bundlewrap/bundles/wireguard/items.py

from ipaddress import ip_network

repo.libs.tools.require_bundle(node, 'systemd-networkd')

files = {
    '/usr/local/share/icinga/plugins/check_wireguard_connected': {
        'mode': '0755',
    },
}

deps = set()

if node.has_bundle('apt'):
    deps.add('pkg_apt:wireguard')

for peer, config in sorted(node.metadata.get('wireguard/peers', {}).items()):
    files[f'/etc/systemd/network/wg_{config["iface"]}.netdev'] = {
        'content_type': 'mako',
        'source': 'wg.netdev',
        'owner': 'systemd-network',
        'mode': '0600',
        'context': {
            'endpoint': config.get('endpoint'),
            'iface': config['iface'],
            'peer': peer,
            'port': config['my_port'],
            'privatekey': node.metadata.get('wireguard/privatekey'),
            'psk': config['psk'],
            'pubkey': config['pubkey'],
            'specials': repo.libs.s2s.WG_AUTOGEN_SETTINGS.get(peer, {}),
        },
        'needs': deps,
        'triggers': {
            'svc_systemd:systemd-networkd:restart',
        },
    }
bundles/wireguard: rework metadata.py 2021-04-01 16:27:31 +02:00			`from ipaddress import ip_network`

overall better handling and usage of exceptions 2021-04-02 18:57:13 +02:00			`repo.libs.tools.require_bundle(node, 'systemd-networkd')`
bundles/wireguard: add netdev and network files, add iptables rules 2020-11-21 15:38:38 +01:00
			`files = {`
bundles/wireguard: use one wireguard connection per peer instead of one for all 2021-09-29 19:27:13 +02:00			`'/usr/local/share/icinga/plugins/check_wireguard_connected': {`
			`'mode': '0755',`
			`},`
			`}`

bundles/wireguard: better dependency management 2022-03-10 20:36:20 +01:00			`deps = set()`

			`if node.has_bundle('apt'):`
			`deps.add('pkg_apt:wireguard')`

bundles/wireguard: name wg interfaces according to their peers 2023-09-09 13:54:27 +02:00			`for peer, config in sorted(node.metadata.get('wireguard/peers', {}).items()):`
			`files[f'/etc/systemd/network/wg_{config["iface"]}.netdev'] = {`
bundles/wireguard: add netdev and network files, add iptables rules 2020-11-21 15:38:38 +01:00			`'content_type': 'mako',`
bundles/wireguard: use one wireguard connection per peer instead of one for all 2021-09-29 19:27:13 +02:00			`'source': 'wg.netdev',`
bundles/wireguard: fix permissions for wireguard netdev files 2022-05-16 10:48:26 +02:00			`'owner': 'systemd-network',`
			`'mode': '0600',`
bundles/wireguard: rework metadata.py 2021-04-01 16:27:31 +02:00			`'context': {`
bundles/wireguard: use one wireguard connection per peer instead of one for all 2021-09-29 19:27:13 +02:00			`'endpoint': config.get('endpoint'),`
bundles/wireguard: name wg interfaces according to their peers 2023-09-09 13:54:27 +02:00			`'iface': config['iface'],`
bundles/wireguard: use one wireguard connection per peer instead of one for all 2021-09-29 19:27:13 +02:00			`'peer': peer,`
			`'port': config['my_port'],`
			`'privatekey': node.metadata.get('wireguard/privatekey'),`
			`'psk': config['psk'],`
			`'pubkey': config['pubkey'],`
bundles/wireguard: add option to set settings based on a specific peer 2023-12-10 14:48:24 +01:00			`'specials': repo.libs.s2s.WG_AUTOGEN_SETTINGS.get(peer, {}),`
bundles/wireguard: add netdev and network files, add iptables rules 2020-11-21 15:38:38 +01:00			`},`
bundles/wireguard: better dependency management 2022-03-10 20:36:20 +01:00			`'needs': deps,`
bundles/wireguard: add netdev and network files, add iptables rules 2020-11-21 15:38:38 +01:00			`'triggers': {`
			`'svc_systemd:systemd-networkd:restart',`
			`},`
bundles/wireguard: send pings over vpn, if pppd reconnects 2020-11-27 03:09:37 +01:00			`}`