|
|
@ -13,14 +13,21 @@ import ( |
|
|
|
) |
|
|
|
) |
|
|
|
|
|
|
|
|
|
|
|
// GetWireguardKeys reads a wgN.key/wgN.pub files
|
|
|
|
// GetWireguardKeys reads a wgN.key/wgN.pub files
|
|
|
|
func (m *Machine) GetWireguardKeys(ring int) (wireguard.KeyPair, error) { |
|
|
|
func (m *Machine) GetWireguardKeys(ringID rings.RingID) (wireguard.KeyPair, error) { |
|
|
|
var ( |
|
|
|
var ( |
|
|
|
data []byte |
|
|
|
data []byte |
|
|
|
err error |
|
|
|
|
|
|
|
out wireguard.KeyPair |
|
|
|
out wireguard.KeyPair |
|
|
|
) |
|
|
|
) |
|
|
|
|
|
|
|
|
|
|
|
data, err = m.ReadFile("wg%v.key", ring) |
|
|
|
ring, err := AsWireguardInterfaceID(ringID) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
// invalid ring
|
|
|
|
|
|
|
|
return out, err |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
keyFile, pubFile, _ := ring.Files() |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
data, err = m.ReadFile(keyFile) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
// failed to read
|
|
|
|
// failed to read
|
|
|
|
return out, err |
|
|
|
return out, err |
|
|
@ -29,11 +36,11 @@ func (m *Machine) GetWireguardKeys(ring int) (wireguard.KeyPair, error) { |
|
|
|
out.PrivateKey, err = wireguard.PrivateKeyFromBase64(string(data)) |
|
|
|
out.PrivateKey, err = wireguard.PrivateKeyFromBase64(string(data)) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
// bad key
|
|
|
|
// bad key
|
|
|
|
err = core.Wrap(err, "wg%v.key", ring) |
|
|
|
err = core.Wrap(err, keyFile) |
|
|
|
return out, err |
|
|
|
return out, err |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
data, err = m.ReadFile("wg%v.pub", ring) |
|
|
|
data, err = m.ReadFile(pubFile) |
|
|
|
switch { |
|
|
|
switch { |
|
|
|
case os.IsNotExist(err): |
|
|
|
case os.IsNotExist(err): |
|
|
|
// no wgN.pub is fine
|
|
|
|
// no wgN.pub is fine
|
|
|
@ -45,7 +52,7 @@ func (m *Machine) GetWireguardKeys(ring int) (wireguard.KeyPair, error) { |
|
|
|
out.PublicKey, err = wireguard.PublicKeyFromBase64(string(data)) |
|
|
|
out.PublicKey, err = wireguard.PublicKeyFromBase64(string(data)) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
// bad key
|
|
|
|
// bad key
|
|
|
|
err = core.Wrap(err, "wg%v.pub", ring) |
|
|
|
err = core.Wrap(err, pubFile) |
|
|
|
return out, err |
|
|
|
return out, err |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
@ -54,8 +61,8 @@ func (m *Machine) GetWireguardKeys(ring int) (wireguard.KeyPair, error) { |
|
|
|
return out, err |
|
|
|
return out, err |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func (m *Machine) tryReadWireguardKeys(ring int) error { |
|
|
|
func (m *Machine) tryReadWireguardKeys(ringID rings.RingID) error { |
|
|
|
kp, err := m.GetWireguardKeys(ring) |
|
|
|
kp, err := m.GetWireguardKeys(ringID) |
|
|
|
switch { |
|
|
|
switch { |
|
|
|
case os.IsNotExist(err): |
|
|
|
case os.IsNotExist(err): |
|
|
|
// ignore
|
|
|
|
// ignore
|
|
|
@ -66,20 +73,25 @@ func (m *Machine) tryReadWireguardKeys(ring int) error { |
|
|
|
default: |
|
|
|
default: |
|
|
|
// import keys
|
|
|
|
// import keys
|
|
|
|
ri := &RingInfo{ |
|
|
|
ri := &RingInfo{ |
|
|
|
Ring: ring, |
|
|
|
Ring: MustWireguardInterfaceID(ringID), |
|
|
|
Keys: kp, |
|
|
|
Keys: kp, |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
return m.applyRingInfo(ring, ri) |
|
|
|
return m.applyRingInfo(ringID, ri) |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// RemoveWireguardKeys deletes wgN.key and wgN.pub from
|
|
|
|
// RemoveWireguardKeys deletes wgN.key and wgN.pub from
|
|
|
|
// the machine's config directory
|
|
|
|
// the machine's config directory
|
|
|
|
func (m *Machine) RemoveWireguardKeys(ring int) error { |
|
|
|
func (m *Machine) RemoveWireguardKeys(ringID rings.RingID) error { |
|
|
|
var err error |
|
|
|
ring, err := AsWireguardInterfaceID(ringID) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
return err |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
keyFile, pubFile, _ := ring.Files() |
|
|
|
|
|
|
|
|
|
|
|
err = m.RemoveFile("wg%v.pub", ring) |
|
|
|
err = m.RemoveFile(pubFile) |
|
|
|
switch { |
|
|
|
switch { |
|
|
|
case os.IsNotExist(err): |
|
|
|
case os.IsNotExist(err): |
|
|
|
// ignore
|
|
|
|
// ignore
|
|
|
@ -87,7 +99,7 @@ func (m *Machine) RemoveWireguardKeys(ring int) error { |
|
|
|
return err |
|
|
|
return err |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
err = m.RemoveFile("wg%v.key", ring) |
|
|
|
err = m.RemoveFile(keyFile) |
|
|
|
if os.IsNotExist(err) { |
|
|
|
if os.IsNotExist(err) { |
|
|
|
// ignore
|
|
|
|
// ignore
|
|
|
|
err = nil |
|
|
|
err = nil |
|
|
@ -97,8 +109,13 @@ func (m *Machine) RemoveWireguardKeys(ring int) error { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// GetWireguardConfig reads a wgN.conf file
|
|
|
|
// GetWireguardConfig reads a wgN.conf file
|
|
|
|
func (m *Machine) GetWireguardConfig(ring int) (*wireguard.Config, error) { |
|
|
|
func (m *Machine) GetWireguardConfig(ringID rings.RingID) (*wireguard.Config, error) { |
|
|
|
data, err := m.ReadFile("wg%v.conf", ring) |
|
|
|
ring, err := AsWireguardInterfaceID(ringID) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
return nil, err |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
data, err := m.ReadFile(ring.ConfFile()) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
return nil, err |
|
|
|
return nil, err |
|
|
|
} |
|
|
|
} |
|
|
@ -107,7 +124,7 @@ func (m *Machine) GetWireguardConfig(ring int) (*wireguard.Config, error) { |
|
|
|
return wireguard.NewConfigFromReader(r) |
|
|
|
return wireguard.NewConfigFromReader(r) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func (m *Machine) tryApplyWireguardConfig(ring int) error { |
|
|
|
func (m *Machine) tryApplyWireguardConfig(ring rings.RingID) error { |
|
|
|
wg, err := m.GetWireguardConfig(ring) |
|
|
|
wg, err := m.GetWireguardConfig(ring) |
|
|
|
switch { |
|
|
|
switch { |
|
|
|
case os.IsNotExist(err): |
|
|
|
case os.IsNotExist(err): |
|
|
@ -119,15 +136,15 @@ func (m *Machine) tryApplyWireguardConfig(ring int) error { |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func (m *Machine) applyWireguardConfigNode(ring int, wg *wireguard.Config) error { |
