From e5baf537589eb73a1f6c09fa82da1302cc442923 Mon Sep 17 00:00:00 2001 From: Alejandro Mery Date: Tue, 22 Aug 2023 20:31:23 +0000 Subject: [PATCH] zones: import wireguard keys from wgN.conf files Signed-off-by: Alejandro Mery --- pkg/zones/machine.go | 4 +++ pkg/zones/machine_rings.go | 68 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+) diff --git a/pkg/zones/machine.go b/pkg/zones/machine.go index ce9a8e8..09dd2fa 100644 --- a/pkg/zones/machine.go +++ b/pkg/zones/machine.go @@ -82,3 +82,7 @@ func (m *Machine) getFilename(name string, args ...any) string { return filepath.Join(s...) } + +func (m *Machine) getPeerByName(name string) (*Machine, bool) { + return m.zone.zones.GetMachineByName(name) +} diff --git a/pkg/zones/machine_rings.go b/pkg/zones/machine_rings.go index d871599..eec58a5 100644 --- a/pkg/zones/machine_rings.go +++ b/pkg/zones/machine_rings.go @@ -45,9 +45,77 @@ func (m *Machine) applyWireguardConfig(ring int, wg *wireguard.Config) error { return err } + if err := m.applyWireguardInterfaceConfig(ring, wg.Interface); err != nil { + err = core.Wrapf(err, "%s: wg%v:%s", m.Name, ring, addr) + return err + } + + for _, peer := range wg.Peer { + if err := m.applyWireguardPeerConfig(ring, peer); err != nil { + err = core.Wrapf(err, "%s: wg%v:%s", m.Name, ring, addr) + return err + } + } + return nil } +func (m *Machine) applyRingInfo(ring int, new *RingInfo) error { + var cur *RingInfo + + for _, ri := range m.RingAddresses { + if ri.Ring == ring { + cur = ri + break + } + } + + if cur == nil { + // first, append + m.RingAddresses = append(m.RingAddresses, new) + return nil + } + + // extra, merge + return cur.Merge(new) +} + +func (m *Machine) applyWireguardInterfaceConfig(ring int, data wireguard.InterfaceConfig) error { + ri := &RingInfo{ + Ring: ring, + Enabled: true, + Address: data.Address, + Keys: &wireguard.KeyPair{ + PrivateKey: data.PrivateKey, + }, + } + + return m.applyRingInfo(ring, ri) +} + +func (m *Machine) applyWireguardPeerConfig(ring int, pc wireguard.PeerConfig) error { + peer, found := m.getPeerByName(pc.Endpoint.Name()) + switch { + case !found: + // unknown + case ring == 1 && m.zone != peer.zone: + // invalid zone + default: + // apply RingInfo + ri := &RingInfo{ + Ring: ring, + Enabled: true, + Keys: &wireguard.KeyPair{ + PublicKey: pc.PublicKey, + }, + } + + return peer.applyRingInfo(ring, ri) + } + + return fmt.Errorf("%q: invalid peer endpoint", pc.Endpoint.Host) +} + func (m *Machine) applyZoneNodeID(zoneID, nodeID int) error { switch { case zoneID == 0: