salt
/
wireguard-formula
forked from ExternalMirrors/wireguard-formula
Watch 1
Star 0
Fork 0
Code Releases 1 Activity
MEschenbacher's Wireguard Saltstack Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
Tree: 56f8f7c645
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '56f8f7c645'
${ noResults }
wireguard-formula/_modules/wireguard.py

136 lines
3.7KB
Raw Blame History 

  1. import yaml

  2. import os

  3. from tempfile import mkstemp

  4. 

  5. __virtualname__ = 'wg'

  6. 

  7. def __virtual__():

  8.     # do checks for startup

  9.     return __virtualname__

  10. 

  11. def create(name):

  12.     """

  13.     create a wireguard interface. This will fail if it already exists.

  14.     """

  15.     __salt__['cmd.run']('ip link add %s type wireguard' % (name,))

  16.     return show(name)

  17. 

  18. def delete(name):

  19.     """

  20.     delete a wireguard interface. This will fail if it does not exist.

  21.     """

  22.     return __salt__['cmd.run']('ip link del %s type wireguard' % (name,))

  23. 

  24. 

  25. def show(name=None, peer=None):

  26.     if peer and not name:

  27.         return 'If peer is given, name must also be given'

  28.     if not name:

  29.         return _wg_ifaces()

  30.     elif peer:

  31.         return _wg_ifaces().get(name).get('peers').get(peer)

  32.     else:

  33.         return _wg_ifaces().get(name)

  34. 

  35. def showconf(name):

  36.     return __salt__['cmd.run']('wg showconf %s' % (name,))

  37. 

  38. def set(name, listen_port=None, fwmark=None, private_key=None, peer=None,

  39.         preshared_key=None, endpoint=None, persistent_keepalive=None,

  40.         allowed_ips=None, remove=False):

  41.     s = 'wg set %s' % (name,)

  42.     if remove:

  43.         if not peer:

  44.             return 'If remove is given, peer must also be given'

  45.         return __salt__['cmd.run'](

  46.             '%s peer %s remove' % (s, peer)

  47.         )

  48.     if listen_port:

  49.         s = '%s listen-port %s' % (s, listen_port)

  50.     if fwmark:

  51.         s = '%s fwmark %s' % (s, fwmark)

  52.     if private_key:

  53.         fd, filename = mkstemp(text=True)

  54.         with open(filename, 'w') as f:

  55.             f.write(private_key)

  56.         os.close(fd)

  57.         s = '%s private-key %s' % (s, filename)

  58.     if peer:

  59.         s = '%s peer %s' % (s, peer)

  60.     if preshared_key:

  61.         fd2, filename2 = mkstemp(text=True)

  62.         with open(filename2, 'w') as f:

  63.             f.write(preshared_key)

  64.         os.close(fd2)

  65.         s = '%s preshared-key %s' % (s, filename2)

  66.     if endpoint:

  67.         s = '%s endpoint %s' % (s, endpoint)

  68.     if persistent_keepalive:

  69.         s = '%s persistent-keepalive %s' % (s, persistent_keepalive)

  70.     if allowed_ips:

  71.         s = '%s allowed-ips %s' % (s, allowed_ips)

  72. 

  73.     r = __salt__['cmd.run'](s)

  74. 

  75.     if private_key:

  76.         os.unlink(filename)

  77.     if preshared_key:

  78.         os.unlink(filename2)

  79. 

  80.     return r

  81. 

  82. def remove_peer(name, peer):

  83.     return __salt__['cmd.run'](

  84.         'wg set %s peer %s remove' % (name, peer)

  85.     )

  86. 

  87. #  def add_peer(name, public_key, allowed_ips=None):

  88.     #  base = 'wg set %s peer %s' % (name, peer)

  89. #  

  90.     #  return __salt__['cmd.run'](

  91.     #  )

  92. 

  93. def genkey():

  94.     return __salt__['cmd.run']('wg genkey')

  95. 

  96. def genpsk():

  97.     return __salt__['cmd.run']('wg genpsk')

  98. 

  99. def setconf(name, path):

  100.     return __salt__['cmd.run']('wg setconf %s %s' % (name, path))

  101. 

  102. def addconf(name, path):

  103.     return __salt__['cmd.run']('wg addconf %s %s' % (name, path))

  104. 

  105. def _wg_ifaces():

  106.     """

  107.     Parse output from 'wg show'

  108.     """

  109.     # from https://github.com/saltstack/salt/blob/develop/salt/modules/linux_ip.py

  110.     tmp = dict()

  111.     tmpiface = dict()

  112.     ifaces = dict()

  113.     out = __salt__['cmd.run']('wg', env={'WG_HIDE_KEYS': 'never'})

  114.     for line in out.splitlines():

  115.         if line.startswith('interface: '):

  116.             k, v = _wg_splitline(line)

  117.             ifaces[v] = dict(peers=dict())

  118.             tmpiface = ifaces[v]

  119.             tmp = tmpiface

  120.         elif line.startswith('peer: '):

  121.             k, v = _wg_splitline(line)

  122.             tmpiface['peers'][v] = dict()

  123.             tmp = tmpiface['peers'][v]

  124.         elif line == '':

  125.             continue

  126.         k, v = _wg_splitline(line)

  127.         if k == 'allowed ips':

  128.             tmp[k] = [ s.strip() for s in v.split(',') ]

  129.         else:

  130.             tmp[k] = v

  131.     return ifaces

  132. 

  133. def _wg_splitline(line):

  134.     parts = line.split(':', 1)

  135.     return parts[0].strip(), parts[1].strip()