bundlewrap/scripts/generate-wireguard-client-certificate

36 lines
1,010 B
Python
Executable file

#!/usr/bin/env python3
from os import environ
from sys import argv, exit
from uuid import uuid4
from bundlewrap.repo import Repository
try:
username = argv[1]
except IndexError:
print('Usage: {} <username>'.format(argv[0]))
exit(1)
repo = Repository(environ.get('BW_REPO_PATH', '.'))
privkey = repo.libs.keys.gen_privkey(repo, f'wireguard {username} key {uuid4()}')
psk = repo.libs.keys.gen_privkey(repo, f'wireguard {username} psk {uuid4()}')
pubkey = repo.libs.keys.get_pubkey_from_privkey(repo, f'wireguard {username}', privkey)
enc_psk = repo.vault.encrypt(str(psk))
enc_pubkey = repo.vault.encrypt(str(pubkey))
# editorconfig-checker-disable
print(f"""Keys have been generated. Please take note of them:
Private Key: {privkey}
PSK: {psk}
Public Key: {pubkey}
Put the following config into your desired wireguard server config:
'{username}': {{
'psk': vault.decrypt('{enc_psk}'),
'pubkey': vault.decrypt('{enc_pubkey}'),
}},""")