Mercurial > code > home > repos > infra
comparison wireguard.py @ 89:2fddde57231b
no connman to surprisingly rewrite net configs
| author | drewp@bigasterisk.com |
|---|---|
| date | Sun, 10 Jul 2022 19:51:16 -0700 |
| parents | de387eae06cf |
| children | 9b7d7ea79f16 |
comparison
equal
deleted
inserted
replaced
| 88:dae714e8f620 | 89:2fddde57231b |
|---|---|
| 10 # https://github.com/mawalu/wireguard-private-networking | 10 # https://github.com/mawalu/wireguard-private-networking |
| 11 # | 11 # |
| 12 | 12 |
| 13 | 13 |
| 14 def peer_block(hostname, public_key, allowed_ips, endpoint=None, keepalive=None): | 14 def peer_block(hostname, public_key, allowed_ips, endpoint=None, keepalive=None): |
| 15 # if allowed_ips.startswith('10.5'): | |
| 16 # # k3s nets also need to travel over wg | |
| 17 # allowed_ips += ', 10.42.0.0/24, 10.43.0.0/24' | |
| 18 | |
| 15 out = f'''\ | 19 out = f'''\ |
| 16 | 20 |
| 17 [Peer] | 21 [Peer] |
| 18 # {hostname} | 22 # {hostname} |
| 19 PublicKey = {public_key} | 23 PublicKey = {public_key} |
| 31 continue | 35 continue |
| 32 | 36 |
| 33 # note- this is specific to the wg0 setup. Other conf files don't use it. | 37 # note- this is specific to the wg0 setup. Other conf files don't use it. |
| 34 wireguard_ip = host.host_data['wireguard_address'] | 38 wireguard_ip = host.host_data['wireguard_address'] |
| 35 | 39 |
| 36 apt.packages(packages=['wireguard']) | |
| 37 # new pi may fail with 'Unable to access interface: Protocol not supported'. reboot fixes. | 40 # new pi may fail with 'Unable to access interface: Protocol not supported'. reboot fixes. |
| 38 | 41 |
| 39 priv_key_lines = host.get_fact(FindInFile, path=f'/etc/wireguard/{wireguard_interface}.conf', pattern=r'PrivateKey.*') | 42 priv_key_lines = host.get_fact(FindInFile, path=f'/etc/wireguard/{wireguard_interface}.conf', pattern=r'PrivateKey.*') |
| 40 if not priv_key_lines: | 43 if not priv_key_lines: |
| 41 priv_key = subprocess.check_output(['wg', 'genkey']).strip().decode('ascii') | 44 priv_key = subprocess.check_output(['wg', 'genkey']).strip().decode('ascii') |
| 63 # files.link(path=f'/etc/systemd/system/multi-user.target.wants/{svc}', target='/lib/systemd/system/wg-quick@.service') | 66 # files.link(path=f'/etc/systemd/system/multi-user.target.wants/{svc}', target='/lib/systemd/system/wg-quick@.service') |
| 64 | 67 |
| 65 systemd.service(service=svc, daemon_reload=True, restarted=True, enabled=True) | 68 systemd.service(service=svc, daemon_reload=True, restarted=True, enabled=True) |
| 66 | 69 |
| 67 if host.name == 'bang': | 70 if host.name == 'bang': |
| 68 # recompute, or else maybe dnsmasq_10.5 won't start | 71 systemd.service(service=f'dnsmasq_10.5', enabled=True, restarted=True, daemon_reload=True) |
| 69 server.shell("systemctl enable dnsmasq_10.2.service") | |
| 70 server.shell("systemctl enable dnsmasq_10.5.service") | |
| 71 server.shell("systemctl enable wg-quick@wg0.service") |