|
|
|
func (m *Machine) applyWireguardConfigNode(ring rings.RingID, wg *wireguard.Config) error { |
|
|
|
addr := wg.GetAddress() |
|
|
|
addr := wg.GetAddress() |
|
|
|
if !core.IsZero(addr) { |
|
|
|
if !core.IsZero(addr) { |
|
|
|
zoneID, nodeID, ok := Rings[ring].Decode(addr) |
|
|
|
regionID, zoneID, nodeID, ok := Rings[ring].Decode(addr) |
|
|
|
if !ok { |
|
|
|
if !ok { |
|
|
|
return fmt.Errorf("%s: invalid address", addr) |
|
|
|
return fmt.Errorf("%s: invalid address", addr) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if err := m.applyZoneNodeID(zoneID, nodeID); err != nil { |
|
|
|
if err := m.applyZoneNodeID(regionID, zoneID, nodeID); err != nil { |
|
|
|
return core.Wrap(err, "%s: invalid address", addr) |
|
|
|
return core.Wrap(err, "%s: invalid address", addr) |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
@ -139,7 +156,7 @@ func (m *Machine) applyWireguardConfigNode(ring int, wg *wireguard.Config) error |
|
|
|
return nil |
|
|
|
return nil |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func (m *Machine) applyWireguardConfig(ring int, wg *wireguard.Config) error { |
|
|
|
func (m *Machine) applyWireguardConfig(ring rings.RingID, wg *wireguard.Config) error { |
|
|
|
if err := m.applyWireguardConfigNode(ring, wg); err != nil { |
|
|
|
if err := m.applyWireguardConfigNode(ring, wg); err != nil { |
|
|
|
return err |
|
|
|
return err |
|
|
|
} |
|
|
|
} |
|
|
@ -153,7 +170,7 @@ func (m *Machine) applyWireguardConfig(ring int, wg *wireguard.Config) error { |
|
|
|
WithField("subsystem", "wireguard"). |
|
|
|
WithField("subsystem", "wireguard"). |
|
|
|
WithField("node", m.Name). |
|
|
|
WithField("node", m.Name). |
|
|
|
WithField("peer", peer.Endpoint.Host). |
|
|
|
WithField("peer", peer.Endpoint.Host). |
|
|
|
WithField("ring", ring). |
|
|
|
WithField("ring", MustWireguardInterfaceID(ring)). |
|
|
|
Print("ignoring unknown endpoint") |
|
|
|
Print("ignoring unknown endpoint") |
|
|
|
case err != nil: |
|
|
|
case err != nil: |
|
|
|
return core.Wrap(err, "peer") |
|
|
|
return core.Wrap(err, "peer") |
|
|
@ -163,9 +180,9 @@ func (m *Machine) applyWireguardConfig(ring int, wg *wireguard.Config) error { |
|
|
|
return nil |
|
|
|
return nil |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func (m *Machine) getRingInfo(ring int) (*RingInfo, bool) { |
|
|
|
func (m *Machine) getRingInfo(ring rings.RingID) (*RingInfo, bool) { |
|
|
|
for _, ri := range m.Rings { |
|
|
|
for _, ri := range m.Rings { |
|
|
|
if ri.Ring == ring { |
|
|
|
if ri.RingID() == ring { |
|
|
|
return ri, ri.Enabled |
|
|
|
return ri, ri.Enabled |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
@ -173,13 +190,13 @@ func (m *Machine) getRingInfo(ring int) (*RingInfo, bool) { |
|
|
|
return nil, false |
|
|
|
return nil, false |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func (m *Machine) applyRingInfo(ring int, new *RingInfo) error { |
|
|
|
func (m *Machine) applyRingInfo(ring rings.RingID, new *RingInfo) error { |
|
|
|
cur, _ := m.getRingInfo(ring) |
|
|
|
cur, _ := m.getRingInfo(ring) |
|
|
|
