speatzle/nfsense
1
0
Fork 0
mirror of https://github.com/speatzle/nfsense.git synced 2025-05-11 02:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add Wireguard Config Generation

Browse source
This commit is contained in:
Samuel Lorch 2023-05-06 21:14:16 +02:00
parent a67911df67
commit 7545e2fcbb
3 changed files with 69 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
internal/networkd/configuration.go
View file

@ -31,6 +31,11 @@ type BridgeMembership struct {
BridgeName string BridgeName string
} }
type NameAndConfig struct {
Name string
Config config.Config
}
func GenerateNetworkdConfiguration(conf config.Config) ([]NetworkdConfigFile, error) { func GenerateNetworkdConfiguration(conf config.Config) ([]NetworkdConfigFile, error) {
files := []NetworkdConfigFile{} files := []NetworkdConfigFile{}
@ -88,7 +93,23 @@ func GenerateNetworkdConfiguration(conf config.Config) ([]NetworkdConfigFile, er
} }
} }
// Step 4 Generate Bond Members // Step 4 Generate wireguard netdev files
for name := range conf.VPN.Wireguard.Interfaces {
buf := new(bytes.Buffer)
err := templates.ExecuteTemplate(buf, "create-wireguard.netdev.tmpl", NameAndConfig{
Name: name,
Config: conf,
})
if err != nil {
return nil, fmt.Errorf("executing create-wireguard.netdev.tmpl template: %w", err)
}
files = append(files, NetworkdConfigFile{
Name: fmt.Sprintf("40-create-wireguard-%v.netdev", name),
Content: buf.String(),
})
}
// Step 5 Generate Bond Members
for name, inter := range conf.Network.Interfaces { for name, inter := range conf.Network.Interfaces {
if inter.Type == network.Bond && inter.BondMembers != nil { if inter.Type == network.Bond && inter.BondMembers != nil {
for _, member := range *inter.BondMembers { for _, member := range *inter.BondMembers {
@ -101,14 +122,14 @@ func GenerateNetworkdConfiguration(conf config.Config) ([]NetworkdConfigFile, er
return nil, fmt.Errorf("executing bond-membership.network.tmpl template: %w", err) return nil, fmt.Errorf("executing bond-membership.network.tmpl template: %w", err)
} }
files = append(files, NetworkdConfigFile{ files = append(files, NetworkdConfigFile{
Name: fmt.Sprintf("40-bond-membership-%v.network", name), Name: fmt.Sprintf("50-bond-membership-%v.network", name),
Content: buf.String(), Content: buf.String(),
}) })
} }
} }
} }
// Step 5 Generate Bridge Members // Step 6 Generate Bridge Members
for name, inter := range conf.Network.Interfaces { for name, inter := range conf.Network.Interfaces {
if inter.Type == network.Bridge && inter.BridgeMembers != nil { if inter.Type == network.Bridge && inter.BridgeMembers != nil {
for _, member := range *inter.BridgeMembers { for _, member := range *inter.BridgeMembers {
@ -121,14 +142,14 @@ func GenerateNetworkdConfiguration(conf config.Config) ([]NetworkdConfigFile, er
return nil, fmt.Errorf("executing bridge-membership.network.tmpl template: %w", err) return nil, fmt.Errorf("executing bridge-membership.network.tmpl template: %w", err)
} }
files = append(files, NetworkdConfigFile{ files = append(files, NetworkdConfigFile{
Name: fmt.Sprintf("50-bridge-membership-%v.network", name), Name: fmt.Sprintf("60-bridge-membership-%v.network", name),
Content: buf.String(), Content: buf.String(),
}) })
} }
} }
} }
// Step 6 Generate addressing network files // Step 7 Generate addressing network files
for name, inter := range conf.Network.Interfaces { for name, inter := range conf.Network.Interfaces {
// Vlans // Vlans
vlans := []string{} vlans := []string{}
@ -162,7 +183,7 @@ func GenerateNetworkdConfiguration(conf config.Config) ([]NetworkdConfigFile, er
return nil, fmt.Errorf("executing config-addressing.network.tmpl template: %w", err) return nil, fmt.Errorf("executing config-addressing.network.tmpl template: %w", err)
} }
files = append(files, NetworkdConfigFile{ files = append(files, NetworkdConfigFile{
Name: fmt.Sprintf("60-config-addressing-%v.network", name), Name: fmt.Sprintf("70-config-addressing-%v.network", name),
Content: buf.String(), Content: buf.String(),
}) })
} }

19
internal/networkd/template.go
View file

@ -3,6 +3,9 @@ package networkd
import ( import (
"embed" "embed"
"text/template" "text/template"
"nfsense.net/nfsense/internal/definitions/config"
"nfsense.net/nfsense/internal/definitions/object"
) )
//go:embed template //go:embed template
@ -12,8 +15,22 @@ var templates *template.Template
func init() { func init() {
var err error var err error
templates, err = template.New("").ParseFS(templateFS, "template/*.tmpl") templates, err = template.New("").Funcs(template.FuncMap{
"getAddressObjectsAsCidr": getAddressObjectsAsCidr,
}).ParseFS(templateFS, "template/*.tmpl")
if err != nil { if err != nil {
panic(err) panic(err)
} }
} }
func getAddressObjectsAsCidr(conf config.Config, name string) string {
addr := conf.Object.Addresses[name]
switch addr.Type {
case object.Host:
return addr.Host.String() + "/32"
case object.NetworkAddress:
return addr.NetworkAddress.String()
default:
panic("unsupported Address Type")
}
}

24
internal/networkd/template/create-wireguard.netdev.tmpl Normal file
View file

@ -0,0 +1,24 @@
[NetDev]
Name={{ $.Name }}
Kind=wireguard
{{- $intertface := index $.Config.VPN.Wireguard.Interfaces .Name }}
[WireGuard]
ListenPort={{ $intertface.ListenPort }}
PrivateKey={{ $intertface.PrivateKey }}
{{ range $i, $peerName := $intertface.Peers }}
{{- $peer := index $.Config.VPN.Wireguard.Peers $peerName }}
[WireGuardPeer]
PublicKey={{ $peer.PublicKey }}
{{- if ne $peer.PresharedKey nil }}
PresharedKey={{ $peer.PresharedKey }}
{{- end }}
{{range $i, $allowedIpName := $peer.AllowedIPs }}
AllowedIPs={{ getAddressObjectsAsCidr $.Config $allowedIpName}}
{{- end }}
{{- if ne $peer.Endpoint nil }}
Endpoint={{ $peer.Endpoint }}
{{- end }}
{{- end }}