2021-04-01 14:27:31 +00:00
|
|
|
from ipaddress import ip_network
|
|
|
|
|
2021-04-02 16:57:13 +00:00
|
|
|
repo.libs.tools.require_bundle(node, 'systemd-networkd')
|
2020-11-21 14:38:38 +00:00
|
|
|
|
|
|
|
files = {
|
2021-09-29 17:27:13 +00:00
|
|
|
'/usr/local/share/icinga/plugins/check_wireguard_connected': {
|
|
|
|
'mode': '0755',
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2021-10-14 06:52:03 +00:00
|
|
|
health_checks = {}
|
2021-09-29 17:27:13 +00:00
|
|
|
for number, (peer, config) in enumerate(sorted(node.metadata.get('wireguard/peers', {}).items())):
|
|
|
|
files[f'/etc/systemd/network/wg{number}.netdev'] = {
|
2020-11-21 14:38:38 +00:00
|
|
|
'content_type': 'mako',
|
2021-09-29 17:27:13 +00:00
|
|
|
'source': 'wg.netdev',
|
2021-04-01 14:27:31 +00:00
|
|
|
'context': {
|
2021-09-29 17:27:13 +00:00
|
|
|
'endpoint': config.get('endpoint'),
|
|
|
|
'number': number,
|
|
|
|
'peer': peer,
|
|
|
|
'port': config['my_port'],
|
|
|
|
'privatekey': node.metadata.get('wireguard/privatekey'),
|
|
|
|
'psk': config['psk'],
|
|
|
|
'pubkey': config['pubkey'],
|
2020-11-21 14:38:38 +00:00
|
|
|
},
|
|
|
|
'needs': {
|
|
|
|
'pkg_apt:wireguard',
|
|
|
|
},
|
|
|
|
'triggers': {
|
|
|
|
'svc_systemd:systemd-networkd:restart',
|
|
|
|
},
|
2020-11-27 02:09:37 +00:00
|
|
|
}
|
2021-09-30 04:37:42 +00:00
|
|
|
|
2021-10-14 06:52:03 +00:00
|
|
|
if config.get('health_check', False):
|
|
|
|
health_checks[peer] = config['their_ip']
|
|
|
|
|
|
|
|
if health_checks:
|
|
|
|
files['/usr/local/bin/wg_health_check'] = {
|
|
|
|
'content_type': 'mako',
|
|
|
|
'context': {
|
|
|
|
'peers': health_checks,
|
|
|
|
},
|
|
|
|
'mode': '0755',
|
|
|
|
}
|
|
|
|
files['/etc/cron.d/wg_health_check'] = {
|
|
|
|
'content': '* * * * * root /usr/local/bin/wg_health_check | logger -t wg_health_check\n',
|
|
|
|
}
|
|
|
|
|
2021-09-30 04:37:42 +00:00
|
|
|
if node.has_bundle('pppd'):
|
|
|
|
files['/etc/ppp/ip-up.d/reconnect-wireguard'] = {
|
|
|
|
'source': 'pppd-ip-up',
|
|
|
|
'content_type': 'mako',
|
|
|
|
'mode': '0755',
|
|
|
|
}
|