if cur == nil { |
|
|
|
if cur == nil { |
|
|
|
// first, append
|
|
|
|
// first, append
|
|
|
|
m.debug(). |
|
|
|
m.debug(). |
|
|
|
WithField("node", m.Name). |
|
|
|
WithField("node", m.Name). |
|
|
|
WithField("ring", ring). |
|
|
|
WithField("ring", MustWireguardInterfaceID(ring)). |
|
|
|
Print("found") |
|
|
|
Print("found") |
|
|
|
m.Rings = append(m.Rings, new) |
|
|
|
m.Rings = append(m.Rings, new) |
|
|
|
return nil |
|
|
|
return nil |
|
|
@ -189,9 +206,11 @@ func (m *Machine) applyRingInfo(ring int, new *RingInfo) error { |
|
|
|
return cur.Merge(new) |
|
|
|
return cur.Merge(new) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func (m *Machine) applyWireguardInterfaceConfig(ring int, data wireguard.InterfaceConfig) error { |
|
|
|
func (m *Machine) applyWireguardInterfaceConfig(ring rings.RingID, |
|
|
|
|
|
|
|
data wireguard.InterfaceConfig) error { |
|
|
|
|
|
|
|
//
|
|
|
|
ri := &RingInfo{ |
|
|
|
ri := &RingInfo{ |
|
|
|
Ring: ring, |
|
|
|
Ring: MustWireguardInterfaceID(ring), |
|
|
|
Enabled: true, |
|
|
|
Enabled: true, |
|
|
|
Keys: wireguard.KeyPair{ |
|
|
|
Keys: wireguard.KeyPair{ |
|
|
|
PrivateKey: data.PrivateKey, |
|
|
|
PrivateKey: data.PrivateKey, |
|
|
@ -201,7 +220,9 @@ func (m *Machine) applyWireguardInterfaceConfig(ring int, data wireguard.Interfa |
|
|
|
return m.applyRingInfo(ring, ri) |
|
|
|
return m.applyRingInfo(ring, ri) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func (m *Machine) applyWireguardPeerConfig(ring int, pc wireguard.PeerConfig) error { |
|
|
|
func (m *Machine) applyWireguardPeerConfig(ring rings.RingID, |
|
|
|
|
|
|
|
pc wireguard.PeerConfig) error { |
|
|
|
|
|
|
|
//
|
|
|
|
peer, found := m.getPeerByName(pc.Endpoint.Name()) |
|
|
|
peer, found := m.getPeerByName(pc.Endpoint.Name()) |
|
|
|
switch { |
|
|
|
switch { |
|
|
|
case !found: |
|
|
|
case !found: |
|
|
@ -213,7 +234,7 @@ func (m *Machine) applyWireguardPeerConfig(ring int, pc wireguard.PeerConfig) er |
|
|
|
default: |
|
|
|
default: |
|
|
|
// apply RingInfo
|
|
|
|
// apply RingInfo
|
|
|
|
ri := &RingInfo{ |
|
|
|
ri := &RingInfo{ |
|
|
|
Ring: ring, |
|
|
|
Ring: MustWireguardInterfaceID(ring), |
|
|
|
Enabled: true, |
|
|
|
Enabled: true, |
|
|
|
Keys: wireguard.KeyPair{ |
|
|
|
Keys: wireguard.KeyPair{ |
|
|
|
PublicKey: pc.PublicKey, |
|
|
|
PublicKey: pc.PublicKey, |
|
|
@ -224,22 +245,30 @@ func (m *Machine) applyWireguardPeerConfig(ring int, pc wireguard.PeerConfig) er |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func (m *Machine) applyZoneNodeID(zoneID rings.ZoneID, nodeID rings.NodeID) error { |
|
|
|
func (m *Machine) applyZoneNodeID(regionID rings.RegionID, |
|
|
|
|
|
|
|
zoneID rings.ZoneID, nodeID rings.NodeID) error { |
|
|
|
|
|
|
|
//
|
|
|
|
switch { |
|
|
|
switch { |
|
|
|
case zoneID == 0: |
|
|
|
case !regionID.Valid(): |
|
|
|
|
|
|
|
return fmt.Errorf("invalid %s", "regionID") |
|
|
|
|
|
|
|
case !zoneID.Valid(): |
|
|
|
return fmt.Errorf("invalid %s", "zoneID") |
|
|
|
return fmt.Errorf("invalid %s", "zoneID") |
|
|
|
case nodeID == 0: |
|
|
|
case !nodeID.Valid(): |
|
