ExternalMirrors
/
wireguard-formula
mirror of https://github.com/MEschenbacher/wireguard-formula
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 6 Wiki Activity
MEschenbacher's Wireguard Saltstack Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
2 Branches
Tree: 4272b14728
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4272b14728'
${ noResults }
wireguard-formula/_modules/wireguard.py

137 lines
3.8KB
Raw Blame History 

  1. import yaml

  2. import os

  3. from tempfile import mkstemp

  4. 

  5. __virtualname__ = 'wg'

  6. 

  7. def __virtual__():

  8.     # do checks for startup

  9.     return __virtualname__

  10. 

  11. def create(name):

  12.     """

  13.     create a wireguard interface. This will fail if it already exists.

  14.     """

  15.     __salt__['cmd.run']('ip link add %s type wireguard' % (name,))

  16.     return show(name)

  17. 

  18. def delete(name):

  19.     """

  20.     delete a wireguard interface. This will fail if it does not exist.

  21.     """

  22.     return __salt__['cmd.run']('ip link del %s type wireguard' % (name,))

  23. 

  24. 

  25. def show(name=None, peer=None):

  26.     if peer and not name:

  27.         return 'If peer is given, name must also be given'

  28.     if not name:

  29.         return _wg_ifaces()

  30.     elif peer:

  31.         return _wg_ifaces().get(name).get('peers').get(peer)

  32.     else:

  33.         return _wg_ifaces().get(name)

  34. 

  35. def showconf(name, hide_keys=True):

  36.     return __salt__['cmd.run']('wg showconf %s' % (name,),

  37.             env={'WG_HIDE_KEYS': 'always' if hide_keys else 'never'})

  38. 

  39. def set(name, listen_port=None, fwmark=None, private_key=None, peer=None,

  40.         preshared_key=None, endpoint=None, persistent_keepalive=None,

  41.         allowed_ips=None, remove=False):

  42.     s = 'wg set %s' % (name,)

  43.     if remove:

  44.         if not peer:

  45.             return 'If remove is given, peer must also be given'

  46.         return __salt__['cmd.run'](

  47.             '%s peer %s remove' % (s, peer)

  48.         )

  49.     if listen_port:

  50.         s = '%s listen-port %s' % (s, listen_port)

  51.     if fwmark:

  52.         s = '%s fwmark %s' % (s, fwmark)

  53.     if private_key:

  54.         fd, filename = mkstemp(text=True)

  55.         with open(filename, 'w') as f:

  56.             f.write(private_key)

  57.         os.close(fd)

  58.         s = '%s private-key %s' % (s, filename)

  59.     if peer:

  60.         s = '%s peer %s' % (s, peer)

  61.     if preshared_key:

  62.         fd2, filename2 = mkstemp(text=True)

  63.         with open(filename2, 'w') as f:

  64.             f.write(preshared_key)

  65.         os.close(fd2)

  66.         s = '%s preshared-key %s' % (s, filename2)

  67.     if endpoint:

  68.         s = '%s endpoint %s' % (s, endpoint)

  69.     if persistent_keepalive:

  70.         s = '%s persistent-keepalive %s' % (s, persistent_keepalive)

  71.     if allowed_ips:

  72.         s = '%s allowed-ips %s' % (s, allowed_ips)

  73. 

  74.     r = __salt__['cmd.run'](s)

  75. 

  76.     if private_key:

  77.         os.unlink(filename)

  78.     if preshared_key:

  79.         os.unlink(filename2)

  80. 

  81.     return r

  82. 

  83. def remove_peer(name, peer):

  84.     return __salt__['cmd.run'](

  85.         'wg set %s peer %s remove' % (name, peer)

  86.     )

  87. 

  88. #  def add_peer(name, public_key, allowed_ips=None):

  89.     #  base = 'wg set %s peer %s' % (name, peer)

  90. #  

  91.     #  return __salt__['cmd.run'](

  92.     #  )

  93. 

  94. def genkey():

  95.     return __salt__['cmd.run']('wg genkey')

  96. 

  97. def genpsk():

  98.     return __salt__['cmd.run']('wg genpsk')

  99. 

  100. def setconf(name, path):

  101.     return __salt__['cmd.run']('wg setconf %s %s' % (name, path))

  102. 

  103. def addconf(name, path):

  104.     return __salt__['cmd.run']('wg addconf %s %s' % (name, path))

  105. 

  106. def _wg_ifaces():

  107.     """

  108.     Parse output from 'wg show'

  109.     """

  110.     # from https://github.com/saltstack/salt/blob/develop/salt/modules/linux_ip.py

  111.     tmp = dict()

  112.     tmpiface = dict()

  113.     ifaces = dict()

  114.     out = __salt__['cmd.run']('wg', env={'WG_HIDE_KEYS': 'never'})

  115.     for line in out.splitlines():

  116.         if line.startswith('interface: '):

  117.             k, v = _wg_splitline(line)

  118.             ifaces[v] = dict(peers=dict())

  119.             tmpiface = ifaces[v]

  120.             tmp = tmpiface

  121.         elif line.startswith('peer: '):

  122.             k, v = _wg_splitline(line)

  123.             tmpiface['peers'][v] = dict()

  124.             tmp = tmpiface['peers'][v]

  125.         elif line == '':

  126.             continue

  127.         k, v = _wg_splitline(line)

  128.         if k == 'allowed ips':

  129.             tmp[k] = [ s.strip() for s in v.split(',') ]

  130.         else:

  131.             tmp[k] = v

  132.     return ifaces

  133. 

  134. def _wg_splitline(line):

  135.     parts = line.split(':', 1)

  136.     return parts[0].strip(), parts[1].strip()