This commit is contained in:
@@ -16,6 +16,7 @@ random = SystemRandom()
|
|||||||
from io import BytesIO
|
from io import BytesIO
|
||||||
import codecs
|
import codecs
|
||||||
|
|
||||||
|
|
||||||
def genPsk() -> str:
|
def genPsk() -> str:
|
||||||
return b64encode(random.randbytes(32)).decode('UTF-8')
|
return b64encode(random.randbytes(32)).decode('UTF-8')
|
||||||
|
|
||||||
@@ -24,12 +25,13 @@ def build_network(input_file: Path = Path('/dev/stdin'), output_folder: Path = P
|
|||||||
with open(input_file) as conf:
|
with open(input_file) as conf:
|
||||||
configuration = toml.load(conf)
|
configuration = toml.load(conf)
|
||||||
|
|
||||||
if 'dns' in configuration:
|
dns = (
|
||||||
dns = tuple(IPAddress(address) for address in configuration['dns'])
|
Maybe.of_nullable(configuration.get('dns'))
|
||||||
else:
|
.map(lambda it: tuple(IPAddress(address) for address in it))
|
||||||
dns = tuple()
|
.or_else_get(tuple)
|
||||||
|
)
|
||||||
|
|
||||||
network_name = Maybe.of_nullable(configuration.get('network_name')).or_else(input_file.stem)
|
network_name = Maybe.of_nullable(configuration.get('interface_name')).or_else(input_file.stem)
|
||||||
network = IPNetwork(configuration['netmask'])
|
network = IPNetwork(configuration['netmask'])
|
||||||
address_it = network.iter_hosts()
|
address_it = network.iter_hosts()
|
||||||
|
|
||||||
@@ -64,11 +66,24 @@ def build_network(input_file: Path = Path('/dev/stdin'), output_folder: Path = P
|
|||||||
|
|
||||||
pre_shared_keys = {(server, peer): genPsk() for peer in peers for server in servers}
|
pre_shared_keys = {(server, peer): genPsk() for peer in peers for server in servers}
|
||||||
|
|
||||||
|
def write_route_add_script(file_obj):
|
||||||
|
text = dedent(f"""\
|
||||||
|
#!/usr/bin/env sh
|
||||||
|
ip route add {network} dev {network_name} proto kernel scope link src {network.first}
|
||||||
|
""")
|
||||||
|
file_obj.write(text)
|
||||||
|
|
||||||
|
def write_route_del_script(file_obj):
|
||||||
|
text = dedent(f"""\
|
||||||
|
#!/usr/bin/env sh
|
||||||
|
ip route del {network} dev {network_name} proto kernel scope link src {network.first}
|
||||||
|
""")
|
||||||
|
file_obj.write(text)
|
||||||
|
|
||||||
def write_server_conf(server, file_obj):
|
def write_server_conf(server, file_obj):
|
||||||
text = dedent(f"""\
|
text = dedent(f"""\
|
||||||
[Interface]
|
[Interface]
|
||||||
Address = {server.address}
|
Address = {server.address}/{network.prefixlen}
|
||||||
ListenPort = {server.port}
|
ListenPort = {server.port}
|
||||||
PrivateKey = {str(server.private_key)}
|
PrivateKey = {str(server.private_key)}
|
||||||
""")
|
""")
|
||||||
@@ -78,7 +93,7 @@ def build_network(input_file: Path = Path('/dev/stdin'), output_folder: Path = P
|
|||||||
|
|
||||||
[Peer]
|
[Peer]
|
||||||
PublicKey = {peer.public_key}
|
PublicKey = {peer.public_key}
|
||||||
AllowedIPs = {peer.allowed_ip}
|
AllowedIPs = {peer.allowed_ip}/32
|
||||||
PresharedKey = {pre_shared_keys[(server, peer)]}
