MEschenbacher's Wireguard Saltstack Formula
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.

146 lines
4.2KB

  1. import yaml
  2. import os
  3. from tempfile import mkstemp
  4. __virtualname__ = 'wg'
  5. def __virtual__():
  6. # do checks for startup
  7. return __virtualname__
  8. def create(name):
  9. """
  10. create a wireguard interface. This will fail if it already exists.
  11. """
  12. __salt__['cmd.run']('ip link add %s type wireguard' % (name,))
  13. return show(name)
  14. def delete(name):
  15. """
  16. delete a interface (not neccessarily a wireguard interface). This will fail
  17. if it does not exist.
  18. """
  19. return __salt__['cmd.run']('ip link del %s' % (name,))
  20. def show(name=None, peer=None, hide_keys=True):
  21. if peer and not name:
  22. return 'If peer is given, name must also be given'
  23. if not name:
  24. return _wg_ifaces(hide_keys=hide_keys)
  25. elif peer:
  26. return _wg_ifaces(hide_keys=hide_keys).get(name).get('peers').get(peer)
  27. else:
  28. return _wg_ifaces(hide_keys=hide_keys).get(name)
  29. def showconf(name):
  30. return __salt__['cmd.run']('wg showconf %s' % (name,))
  31. def set(name, listen_port=None, fwmark=None, private_key=None, peer=None,
  32. preshared_key=None, endpoint=None, persistent_keepalive=None,
  33. allowed_ips=None, remove=False):
  34. s = 'wg set %s' % (name,)
  35. if remove:
  36. if not peer:
  37. return 'If remove is given, peer must also be given'
  38. return __salt__['cmd.run'](
  39. '%s peer %s remove' % (s, peer)
  40. )
  41. if listen_port:
  42. s = '%s listen-port %s' % (s, listen_port)
  43. if fwmark:
  44. s = '%s fwmark %s' % (s, fwmark)
  45. if private_key:
  46. fd, filename = mkstemp(text=True)
  47. with open(filename, 'w') as f:
  48. f.write(private_key)
  49. os.close(fd)
  50. s = '%s private-key %s' % (s, filename)
  51. if peer:
  52. s = '%s peer %s' % (s, peer)
  53. if preshared_key:
  54. if not peer:
  55. return 'If preshared_key is given, peer must also be given'
  56. fd2, filename2 = mkstemp(text=True)
  57. with open(filename2, 'w') as f:
  58. f.write(preshared_key)
  59. os.close(fd2)
  60. s = '%s preshared-key %s' % (s, filename2)
  61. if endpoint:
  62. if not peer:
  63. return 'If endpoint is given, peer must also be given'
  64. s = '%s endpoint %s' % (s, endpoint)
  65. if persistent_keepalive:
  66. if not peer:
  67. return 'If persistent_keepalive is given, peer must also be given'
  68. s = '%s persistent-keepalive %s' % (s, persistent_keepalive)
  69. if allowed_ips:
  70. if not peer:
  71. return 'If allowed_ips is given, peer must also be given'
  72. s = '%s allowed-ips %s' % (s, allowed_ips)
  73. r = __salt__['cmd.run'](s)
  74. if private_key:
  75. os.unlink(filename)
  76. if preshared_key:
  77. os.unlink(filename2)
  78. return r
  79. def remove_peer(name, peer):
  80. return __salt__['cmd.run'](
  81. 'wg set %s peer %s remove' % (name, peer)
  82. )
  83. # def add_peer(name, public_key, allowed_ips=None):
  84. # base = 'wg set %s peer %s' % (name, peer)
  85. #
  86. # return __salt__['cmd.run'](
  87. # )
  88. def genkey():
  89. return __salt__['cmd.run']('wg genkey')
  90. def genpsk():
  91. return __salt__['cmd.run']('wg genpsk')
  92. def setconf(name, path):
  93. return __salt__['cmd.run']('wg setconf %s %s' % (name, path))
  94. def addconf(name, path):
  95. return __salt__['cmd.run']('wg addconf %s %s' % (name, path))
  96. def _wg_ifaces(hide_keys=True):
  97. """
  98. Parse output from 'wg show'
  99. """
  100. # from https://github.com/saltstack/salt/blob/develop/salt/modules/linux_ip.py
  101. tmp = dict()
  102. tmpiface = dict()
  103. ifaces = dict()
  104. out = __salt__['cmd.run']('wg',
  105. env={'WG_HIDE_KEYS': 'always' if hide_keys else 'never'})
  106. for line in out.splitlines():
  107. if line.startswith('interface: '):
  108. k, v = _wg_splitline(line)
  109. ifaces[v] = dict(peers=dict())
  110. tmpiface = ifaces[v]
  111. tmp = tmpiface
  112. elif line.startswith('peer: '):
  113. k, v = _wg_splitline(line)
  114. tmpiface['peers'][v] = dict()
  115. tmp = tmpiface['peers'][v]
  116. elif line == '':
  117. continue
  118. k, v = _wg_splitline(line)
  119. if k == 'allowed ips':
  120. tmp[k] = [ s.strip() for s in v.split(',') ]
  121. else:
  122. tmp[k] = v
  123. return ifaces
  124. def _wg_splitline(line):
  125. parts = line.split(':', 1)
  126. return parts[0].strip(), parts[1].strip()