MEschenbacher's Wireguard Saltstack Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

wireguard.py 4.8KB

6 년 전
6 년 전
6 년 전
6 년 전
6 년 전
6 년 전
6 년 전
6 년 전
6 년 전
6 년 전
6 년 전
6 년 전
6 년 전
6 년 전
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138
  1. __virtualname__ = 'wg'
  2. def __virtual__():
  3. if 'wg.show' in __salt__:
  4. return __virtualname__
  5. return False
  6. def present(name, listen_port=None, fwmark=None, private_key=None):
  7. """
  8. Make sure a wireguard interface exists.
  9. """
  10. ret = dict(name=name, changes=dict(), result=False, comment=None)
  11. show = __salt__['wg.show'](name, hide_keys=False)
  12. if not show:
  13. __salt__['wg.create'](name)
  14. ret['changes'][name] = 'Interface created.'
  15. show = __salt__['wg.show'](name, hide_keys=False)
  16. if listen_port and int(show.get('listening port', 0)) != int(listen_port):
  17. __salt__['wg.set'](name, listen_port=listen_port)
  18. ret['changes']['listening port'] = dict(
  19. old=show.get('listening port', 0),
  20. new=listen_port,
  21. )
  22. if show.get('fwmark', None) != fwmark:
  23. __salt__['wg.set'](name, fwmark=fwmark)
  24. ret['changes']['fwmark'] = dict(
  25. old=show.get('fwmark', None),
  26. new=fwmark,
  27. )
  28. if private_key == 'auto':
  29. private_key = show.get('private key')
  30. if private_key is None:
  31. private_key = __salt__['wg.genkey']()
  32. ret['changes']['private key'] = 'private key generated.'
  33. if show.get('private key') != private_key:
  34. __salt__['wg.set'](name, private_key=private_key)
  35. ret['changes']['private key'] = 'private key changed.'
  36. ret['result'] = True
  37. return ret
  38. def absent(name):
  39. """
  40. Make sure a wireguard interface is absent.
  41. """
  42. ret = dict(name=name, changes=dict(), result=False, comment=None)
  43. interface = __salt__['wg.show'](name)
  44. if not interface:
  45. ret['comment'] = 'Interface %s already absent.' % (name,)
  46. ret['result'] = True
  47. return ret
  48. __salt__['wg.delete'](name)
  49. ret['changes'][name] = dict(old=name, new=None)
  50. ret['result'] = True
  51. return ret
  52. def peer_present(name, interface, endpoint=None, persistent_keepalive=None,
  53. allowed_ips=None, preshared_key=None):
  54. ret = dict(name=name, changes=dict(), result=False, comment=None)
  55. show = __salt__['wg.show'](interface, hide_keys=False)
  56. if not show:
  57. ret['comment'] = 'Interface %s does not exist.' % (interface)
  58. return ret
  59. show = __salt__['wg.show'](name=interface, peer=name, hide_keys=False)
  60. if not show:
  61. __salt__['wg.set'](interface, peer=name, endpoint=endpoint,
  62. persistent_keepalive=persistent_keepalive,
  63. allowed_ips=','.join(allowed_ips), preshared_key=preshared_key)
  64. ret['changes'][name] = 'Peer created.'
  65. ret['result'] = True
  66. return ret
  67. if endpoint and show.get('endpoint', '') != endpoint:
  68. __salt__['wg.set'](interface, peer=name, endpoint=endpoint)
  69. updated_show = __salt__['wg.show'](name=interface, peer=name)
  70. if updated_show.get('endpoint') != show.get('endpoint'):
  71. ret['changes']['endpoint'] = dict(
  72. old=show.get('endpoint'), new=updated_show.get('endpoint'))
  73. if persistent_keepalive and not show.get('persistent keepalive', '').startswith('every %s second' % (persistent_keepalive,)):
  74. __salt__['wg.set'](interface, peer=name,
  75. persistent_keepalive=persistent_keepalive)
  76. ret['changes']['persistent keepalive'] = 'persistent keepalive changed.'
  77. elif not persistent_keepalive and show.get('persistent keepalive'):
  78. __salt__['wg.set'](interface, peer=name, persistent_keepalive=0)
  79. ret['changes']['persistent keepalive'] = 'persistent keepalive removed.'
  80. if sorted(show.get('allowed ips')) != sorted(allowed_ips):
  81. __salt__['wg.set'](interface, peer=name, allowed_ips=','.join(allowed_ips))
  82. ret['changes']['allowed ips'] = dict(new=allowed_ips, old=show.get('allowed ips'))
  83. if preshared_key and show.get('preshared key') != preshared_key:
  84. __salt__['wg.set'](interface, peer=name, preshared_key=preshared_key)
  85. ret['changes']['preshared key'] = 'preshared key changed.'
  86. elif show.get('preshared key') and not preshared_key:
  87. __salt__['wg.set'](interface, peer=name, preshared_key='')
  88. ret['changes']['preshared key'] = 'preshared key deleted.'
  89. ret['result'] = True
  90. return ret
  91. def peer_absent(name, interface):
  92. ret = dict(name=name, changes=dict(), result=False, comment=None)
  93. show = __salt__['wg.show'](interface)
  94. if not show:
  95. ret['comment'] = 'Interface %s does not exist.' % (interface)
  96. return ret
  97. show = __salt__['wg.show'](name=interface, peer=name)
  98. if not show:
  99. ret['comment'] = 'Peer %s already absent.' % (name)
  100. ret['result'] = True
  101. return ret
  102. __salt__['wg.set'](interface, peer=name, remove=True)
  103. ret['changes'][name] = dict(old=name, new=None)
  104. ret['result'] = True
  105. return ret