|
PresharedKey = {pre_shared_keys[(server, peer)]}
|
||||||
""")
|
""")
|
||||||
file_obj.write(text)
|
file_obj.write(text)
|
||||||
@@ -89,7 +104,7 @@ def build_network(input_file: Path = Path('/dev/stdin'), output_folder: Path = P
|
|||||||
Address = {peer.allowed_ip}/32
|
Address = {peer.allowed_ip}/32
|
||||||
PrivateKey = {str(peer.private_key)}
|
PrivateKey = {str(peer.private_key)}
|
||||||
""")
|
""")
|
||||||
dns_config = (Maybe.of(dns)
|
dns_config = (dns
|
||||||
.filter(lambda it: len(it) > 0)
|
.filter(lambda it: len(it) > 0)
|
||||||
.map(lambda it: f'DNS = {', '.join((str(addr) for addr in it))}\n')
|
.map(lambda it: f'DNS = {', '.join((str(addr) for addr in it))}\n')
|
||||||
.or_else(''))
|
.or_else(''))
|
||||||
@@ -117,11 +132,33 @@ def build_network(input_file: Path = Path('/dev/stdin'), output_folder: Path = P
|
|||||||
tarinfo.size = bio.tell()
|
tarinfo.size = bio.tell()
|
||||||
bio.seek(0)
|
bio.seek(0)
|
||||||
archive.addfile(tarinfo, bio)
|
archive.addfile(tarinfo, bio)
|
||||||
|
with BytesIO() as bio:
|
||||||
|
writer = codecs.getwriter('utf-8')(bio)
|
||||||
|
write_route_add_script(writer)
|
||||||
|
name = f'/etc/wireguard/{network_name}-add-routes.sh'
|
||||||
|
tarinfo = TarInfo(name)
|
||||||
|
tarinfo.size = bio.tell()
|
||||||
|
tarinfo.mode = 0o544
|
||||||
|
bio.seek(0)
|
||||||
|
archive.addfile(tarinfo, bio)
|
||||||
|
with BytesIO() as bio:
|
||||||
|
writer = codecs.getwriter('utf-8')(bio)
|
||||||
|
write_route_del_script(writer)
|
||||||
|
name = f'/etc/wireguard/{network_name}-del-routes.sh'
|
||||||
|
tarinfo = TarInfo(name)
|
||||||
|
tarinfo.size = bio.tell()
|
||||||
|
tarinfo.mode = 0o544
|
||||||
|
bio.seek(0)
|
||||||
|
archive.addfile(tarinfo, bio)
|
||||||
else:
|
else:
|
||||||
server_folder = output_folder / f'{server.name}'
|
server_folder = output_folder / f'{server.name}'
|
||||||
makedirs(server_folder, exist_ok=True)
|
makedirs(server_folder, exist_ok=True)
|
||||||
with (open(server_folder / f'{network_name}.conf', 'w') as f):
|
with (open(server_folder / f'{network_name}.conf', 'w') as f):
|
||||||
write_server_conf(server, f)
|
write_server_conf(server, f)
|
||||||
|
with (open(server_folder / f'{network_name}-add-routes.sh', 'w') as f):
|
||||||
|
write_route_add_script(f)
|
||||||
|
with (open(server_folder / f'{network_name}-del-routes.sh', 'w') as f):
|
||||||
|
write_route_del_script(f)
|
||||||
|
|
||||||
for peer in peers:
|
for peer in peers:
|
||||||
if archive:
|
if archive:
|
||||||
@@ -139,5 +176,3 @@ def build_network(input_file: Path = Path('/dev/stdin'), output_folder: Path = P
|
|||||||
makedirs(peer_folder, exist_ok=True)
|
makedirs(peer_folder, exist_ok=True)
|
||||||
with (open(peer_folder / f'{network_name}.conf', 'w') as f):
|
with (open(peer_folder / f'{network_name}.conf', 'w') as f):
|
||||||
write_client_conf(peer, f)
|
write_client_conf(peer, f)
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user