Add functions for wireguard remote support

usr/lib/python3.6/vmmgr/paths.py

@@ -23,6 +23,9 @@ LXC_ROOT = '/var/lib/lxc'
 ISSUE_FILE = '/etc/issue'
 NGINX_DIR = '/etc/nginx/conf.d'
 
+# Remote support
+WIREGUARD_FILE = '/etc/wireguard/wg0.conf'
+
 # URLs
 MYIP_URL = 'https://tools.dasm.cz/myip.php'
 PING_URL = 'https://tools.dasm.cz/vm-ping.php'

usr/lib/python3.6/vmmgr/templates.py

@@ -112,3 +112,15 @@ ISSUE = '''
    - \x1b[1m{url}\x1b[0m
    - \x1b[1m{ip}\x1b[0m\x1b[?1c
 '''
+
+WIREGUARD = '''
+[Interface]
+ListenPort = 51820
+PrivateKey = {privkey}
+
+[Peer]
+PublicKey = {pubkey}
+AllowedIPs = 172.18.0.1/32
+Endpoint = {endpoint}
+PersistentKeepalive = 15
+'''

usr/lib/python3.6/vmmgr/vmmgr.py

@@ -10,7 +10,7 @@ import urllib
 from . import crypto
 from . import templates
 from . import net
-from .paths import ACME_CRON, ACME_DIR, ISSUE_FILE, NGINX_DIR, RELOAD_URL
+from .paths import ACME_CRON, ACME_DIR, ISSUE_FILE, NGINX_DIR, RELOAD_URL, WIREGUARD_FILE
 
 class VMMgr:
     def __init__(self, conf):
@@ -143,3 +143,15 @@ class VMMgr:
 
     def reboot_vm(self):
         subprocess.run(['/sbin/reboot'])
+
+    def enable_remote_support(self, pubkey, endpoint):
+        # Sets up wireguard interface
+        privkey = subprocess.run(['wg', 'genkey'])
+        with open(WIREGUARD_FILE, 'w') as f:
+            f.write(templates.WIREGUARD.format(privkey=privkey, pubkey=pubkey, endpoint=endpoint))
+        subprocess.check_output(['ip', 'link', 'set', 'wg0', 'up'])
+
+    def disable_remote_support(self):
+        # Tears down wireguard settings
+        os.unlink(WIREGUARD_FILE)
+        subprocess.check_output(['ip', 'link', 'set', 'wg0', 'down'])