mirror of
https://github.com/speatzle/nfsense.git
synced 2025-05-10 18:38:22 +00:00
Add Wireguard Config Generation
This commit is contained in:
parent
a67911df67
commit
7545e2fcbb
3 changed files with 69 additions and 7 deletions
|
|
@ -31,6 +31,11 @@ type BridgeMembership struct {
|
|||
BridgeName string
|
||||
}
|
||||
|
||||
type NameAndConfig struct {
|
||||
Name string
|
||||
Config config.Config
|
||||
}
|
||||
|
||||
func GenerateNetworkdConfiguration(conf config.Config) ([]NetworkdConfigFile, error) {
|
||||
files := []NetworkdConfigFile{}
|
||||
|
||||
|
|
@ -88,7 +93,23 @@ func GenerateNetworkdConfiguration(conf config.Config) ([]NetworkdConfigFile, er
|
|||
}
|
||||
}
|
||||
|
||||
// Step 4 Generate Bond Members
|
||||
// Step 4 Generate wireguard netdev files
|
||||
for name := range conf.VPN.Wireguard.Interfaces {
|
||||
buf := new(bytes.Buffer)
|
||||
err := templates.ExecuteTemplate(buf, "create-wireguard.netdev.tmpl", NameAndConfig{
|
||||
Name: name,
|
||||
Config: conf,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("executing create-wireguard.netdev.tmpl template: %w", err)
|
||||
}
|
||||
files = append(files, NetworkdConfigFile{
|
||||
Name: fmt.Sprintf("40-create-wireguard-%v.netdev", name),
|
||||
Content: buf.String(),
|
||||
})
|
||||
}
|
||||
|
||||
// Step 5 Generate Bond Members
|
||||
for name, inter := range conf.Network.Interfaces {
|
||||
if inter.Type == network.Bond && inter.BondMembers != nil {
|
||||
for _, member := range *inter.BondMembers {
|
||||
|
|
@ -101,14 +122,14 @@ func GenerateNetworkdConfiguration(conf config.Config) ([]NetworkdConfigFile, er
|
|||
return nil, fmt.Errorf("executing bond-membership.network.tmpl template: %w", err)
|
||||
}
|
||||
files = append(files, NetworkdConfigFile{
|
||||
Name: fmt.Sprintf("40-bond-membership-%v.network", name),
|
||||
Name: fmt.Sprintf("50-bond-membership-%v.network", name),
|
||||
Content: buf.String(),
|
||||
})
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Step 5 Generate Bridge Members
|
||||
// Step 6 Generate Bridge Members
|
||||
for name, inter := range conf.Network.Interfaces {
|
||||
if inter.Type == network.Bridge && inter.BridgeMembers != nil {
|
||||
for _, member := range *inter.BridgeMembers {
|
||||
|
|
@ -121,14 +142,14 @@ func GenerateNetworkdConfiguration(conf config.Config) ([]NetworkdConfigFile, er
|
|||
return nil, fmt.Errorf("executing bridge-membership.network.tmpl template: %w", err)
|
||||
}
|
||||
files = append(files, NetworkdConfigFile{
|
||||
Name: fmt.Sprintf("50-bridge-membership-%v.network", name),
|
||||
Name: fmt.Sprintf("60-bridge-membership-%v.network", name),
|
||||
Content: buf.String(),
|
||||
})
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Step 6 Generate addressing network files
|
||||
// Step 7 Generate addressing network files
|
||||
for name, inter := range conf.Network.Interfaces {
|
||||
// Vlans
|
||||
vlans := []string{}
|
||||
|
|
@ -162,7 +183,7 @@ func GenerateNetworkdConfiguration(conf config.Config) ([]NetworkdConfigFile, er
|
|||
return nil, fmt.Errorf("executing config-addressing.network.tmpl template: %w", err)
|
||||
}
|
||||
files = append(files, NetworkdConfigFile{
|
||||
Name: fmt.Sprintf("60-config-addressing-%v.network", name),
|
||||
Name: fmt.Sprintf("70-config-addressing-%v.network", name),
|
||||
Content: buf.String(),
|
||||
})
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ package networkd
|
|||
import (
|
||||
"embed"
|
||||
"text/template"
|
||||
|
||||
"nfsense.net/nfsense/internal/definitions/config"
|
||||
"nfsense.net/nfsense/internal/definitions/object"
|
||||
)
|
||||
|
||||
//go:embed template
|
||||
|
|
@ -12,8 +15,22 @@ var templates *template.Template
|
|||
func init() {
|
||||
|
||||
var err error
|
||||
templates, err = template.New("").ParseFS(templateFS, "template/*.tmpl")
|
||||
templates, err = template.New("").Funcs(template.FuncMap{
|
||||
"getAddressObjectsAsCidr": getAddressObjectsAsCidr,
|
||||
}).ParseFS(templateFS, "template/*.tmpl")
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
}
|
||||
|
||||
func getAddressObjectsAsCidr(conf config.Config, name string) string {
|
||||
addr := conf.Object.Addresses[name]
|
||||
switch addr.Type {
|
||||
case object.Host:
|
||||
return addr.Host.String() + "/32"
|
||||
case object.NetworkAddress:
|
||||
return addr.NetworkAddress.String()
|
||||
default:
|
||||
panic("unsupported Address Type")
|
||||
}
|
||||
}
|
||||
|
|
|
|||
24
internal/networkd/template/create-wireguard.netdev.tmpl
Normal file
24
internal/networkd/template/create-wireguard.netdev.tmpl
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
[NetDev]
|
||||
Name={{ $.Name }}
|
||||
Kind=wireguard
|
||||
|
||||
{{- $intertface := index $.Config.VPN.Wireguard.Interfaces .Name }}
|
||||
|
||||
[WireGuard]
|
||||
ListenPort={{ $intertface.ListenPort }}
|
||||
PrivateKey={{ $intertface.PrivateKey }}
|
||||
|
||||
{{ range $i, $peerName := $intertface.Peers }}
|
||||
{{- $peer := index $.Config.VPN.Wireguard.Peers $peerName }}
|
||||
[WireGuardPeer]
|
||||
PublicKey={{ $peer.PublicKey }}
|
||||
{{- if ne $peer.PresharedKey nil }}
|
||||
PresharedKey={{ $peer.PresharedKey }}
|
||||
{{- end }}
|
||||
{{range $i, $allowedIpName := $peer.AllowedIPs }}
|
||||
AllowedIPs={{ getAddressObjectsAsCidr $.Config $allowedIpName}}
|
||||
{{- end }}
|
||||
{{- if ne $peer.Endpoint nil }}
|
||||
Endpoint={{ $peer.Endpoint }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
Loading…
Add table
Reference in a new issue