From af89e59722d7bb0df8f84828e007e225ce0aaafd Mon Sep 17 00:00:00 2001 From: David Vazgenovich Shakaryan Date: Tue, 9 Dec 2025 02:09:42 -0800 Subject: common logic for wg-quick and systemd interfaces --- wg-genconf.py | 112 ++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 62 insertions(+), 50 deletions(-) diff --git a/wg-genconf.py b/wg-genconf.py index 1a1fd99..adc81e9 100755 --- a/wg-genconf.py +++ b/wg-genconf.py @@ -150,83 +150,94 @@ def expand_peerspecs(peer, peerspecs): for x in ( auto_peerspecs(peer) if peerspec.get('auto') else [peerspec])] -def gc_if_wgquick_add_peer(buf, network, peerspec): - peer = network.peers[peerspec['name']] +def gc_if_data(if_, privkeys): + if_data = { + 'name': if_.qualified_name, + 'privkey': privkeys.get(if_.network.name, 'FIXME'), + 'addrs': ipspecs_to_ips( + if_.peer, if_.get('ips', ['{peer/-}']), interface=True), + 'port': if_.get('port'), + 'fwmark': if_.get('fwmark'), + 'peers': [], + } - buf.write( - '\n' - f'# {peer.name}\n' - '[Peer]\n' - f'PublicKey = {peer['pubkey']}\n') - for ip in ipspecs_to_ips(peer, peerspec.get('ips', ['{peer}'])): - buf.write(f'AllowedIPs = {ip}\n') - if (host := peer.get('host')): - port = peer.get('port', 51820) - buf.write(f'Endpoint = {host}:{port}\n') - -def gc_if_wgquick(if_, privkeys): + for peerspec in expand_peerspecs(if_.peer, if_['peers']): + peer = if_.network.peers[peerspec['name']] + peer_data = { + 'name': peer.name, + 'pubkey': peer['pubkey'], + 'ips': ipspecs_to_ips(peer, peerspec.get('ips', ['{peer}'])), + 'endpoint': None, + } + if (host := peer.get('host')): + peer_data['endpoint'] = f'{host}:{peer.get('port', 51820)}' + if_data['peers'].append(peer_data) + + return if_data + +def gc_if_wgquick(if_data): buf = io.StringIO() buf.write( '[Interface]\n' - f'PrivateKey = {privkeys.get(if_.network.name, 'FIXME')}\n') - for addr in ipspecs_to_ips( - if_.peer, if_.get('ips', ['{peer/-}']), interface=True): + f'PrivateKey = {if_data['privkey']}\n') + for addr in if_data['addrs']: buf.write(f'Address = {addr}\n') - if (port := if_.get('port')): + if (port := if_data['port']): buf.write(f'ListenPort = {port}\n') - if (fwmark := if_.get('fwmark')): + if (fwmark := if_data['fwmark']): buf.write(f'FwMark = {fwmark}\n') - for peerspec in expand_peerspecs(if_.peer, if_['peers']): - gc_if_wgquick_add_peer(buf, if_.network, peerspec) + for peer_data in if_data['peers']: + buf.write( + '\n' + f'# {peer_data['name']}\n' + '[Peer]\n' + f'PublicKey = {peer_data['pubkey']}\n') + for ip in peer_data['ips']: + buf.write(f'AllowedIPs = {ip}\n') + if (endpoint := peer_data.get('endpoint')): + buf.write(f'Endpoint = {endpoint}\n') return buf -def gc_if_systemd_network(if_): +def gc_if_systemd_network(if_data): buf = io.StringIO() buf.write( '[Match]\n' - f'Name={if_.qualified_name}\n' + f'Name={if_data['name']}\n' '\n' '[Network]\n' 'IPMasquerade=both\n') - for addr in ipspecs_to_ips( - if_.peer, if_.get('ips', ['{peer/-}']), interface=True): + for addr in if_data['addrs']: buf.write(f'Address={addr}\n') return buf -def gc_if_systemd_netdev_add_peer(buf, network, peerspec): - peer = network.peers[peerspec['name']] - - buf.write( - '\n' - f'# {peer.name}\n' - '[WireGuardPeer]\n' - f'PublicKey={peer['pubkey']}\n') - for ip in ipspecs_to_ips(peer, peerspec.get('ips', ['{peer}'])): - buf.write(f'AllowedIPs={ip}\n') - if (host := peer.get('host')): - port = peer.get('port', 51820) - buf.write(f'Endpoint={host}:{port}\n') - -def gc_if_systemd_netdev(if_, privkeys): +def gc_if_systemd_netdev(if_data): buf = io.StringIO() buf.write( '[NetDev]\n' - f'Name={if_.qualified_name}\n' + f'Name={if_data['name']}\n' 'Kind=wireguard\n' - f'Description=WireGuard tunnel {if_.qualified_name}\n' + f'Description=WireGuard tunnel {if_data['name']}\n' '\n' '[WireGuard]\n' - f'PrivateKey={privkeys.get(if_.network.name, 'FIXME')}\n') - if (port := if_.get('port')): + f'PrivateKey={if_data['privkey']}\n') + if (port := if_data['port']): buf.write(f'ListenPort={port}\n') - if (fwmark := if_.get('fwmark')): + if (fwmark := if_data['fwmark']): buf.write(f'FirewallMark={fwmark}\n') - for peerspec in expand_peerspecs(if_.peer, if_['peers']): - gc_if_systemd_netdev_add_peer(buf, if_.network, peerspec) + for peer_data in if_data['peers']: + buf.write( + '\n' + f'# {peer_data['name']}\n' + '[WireGuardPeer]\n' + f'PublicKey={peer_data['pubkey']}\n') + for ip in peer_data['ips']: + buf.write(f'AllowedIPs={ip}\n') + if (endpoint := peer_data.get('endpoint')): + buf.write(f'Endpoint={endpoint}\n') return buf @@ -240,19 +251,20 @@ def buf_to_file(buf, path, mode=None): shutil.copyfileobj(buf, f) def create_if_files(if_, privkeys): + if_data = gc_if_data(if_, privkeys) file_prefix = f'out/{if_.get('file-prefix', '')}' if if_.get('type') == 'systemd': buf_to_file( - gc_if_systemd_netdev(if_, privkeys), + gc_if_systemd_netdev(if_data), f'{file_prefix}{if_.qualified_name}.netdev', mode=0o640) buf_to_file( - gc_if_systemd_network(if_), + gc_if_systemd_network(if_data), f'{file_prefix}{if_.qualified_name}.network') else: buf_to_file( - gc_if_wgquick(if_, privkeys), + gc_if_wgquick(if_data), f'{file_prefix}{if_.qualified_name}.conf') def load_network_peer_interfaces(config, peer): -- cgit v1.2.3-70-g09d2