Add functions for wireguard remote support
This commit is contained in:
parent
8889900650
commit
d863fe6675
@ -23,6 +23,9 @@ LXC_ROOT = '/var/lib/lxc'
|
||||
ISSUE_FILE = '/etc/issue'
|
||||
NGINX_DIR = '/etc/nginx/conf.d'
|
||||
|
||||
# Remote support
|
||||
WIREGUARD_FILE = '/etc/wireguard/wg0.conf'
|
||||
|
||||
# URLs
|
||||
MYIP_URL = 'https://tools.dasm.cz/myip.php'
|
||||
PING_URL = 'https://tools.dasm.cz/vm-ping.php'
|
||||
|
@ -112,3 +112,15 @@ ISSUE = '''
|
||||
- \x1b[1m{url}\x1b[0m
|
||||
- \x1b[1m{ip}\x1b[0m\x1b[?1c
|
||||
'''
|
||||
|
||||
WIREGUARD = '''
|
||||
[Interface]
|
||||
ListenPort = 51820
|
||||
PrivateKey = {privkey}
|
||||
|
||||
[Peer]
|
||||
PublicKey = {pubkey}
|
||||
AllowedIPs = 172.18.0.1/32
|
||||
Endpoint = {endpoint}
|
||||
PersistentKeepalive = 15
|
||||
'''
|
||||
|
@ -10,7 +10,7 @@ import urllib
|
||||
from . import crypto
|
||||
from . import templates
|
||||
from . import net
|
||||
from .paths import ACME_CRON, ACME_DIR, ISSUE_FILE, NGINX_DIR, RELOAD_URL
|
||||
from .paths import ACME_CRON, ACME_DIR, ISSUE_FILE, NGINX_DIR, RELOAD_URL, WIREGUARD_FILE
|
||||
|
||||
class VMMgr:
|
||||
def __init__(self, conf):
|
||||
@ -143,3 +143,15 @@ class VMMgr:
|
||||
|
||||
def reboot_vm(self):
|
||||
subprocess.run(['/sbin/reboot'])
|
||||
|
||||
def enable_remote_support(self, pubkey, endpoint):
|
||||
# Sets up wireguard interface
|
||||
privkey = subprocess.run(['wg', 'genkey'])
|
||||
with open(WIREGUARD_FILE, 'w') as f:
|
||||
f.write(templates.WIREGUARD.format(privkey=privkey, pubkey=pubkey, endpoint=endpoint))
|
||||
subprocess.check_output(['ip', 'link', 'set', 'wg0', 'up'])
|
||||
|
||||
def disable_remote_support(self):
|
||||
# Tears down wireguard settings
|
||||
os.unlink(WIREGUARD_FILE)
|
||||
subprocess.check_output(['ip', 'link', 'set', 'wg0', 'down'])
|
||||
|
Loading…
x
Reference in New Issue
Block a user