|
|
return fmt.Errorf("invalid %s", "nodeID") |
|
|
|
return fmt.Errorf("invalid %s", "nodeID") |
|
|
|
case m.ID != nodeID: |
|
|
|
case m.ID != nodeID: |
|
|
|
return fmt.Errorf("invalid %s: %v ≠ %v", "zoneID", m.ID, nodeID) |
|
|
|
return fmt.Errorf("invalid %s: %v ≠ %v", "nodeID", m.ID, nodeID) |
|
|
|
case m.zone.ID != 0 && m.zone.ID != zoneID: |
|
|
|
case m.zone.ID != 0 && m.zone.ID != zoneID: |
|
|
|
return fmt.Errorf("invalid %s: %v ≠ %v", "zoneID", m.zone.ID, zoneID) |
|
|
|
return fmt.Errorf("invalid %s: %v ≠ %v", "zoneID", m.zone.ID, zoneID) |
|
|
|
case m.zone.ID == 0: |
|
|
|
case m.Region() != regionID: |
|
|
|
|
|
|
|
return fmt.Errorf("invalid %s: %v ≠ %v", "regionID", m.Region(), regionID) |
|
|
|
|
|
|
|
default: |
|
|
|
|
|
|
|
if m.zone.ID == 0 { |
|
|
|
m.zone.ID = zoneID |
|
|
|
m.zone.ID = zoneID |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
return nil |
|
|
|
return nil |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func (m *Machine) setRingDefaults(ri *RingInfo) error { |
|
|
|
func (m *Machine) setRingDefaults(ri *RingInfo) error { |
|
|
|
if ri.Keys.PrivateKey.IsZero() { |
|
|
|
if ri.Keys.PrivateKey.IsZero() { |
|
|
@ -260,8 +289,13 @@ func (m *Machine) setRingDefaults(ri *RingInfo) error { |
|
|
|
|
|
|
|
|
|
|
|
// RemoveWireguardConfig deletes wgN.conf from the machine's
|
|
|
|
// RemoveWireguardConfig deletes wgN.conf from the machine's
|
|
|
|
// config directory.
|
|
|
|
// config directory.
|
|
|
|
func (m *Machine) RemoveWireguardConfig(ring int) error { |
|
|
|
func (m *Machine) RemoveWireguardConfig(ringID rings.RingID) error { |
|
|
|
err := m.RemoveFile("wg%v.conf", ring) |
|
|
|
ring, err := AsWireguardInterfaceID(ringID) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
return err |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
err = m.RemoveFile(ring.ConfFile()) |
|
|
|
if os.IsNotExist(err) { |
|
|
|
if os.IsNotExist(err) { |
|
|
|
err = nil |
|
|
|
err = nil |
|
|
|
} |
|
|
|
} |
|
|
@ -269,7 +303,12 @@ func (m *Machine) RemoveWireguardConfig(ring int) error { |
|
|
|
return err |
|
|
|
return err |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func (m *Machine) createRingInfo(ring int, enabled bool) (*RingInfo, error) { |
|
|
|
func (m *Machine) createRingInfo(ringID rings.RingID, enabled bool) (*RingInfo, error) { |
|
|
|
|
|
|
|
ring, err := AsWireguardInterfaceID(ringID) |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
return nil, err |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
keys, err := wireguard.NewKeyPair() |
|
|
|
keys, err := wireguard.NewKeyPair() |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
return nil, err |
|
|
|
return nil, err |
|
|
@ -281,7 +320,7 @@ func (m *Machine) createRingInfo(ring int, enabled bool) (*RingInfo, error) { |
|
|
|
Keys: keys, |
|
|
|
Keys: keys, |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
err = m.applyRingInfo(ring, ri) |
|
|
|
err = m.applyRingInfo(ringID, ri) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
return nil, err |
|
|
|
return nil, err |
|
|
|
} |
|
|
|
} |
|
|
|