diff --git a/usr/lib/python3.6/vmmgr/paths.py b/usr/lib/python3.6/vmmgr/paths.py index 3828266..1c11de2 100644 --- a/usr/lib/python3.6/vmmgr/paths.py +++ b/usr/lib/python3.6/vmmgr/paths.py @@ -23,6 +23,9 @@ LXC_ROOT = '/var/lib/lxc' ISSUE_FILE = '/etc/issue' NGINX_DIR = '/etc/nginx/conf.d' +# Remote support +WIREGUARD_FILE = '/etc/wireguard/wg0.conf' + # URLs MYIP_URL = 'https://tools.dasm.cz/myip.php' PING_URL = 'https://tools.dasm.cz/vm-ping.php' diff --git a/usr/lib/python3.6/vmmgr/templates.py b/usr/lib/python3.6/vmmgr/templates.py index b87c179..6260b54 100644 --- a/usr/lib/python3.6/vmmgr/templates.py +++ b/usr/lib/python3.6/vmmgr/templates.py @@ -112,3 +112,15 @@ ISSUE = ''' - \x1b[1m{url}\x1b[0m - \x1b[1m{ip}\x1b[0m\x1b[?1c ''' + +WIREGUARD = ''' +[Interface] +ListenPort = 51820 +PrivateKey = {privkey} + +[Peer] +PublicKey = {pubkey} +AllowedIPs = 172.18.0.1/32 +Endpoint = {endpoint} +PersistentKeepalive = 15 +''' diff --git a/usr/lib/python3.6/vmmgr/vmmgr.py b/usr/lib/python3.6/vmmgr/vmmgr.py index 809ce14..72ad2ad 100644 --- a/usr/lib/python3.6/vmmgr/vmmgr.py +++ b/usr/lib/python3.6/vmmgr/vmmgr.py @@ -10,7 +10,7 @@ import urllib from . import crypto from . import templates from . import net -from .paths import ACME_CRON, ACME_DIR, ISSUE_FILE, NGINX_DIR, RELOAD_URL +from .paths import ACME_CRON, ACME_DIR, ISSUE_FILE, NGINX_DIR, RELOAD_URL, WIREGUARD_FILE class VMMgr: def __init__(self, conf): @@ -143,3 +143,15 @@ class VMMgr: def reboot_vm(self): subprocess.run(['/sbin/reboot']) + + def enable_remote_support(self, pubkey, endpoint): + # Sets up wireguard interface + privkey = subprocess.run(['wg', 'genkey']) + with open(WIREGUARD_FILE, 'w') as f: + f.write(templates.WIREGUARD.format(privkey=privkey, pubkey=pubkey, endpoint=endpoint)) + subprocess.check_output(['ip', 'link', 'set', 'wg0', 'up']) + + def disable_remote_support(self): + # Tears down wireguard settings + os.unlink(WIREGUARD_FILE) + subprocess.check_output(['ip', 'link', 'set', 'wg0', 'down'])