salt
/
wireguard-formula
forked from ExternalMirrors/wireguard-formula
Watch 1
Star 0
Fork 0
Code Releases 1 Activity
MEschenbacher's Wireguard Saltstack Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34 Commits
1 Branch
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
wireguard-formula/_modules/wireguard.py

147 lines
4.4KB
Raw Permalink Blame History 

  1. import yaml

  2. import os

  3. from tempfile import mkstemp

  4. 

  5. __virtualname__ = 'wg'

  6. 

  7. def __virtual__():

  8.     # do checks for startup

  9.     return __virtualname__

  10. 

  11. def create(name):

  12.     """

  13.     create a wireguard interface. This will fail if it already exists.

  14.     """

  15.     ifaces = __salt__['network.interfaces']()

  16.     if name not in ifaces.keys():

  17.         __salt__['cmd.run']('ip link add %s type wireguard' % (name,))

  18.         return {name: dict(new=name, old=None)}

  19.     return 'Interface %s already exists' % (name,)

  20. 

  21. def delete(name):

  22.     """

  23.     delete a interface (not neccessarily a wireguard interface). This will fail

  24.     if it does not exist.

  25.     """

  26.     ifaces = __salt__['network.interfaces']()

  27.     if name in ifaces.keys():

  28.         __salt__['cmd.run']('ip link del %s' % (name,))

  29.         return {name: dict(new=None, old=name)}

  30.     return 'Interface %s does not exist' % (name,)

  31. 

  32. 

  33. def show(name=None, peer=None, hide_keys=True):

  34.     if peer and not name:

  35.         return 'If peer is given, name must also be given'

  36.     if not name:

  37.         return _wg_ifaces(hide_keys=hide_keys)

  38.     elif peer:

  39.         return _wg_ifaces(hide_keys=hide_keys).get(name).get('peers').get(peer)

  40.     else:

  41.         return _wg_ifaces(hide_keys=hide_keys).get(name)

  42. 

  43. def showconf(name):

  44.     return __salt__['cmd.run']('wg showconf %s' % (name,))

  45. 

  46. def set(name, listen_port=None, fwmark=None, private_key=None, peer=None,

  47.         preshared_key=None, endpoint=None, persistent_keepalive=None,

  48.         allowed_ips=None, remove=False):

  49.     s = 'wg set %s' % (name,)

  50.     if remove:

  51.         if not peer:

  52.             return 'If remove is given, peer must also be given'

  53.         return __salt__['cmd.run'](

  54.             '%s peer %s remove' % (s, peer)

  55.         )

  56.     if listen_port:

  57.         s = '%s listen-port %s' % (s, listen_port)

  58.     if fwmark:

  59.         s = '%s fwmark %s' % (s, fwmark)

  60.     if private_key:

  61.         fd, filename = mkstemp(text=True)

  62.         with open(filename, 'w') as f:

  63.             f.write(private_key)

  64.         os.close(fd)

  65.         s = '%s private-key %s' % (s, filename)

  66.     if peer:

  67.         s = '%s peer %s' % (s, peer)

  68.     if preshared_key != None:

  69.         if not peer:

  70.             return 'If preshared_key is given, peer must also be given'

  71.         fd2, filename2 = mkstemp(text=True)

  72.         with open(filename2, 'w') as f:

  73.             f.write(preshared_key)

  74.         os.close(fd2)

  75.         s = '%s preshared-key %s' % (s, filename2)

  76.     if endpoint:

  77.         if not peer:

  78.             return 'If endpoint is given, peer must also be given'

  79.         s = '%s endpoint %s' % (s, endpoint)

  80.     if persistent_keepalive is not None:

  81.         if not peer:

  82.             return 'If persistent_keepalive is given, peer must also be given'

  83.         s = '%s persistent-keepalive %s' % (s, persistent_keepalive)

  84.     if allowed_ips:

  85.         if not peer:

  86.             return 'If allowed_ips is given, peer must also be given'

  87.         s = '%s allowed-ips %s' % (s, allowed_ips)

  88. 

  89.     r = __salt__['cmd.run'](s)

  90. 

  91.     if private_key:

  92.         os.unlink(filename)

  93.     if preshared_key:

  94.         os.unlink(filename2)

  95. 

  96.     return r

  97. 

  98. def remove_peer(name, peer):

  99.     return __salt__['cmd.run'](

  100.         'wg set %s peer %s remove' % (name, peer)

  101.     )

  102. 

  103. def genkey():

  104.     return __salt__['cmd.run']('wg genkey')

  105. 

  106. def genpsk():

  107.     return __salt__['cmd.run']('wg genpsk')

  108. 

  109. def setconf(name, path):

  110.     return __salt__['cmd.run']('wg setconf %s %s' % (name, path))

  111. 

  112. def addconf(name, path):

  113.     return __salt__['cmd.run']('wg addconf %s %s' % (name, path))

  114. 

  115. def _wg_ifaces(hide_keys=True):

  116.     """

  117.     Parse output from 'wg show'

  118.     """

  119.     # from https://github.com/saltstack/salt/blob/develop/salt/modules/linux_ip.py

  120.     tmp = dict()

  121.     tmpiface = dict()

  122.     ifaces = dict()

  123.     out = __salt__['cmd.run']('wg show all',

  124.             env={'WG_HIDE_KEYS': 'always' if hide_keys else 'never'})

  125.     for line in out.splitlines():

  126.         if line.startswith('interface: '):

  127.             k, v = _wg_splitline(line)

  128.             ifaces[v] = dict(peers=dict())

  129.             tmpiface = ifaces[v]

  130.             tmp = tmpiface

  131.         elif line.startswith('peer: '):

  132.             k, v = _wg_splitline(line)

  133.             tmpiface['peers'][v] = dict()

  134.             tmp = tmpiface['peers'][v]

  135.         elif line == '':

  136.             continue

  137.         k, v = _wg_splitline(line)

  138.         if k == 'allowed ips':

  139.             tmp[k] = [ s.strip() for s in v.split(',') ]

  140.         else:

  141.             tmp[k] = v

  142.     return ifaces

  143. 

  144. def _wg_splitline(line):

  145.     parts = line.split(':', 1)

  146.     return parts[0].strip(), parts[1].strip()