zones: import wireguard keys from wgN.conf files
Signed-off-by: Alejandro Mery <amery@jpi.io>
This commit is contained in:
@@ -82,3 +82,7 @@ func (m *Machine) getFilename(name string, args ...any) string {
|
||||
|
||||
return filepath.Join(s...)
|
||||
}
|
||||
|
||||
func (m *Machine) getPeerByName(name string) (*Machine, bool) {
|
||||
return m.zone.zones.GetMachineByName(name)
|
||||
}
|
||||
|
||||
@@ -45,9 +45,77 @@ func (m *Machine) applyWireguardConfig(ring int, wg *wireguard.Config) error {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := m.applyWireguardInterfaceConfig(ring, wg.Interface); err != nil {
|
||||
err = core.Wrapf(err, "%s: wg%v:%s", m.Name, ring, addr)
|
||||
return err
|
||||
}
|
||||
|
||||
for _, peer := range wg.Peer {
|
||||
if err := m.applyWireguardPeerConfig(ring, peer); err != nil {
|
||||
err = core.Wrapf(err, "%s: wg%v:%s", m.Name, ring, addr)
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (m *Machine) applyRingInfo(ring int, new *RingInfo) error {
|
||||
var cur *RingInfo
|
||||
|
||||
for _, ri := range m.RingAddresses {
|
||||
if ri.Ring == ring {
|
||||
cur = ri
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if cur == nil {
|
||||
// first, append
|
||||
m.RingAddresses = append(m.RingAddresses, new)
|
||||
return nil
|
||||
}
|
||||
|
||||
// extra, merge
|
||||
return cur.Merge(new)
|
||||
}
|
||||
|
||||
func (m *Machine) applyWireguardInterfaceConfig(ring int, data wireguard.InterfaceConfig) error {
|
||||
ri := &RingInfo{
|
||||
Ring: ring,
|
||||
Enabled: true,
|
||||
Address: data.Address,
|
||||
Keys: &wireguard.KeyPair{
|
||||
PrivateKey: data.PrivateKey,
|
||||
},
|
||||
}
|
||||
|
||||
return m.applyRingInfo(ring, ri)
|
||||
}
|
||||
|
||||
func (m *Machine) applyWireguardPeerConfig(ring int, pc wireguard.PeerConfig) error {
|
||||
peer, found := m.getPeerByName(pc.Endpoint.Name())
|
||||
switch {
|
||||
case !found:
|
||||
// unknown
|
||||
case ring == 1 && m.zone != peer.zone:
|
||||
// invalid zone
|
||||
default:
|
||||
// apply RingInfo
|
||||
ri := &RingInfo{
|
||||
Ring: ring,
|
||||
Enabled: true,
|
||||
Keys: &wireguard.KeyPair{
|
||||
PublicKey: pc.PublicKey,
|
||||
},
|
||||
}
|
||||
|
||||
return peer.applyRingInfo(ring, ri)
|
||||
}
|
||||
|
||||
return fmt.Errorf("%q: invalid peer endpoint", pc.Endpoint.Host)
|
||||
}
|
||||
|
||||
func (m *Machine) applyZoneNodeID(zoneID, nodeID int) error {
|
||||
switch {
|
||||
case zoneID == 0:
|
||||
|
||||
Reference in New Issue
Block a user