Add functions for wireguard remote support

This commit is contained in:
Disassembler 2019-03-20 08:47:02 +01:00
parent 8889900650
commit d863fe6675
No known key found for this signature in database
GPG Key ID: 524BD33A0EE29499
3 changed files with 28 additions and 1 deletions

View File

@ -23,6 +23,9 @@ LXC_ROOT = '/var/lib/lxc'
ISSUE_FILE = '/etc/issue'
NGINX_DIR = '/etc/nginx/conf.d'
# Remote support
WIREGUARD_FILE = '/etc/wireguard/wg0.conf'
# URLs
MYIP_URL = 'https://tools.dasm.cz/myip.php'
PING_URL = 'https://tools.dasm.cz/vm-ping.php'

View File

@ -112,3 +112,15 @@ ISSUE = '''
- \x1b[1m{url}\x1b[0m
- \x1b[1m{ip}\x1b[0m\x1b[?1c
'''
WIREGUARD = '''
[Interface]
ListenPort = 51820
PrivateKey = {privkey}
[Peer]
PublicKey = {pubkey}
AllowedIPs = 172.18.0.1/32
Endpoint = {endpoint}
PersistentKeepalive = 15
'''

View File

@ -10,7 +10,7 @@ import urllib
from . import crypto
from . import templates
from . import net
from .paths import ACME_CRON, ACME_DIR, ISSUE_FILE, NGINX_DIR, RELOAD_URL
from .paths import ACME_CRON, ACME_DIR, ISSUE_FILE, NGINX_DIR, RELOAD_URL, WIREGUARD_FILE
class VMMgr:
def __init__(self, conf):
@ -143,3 +143,15 @@ class VMMgr:
def reboot_vm(self):
subprocess.run(['/sbin/reboot'])
def enable_remote_support(self, pubkey, endpoint):
# Sets up wireguard interface
privkey = subprocess.run(['wg', 'genkey'])
with open(WIREGUARD_FILE, 'w') as f:
f.write(templates.WIREGUARD.format(privkey=privkey, pubkey=pubkey, endpoint=endpoint))
subprocess.check_output(['ip', 'link', 'set', 'wg0', 'up'])
def disable_remote_support(self):
# Tears down wireguard settings
os.unlink(WIREGUARD_FILE)
subprocess.check_output(['ip', 'link', 'set', 'wg0', 'down'])