
|
|
print('>>>>>>>>>>>>>>>')
|
|
print(conf)
|
|
print('<<<<<<<<<<<<<<<')
|
|
case 'Q':
|
|
import pyqrcode
|
|
print(pyqrcode.create(conf).terminal(quiet_zone=1))
|
|
case _:
|
|
print(f'Invalid option "{answer}".')
|
|
exit(1) |