MEschenbacher's Wireguard Saltstack Formula
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.

131 lines
4.4KB

  1. __virtualname__ = 'wg'
  2. def __virtual__():
  3. if 'wg.show' in __salt__:
  4. return __virtualname__
  5. return False
  6. def present(name, listen_port=None, fwmark=None, private_key=None):
  7. """
  8. Make sure a wireguard interface exists.
  9. """
  10. ret = dict(name=name, changes=dict(), result=False, comment=None)
  11. interface = __salt__['wg.show'](name)
  12. if not interface:
  13. interface = __salt__['wg.create'](name)
  14. ret['changes'][name] = 'Interface created.'
  15. show = __salt__['wg.show'](name)
  16. if int(show.get('listening port', 0)) != int(listen_port):
  17. __salt__['wg.set'](name, listen_port=listen_port)
  18. ret['changes']['listening port'] = dict(
  19. old=show.get('listening port', 0),
  20. new=listen_port,
  21. )
  22. if show.get('fwmark', None) != fwmark:
  23. __salt__['wg.set'](name, fwmark=fwmark)
  24. ret['changes']['fwmark'] = dict(
  25. old=show.get('fwmark', None),
  26. new=fwmark,
  27. )
  28. if show.get('private key') != private_key:
  29. __salt__['wg.set'](name, private_key=private_key)
  30. ret['changes']['private key'] = 'private key changed.'
  31. ret['result'] = True
  32. return ret
  33. def absent(name):
  34. """
  35. Make sure a wireguard interface is absent.
  36. """
  37. ret = dict(name=name, changes=dict(), result=False, comment=None)
  38. interface = __salt__['wg.show'](name)
  39. if not interface:
  40. ret['comment'] = 'Interface %s already absent.' % (name,)
  41. ret['result'] = True
  42. return ret
  43. __salt__['wg.delete'](name)
  44. ret['changes'][name] = dict(old=name, new=None)
  45. ret['result'] = True
  46. return ret
  47. def peer_present(name, interface, endpoint=None, persistent_keepalive=None,
  48. allowed_ips=None, preshared_key=None):
  49. ret = dict(name=name, changes=dict(), result=False, comment=None)
  50. show = __salt__['wg.show'](interface)
  51. if not show:
  52. ret['comment'] = 'Interface %s does not exist.' % (interface)
  53. return ret
  54. show = __salt__['wg.show'](name=interface, peer=name)
  55. if not show:
  56. __salt__['wg.set'](interface, peer=name, endpoint=endpoint,
  57. persistent_keepalive=persistent_keepalive,
  58. allowed_ips=','.join(allowed_ips), preshared_key=preshared_key)
  59. ret['changes'][name] = 'Peer created.'
  60. ret['result'] = True
  61. return ret
  62. if show.get('endpoint') and endpoint and show.get('endpoint') != endpoint:
  63. __salt__['wg.set'](interface, peer=name, endpoint=endpoint)
  64. ret['changes']['endpoint'] = dict(
  65. old=show.get('endpoint'), new=endpoint)
  66. if persistent_keepalive and show.get('persistent keepalive', '').startswith('every %s second' % (persistent_keepalive,)):
  67. __salt__['wg.set'](interface, peer=name,
  68. persistent_keepalive=persistent_keepalive)
  69. ret['changes']['persistent keepalive'] = 'persistent keepalive changed.'
  70. elif not persistent_keepalive and show.get('persistent keepalive'):
  71. __salt__['wg.set'](interface, peer=name, persistent_keepalive=0)
  72. ret['changes']['persistent keepalive'] = 'persistent keepalive removed.'
  73. if sorted(show.get('allowed ips')) != sorted(allowed_ips):
  74. __salt__['wg.set'](interface, peer=name, allowed_ips=','.join(allowed_ips))
  75. ret['changes']['allowed ips'] = dict(new=allowed_ips, old=show.get('allowed ips'))
  76. if show.get('preshared key') and preshared_key and show.get('preshared key') != preshared_key:
  77. __salt__['wg.set'](interface, peer=name, preshared_key=preshared_key)
  78. ret['changes']['preshared key'] = 'preshared key changed.'
  79. if show.get('preshared key') and not preshared_key:
  80. __salt__['wg.set'](interface, peer=name, preshared_key='')
  81. ret['changes']['preshared key'] = 'preshared key deleted.'
  82. ret['result'] = True
  83. return ret
  84. def peer_absent(name, interface):
  85. ret = dict(name=name, changes=dict(), result=False, comment=None)
  86. show = __salt__['wg.show'](interface)
  87. if not show:
  88. ret['comment'] = 'Interface %s does not exist.' % (interface)
  89. return ret
  90. show = __salt__['wg.show'](name=interface, peer=name)
  91. if not show:
  92. ret['comment'] = 'Peer %s already absent.' % (name)
  93. ret['result'] = True
  94. return ret
  95. __salt__['wg.set'](interface, peer=name, remove=True)
  96. ret['changes'][name] = dict(old=name, new=None)
  97. ret['result'] = True
  98. return ret