You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

266 lines
5.7 KiB

package zones
import (
"io/fs"
"os"
)
var (
_ WireguardConfigPruner = (*Zones)(nil)
_ WireguardConfigPruner = (*Zone)(nil)
_ WireguardConfigPruner = (*Machine)(nil)
_ WireguardConfigWriter = (*Zones)(nil)
_ WireguardConfigWriter = (*Zone)(nil)
_ WireguardConfigWriter = (*Machine)(nil)
_ WireguardConfigSyncer = (*Zones)(nil)
_ WireguardConfigSyncer = (*Zone)(nil)
_ WireguardKeysWriter = (*Zones)(nil)
_ WireguardKeysWriter = (*Zone)(nil)
_ WireguardKeysWriter = (*Machine)(nil)
)
// A WireguardConfigPruner deletes wgN.conf on all machines under
// its scope with the specified ring disabled
type WireguardConfigPruner interface {
PruneWireguardConfig(ring int) error
}
// PruneWireguardConfig removes wgN.conf files of machines with
// the corresponding ring disabled on all zones
func (m *Zones) PruneWireguardConfig(ring int) error {
return pruneWireguardConfig(m, ring)
}
// PruneWireguardConfig removes wgN.conf files of machines with
// the corresponding ring disabled.
func (z *Zone) PruneWireguardConfig(ring int) error {
return pruneWireguardConfig(z, ring)
}
func pruneWireguardConfig(m MachineIterator, ring int) error {
var err error
m.ForEachMachine(func(p *Machine) bool {
err = p.zone.PruneWireguardConfig(ring)
if os.IsNotExist(err) {
// ignore
err = nil
}
return err != nil
})
return err
}
// PruneWireguardConfig deletes the wgN.conf file if its
// presence on the ring is disabled
func (m *Machine) PruneWireguardConfig(ring int) error {
_, ok := m.getRingInfo(ring)
if !ok {
return m.RemoveWireguardConfig(ring)
}
return nil
}
// A WireguardConfigWriter rewrites all wgN.conf on all machines under
// its scope attached to that ring
type WireguardConfigWriter interface {
WriteWireguardConfig(ring int) error
}
// WriteWireguardConfig rewrites all wgN.conf on all machines
// attached to that ring
func (m *Zones) WriteWireguardConfig(ring int) error {
switch ring {
case 0:
return writeWireguardConfig(m, m, ring)
case 1:
var err error
m.ForEachZone(func(z *Zone) bool {
err = writeWireguardConfig(m, z, ring)
return err != nil
})
return err
default:
return fs.ErrInvalid
}
}
// WriteWireguardConfig rewrites all wgN.conf on all machines
// on the Zone attached to that ring
func (z *Zone) WriteWireguardConfig(ring int) error {
switch ring {
case 0:
return writeWireguardConfig(z.zones, z.zones, ring)
case 1:
return writeWireguardConfig(z.zones, z, ring)
default:
return fs.ErrInvalid
}
}
func writeWireguardConfig(z ZoneIterator, m MachineIterator, ring int) error {
r, err := NewRing(z, m, ring)
if err != nil {
return err
}
r.ForEachMachine(func(p *Machine) bool {
err = p.writeWireguardRingConfig(r)
return err != nil
})
return err
}
// WriteWireguardConfig rewrites the wgN.conf file of this Machine
// if enabled
func (m *Machine) WriteWireguardConfig(ring int) error {
r, err := NewRing(m.zone.zones, m.zone, ring)
if err != nil {
return err
}
return m.writeWireguardRingConfig(r)
}
func (m *Machine) writeWireguardRingConfig(r *Ring) error {
wg, err := r.ExportConfig(m)
if err != nil {
return nil
}
f, err := m.CreateTruncFile("wg%v.conf", r.ID)
if err != nil {
return err
}
defer f.Close()
_, err = wg.WriteTo(f)
return err
}
// A WireguardConfigSyncer updates all wgN.conf on all machines under
// its scope reflecting the state of the ring
type WireguardConfigSyncer interface {
SyncWireguardConfig(ring int) error
}
// SyncWireguardConfig updates all wgN.conf files for the specified
// ring
func (m *Zones) SyncWireguardConfig(ring int) error {
switch ring {
case 0:
return syncWireguardConfig(m, m, ring)
case 1:
var err error
m.ForEachZone(func(z *Zone) bool {
err = syncWireguardConfig(m, z, ring)
return err != nil
})
return err
default:
return fs.ErrInvalid
}
}
// SyncWireguardConfig updates all wgN.conf files for the specified
// ring
func (z *Zone) SyncWireguardConfig(ring int) error {
switch ring {
case 0:
return syncWireguardConfig(z.zones, z.zones, ring)
case 1:
return syncWireguardConfig(z.zones, z, ring)
default:
return fs.ErrInvalid
}
}
func syncWireguardConfig(z ZoneIterator, m MachineIterator, ring int) error {
r, err := NewRing(z, m, ring)
if err != nil {
return err
}
r.ForEachMachine(func(p *Machine) bool {
if _, ok := p.getRingInfo(ring); ok {
err = p.writeWireguardRingConfig(r)
} else {
err = p.RemoveWireguardConfig(ring)
}
return err != nil
})
return err
}
// A WireguardKeysWriter writes the Wireguard Keys for all machines
// under its scope for the specified ring
type WireguardKeysWriter interface {
WriteWireguardKeys(ring int) error
}
// WriteWireguardKeys rewrites all wgN.{key,pub} files
func (m *Zones) WriteWireguardKeys(ring int) error {
return writeWireguardKeys(m, ring)
}
// WriteWireguardKeys rewrites all wgN.{key,pub} files on this zone
func (z *Zone) WriteWireguardKeys(ring int) error {
return writeWireguardKeys(z, ring)
}
func writeWireguardKeys(m MachineIterator, ring int) error {
var err error
m.ForEachMachine(func(p *Machine) bool {
err = p.WriteWireguardKeys(ring)
if os.IsNotExist(err) {
// ignore
err = nil
}
return err != nil
})
return err
}
// WriteWireguardKeys writes the wgN.key/wgN.pub files
func (m *Machine) WriteWireguardKeys(ring int) error {
var err error
var key, pub string
var ri *RingInfo
ri, _ = m.getRingInfo(ring)
if ri != nil {
key = ri.Keys.PrivateKey.String()
pub = ri.Keys.PublicKey.String()
}
switch {
case key == "":
return fs.ErrNotExist
case pub == "":
pub = ri.Keys.PrivateKey.Public().String()
}
err = m.WriteStringFile(key+"\n", "wg%v.key", ring)
if err != nil {
return err
}
err = m.WriteStringFile(pub+"\n", "wg%v.pub", ring)
if err != nil {
return err
}
return nil
}