Mercurial > code > home > repos > infra
comparison wireguard.py @ 259:e45e93a797b0
wg updates
| author | drewp@bigasterisk.com |
|---|---|
| date | Fri, 26 Jan 2024 12:55:27 -0800 |
| parents | db8787bd800e |
| children | 705698800bfb |
comparison
equal
deleted
inserted
replaced
| 258:66fd20ab0454 | 259:e45e93a797b0 |
|---|---|
| 1 import subprocess | 1 import subprocess |
| 2 | 2 |
| 3 from pyinfra import host | 3 from pyinfra import host |
| 4 from pyinfra.facts.files import FindInFile | 4 from pyinfra.facts.files import FindInFile |
| 5 from pyinfra.operations import apt, files, server, systemd | 5 from pyinfra.operations import files, systemd |
| 6 | |
| 6 import wireguard_pubkey | 7 import wireguard_pubkey |
| 7 | 8 |
| 8 # other options: | 9 # other options: |
| 9 # https://www.reddit.com/r/WireGuard/comments/fkr240/shortest_path_between_peers/ | 10 # https://www.reddit.com/r/WireGuard/comments/fkr240/shortest_path_between_peers/ |
| 10 # https://github.com/k4yt3x/wireguard-mesh-configurator | 11 # https://github.com/k4yt3x/wireguard-mesh-configurator |
| 35 for wireguard_interface in ['wg0', 'bogasterisk']: | 36 for wireguard_interface in ['wg0', 'bogasterisk']: |
| 36 if wireguard_interface == 'bogasterisk' and host.name != 'prime': | 37 if wireguard_interface == 'bogasterisk' and host.name != 'prime': |
| 37 continue | 38 continue |
| 38 | 39 |
| 39 # note- this is specific to the wg0 setup. Other conf files don't use it. | 40 # note- this is specific to the wg0 setup. Other conf files don't use it. |
| 40 wireguard_ip = host.host_data['wireguard_address'] | 41 wireguard_ip = host.host_data.get('wireguard_address') |
| 42 if wireguard_interface == 'wg0' and wireguard_ip is None: | |
| 43 continue | |
| 41 | 44 |
| 42 # new pi may fail with 'Unable to access interface: Protocol not supported'. reboot fixes. | 45 # new pi may fail with 'Unable to access interface: Protocol not supported'. reboot fixes. |
| 43 | 46 |
| 44 priv_key_lines = host.get_fact(FindInFile, path=f'/etc/wireguard/{wireguard_interface}.conf', pattern=r'PrivateKey.*') | 47 priv_key_lines = host.get_fact(FindInFile, path=f'/etc/wireguard/{wireguard_interface}.conf', pattern=r'PrivateKey.*') |
| 45 if not priv_key_lines: | 48 if not priv_key_lines: |
| 64 files.template(src='templates/wireguard/wg.service.j2', | 67 files.template(src='templates/wireguard/wg.service.j2', |
| 65 dest=f'/etc/systemd/system/{svc}', | 68 dest=f'/etc/systemd/system/{svc}', |
| 66 wireguard_interface=wireguard_interface) | 69 wireguard_interface=wireguard_interface) |
| 67 systemd.service(service=f'{svc}', enabled=True, restarted=True, daemon_reload=True) | 70 systemd.service(service=f'{svc}', enabled=True, restarted=True, daemon_reload=True) |
| 68 | 71 |
| 69 # files.link(path=f'/etc/systemd/system/multi-user.target.wants/{svc}', target='/lib/systemd/system/wg-quick@.service') | |
| 70 | |
| 71 systemd.service(service=svc, daemon_reload=True, restarted=True, enabled=True) | 72 systemd.service(service=svc, daemon_reload=True, restarted=True, enabled=True) |
| 72 | 73 |
| 73 # if host.name == 'bang': | 74 # if host.name == 'bang': |
| 74 # systemd.service(service=f'dnsmasq_10.5', enabled=True, restarted=True, daemon_reload=True) | 75 # systemd.service(service=f'dnsmasq_10.5', enabled=True, restarted=True, daemon_reload=True) |