diff options
author | Simon Garrelou <simon@sixfoisneuf.fr> | 2023-04-28 12:18:46 +0200 |
---|---|---|
committer | Simon Garrelou <simon@sixfoisneuf.fr> | 2023-04-28 12:18:46 +0200 |
commit | b3380324c466e01f71749416e97da9b76025008b (patch) | |
tree | 91686c4bc12f7f1ca2a6ebdb24108825535021fe | |
parent | cf7ef1afee44691a13fb3636ca79e59f3309d75f (diff) | |
download | wgmgr-b3380324c466e01f71749416e97da9b76025008b.tar.gz wgmgr-b3380324c466e01f71749416e97da9b76025008b.zip |
Add server public key to config
-rw-r--r-- | src/main.rs | 5 | ||||
-rw-r--r-- | src/wg/config.rs | 48 | ||||
-rw-r--r-- | src/wg/peer.rs | 6 |
3 files changed, 36 insertions, 23 deletions
diff --git a/src/main.rs b/src/main.rs index 25ef860..a0e38ca 100644 --- a/src/main.rs +++ b/src/main.rs | |||
@@ -100,7 +100,10 @@ fn main() { | |||
100 | None => false | 100 | None => false |
101 | }; | 101 | }; |
102 | 102 | ||
103 | do_config(&conf, peer_name.to_string(), is_full).unwrap(); | 103 | if let Err(e) = do_config(&conf, peer_name.to_string(), is_full) { |
104 | eprintln!("Error generating configuration for {}: {}", peer_name.to_string(), e); | ||
105 | exit(1); | ||
106 | } | ||
104 | }, | 107 | }, |
105 | None => {} | 108 | None => {} |
106 | } | 109 | } |
diff --git a/src/wg/config.rs b/src/wg/config.rs index 2dac6a8..4e8c205 100644 --- a/src/wg/config.rs +++ b/src/wg/config.rs | |||
@@ -1,8 +1,10 @@ | |||
1 | use std::str::FromStr; | 1 | use std::str::FromStr; |
2 | use std::{net::Ipv4Addr, fs}; | 2 | use std::{net::Ipv4Addr, fs}; |
3 | use std::fmt::Write; | 3 | use std::fmt::Write; |
4 | use std::process::{Command, Stdio}; | ||
5 | use std::io::Write as ioWrite; | ||
4 | 6 | ||
5 | use anyhow::{Result, anyhow}; | 7 | use anyhow::{Result, anyhow, Context}; |
6 | use ipnetwork::Ipv4Network; | 8 | use ipnetwork::Ipv4Network; |
7 | 9 | ||
8 | use crate::wg::peer::Peer; | 10 | use crate::wg::peer::Peer; |
@@ -13,8 +15,7 @@ pub struct WireguardConfig { | |||
13 | listen_port: u32, | 15 | listen_port: u32, |
14 | pub network: Ipv4Network, | 16 | pub network: Ipv4Network, |
15 | pub peers: Vec<Peer>, | 17 | pub peers: Vec<Peer>, |
16 | pre_ups: Vec<String>, | 18 | other_lines: Vec<String>, |
17 | post_downs: Vec<String> | ||
18 | } | 19 | } |
19 | 20 | ||
20 | 21 | ||
@@ -28,8 +29,7 @@ impl WireguardConfig { | |||
28 | listen_port: 0, | 29 | listen_port: 0, |
29 | network: Ipv4Network::from_str("0.0.0.0/0")?, | 30 | network: Ipv4Network::from_str("0.0.0.0/0")?, |
30 | peers: vec![], | 31 | peers: vec![], |
31 | pre_ups: vec![], | 32 | other_lines: vec![], |
32 | post_downs: vec![] | ||
33 | }; | 33 | }; |
34 | let mut current_peer = Peer { | 34 | let mut current_peer = Peer { |
35 | ip: Ipv4Addr::UNSPECIFIED, | 35 | ip: Ipv4Addr::UNSPECIFIED, |
@@ -81,13 +81,8 @@ impl WireguardConfig { | |||
81 | let addr = config_value(line)?; | 81 | let addr = config_value(line)?; |
82 | conf.network = Ipv4Network::from_str(addr)?; | 82 | conf.network = Ipv4Network::from_str(addr)?; |
83 | } | 83 | } |
84 | else if line.starts_with("PreUp") { | 84 | else { |
85 | let pre_up = String::from(config_value(line)?); | 85 | conf.other_lines.push(String::from(line)); |
86 | conf.pre_ups.push(pre_up); | ||
87 | } | ||
88 | else if line.starts_with("PostDown") { | ||
89 | let post_down = String::from(config_value(line)?); | ||
90 | conf.post_downs.push(post_down); | ||
91 | } | 86 | } |
92 | } | 87 | } |
93 | 88 | ||
@@ -159,12 +154,8 @@ impl WireguardConfig { | |||
159 | 154 | ||
160 | writeln!(res, "Address = {}", self.network)?; | 155 | writeln!(res, "Address = {}", self.network)?; |
161 | 156 | ||
162 | for pre_up in self.pre_ups.iter() { | 157 | for line in self.other_lines.iter() { |
163 | writeln!(res, "PreUp = {}", pre_up)?; | 158 | writeln!(res, "{}", line)?; |
164 | } | ||
165 | |||
166 | for post_down in self.post_downs.iter() { | ||
167 | writeln!(res, "PostDown = {}", post_down)?; | ||
168 | } | 159 | } |
169 | 160 | ||
170 | writeln!(res, "")?; | 161 | writeln!(res, "")?; |
@@ -180,6 +171,27 @@ impl WireguardConfig { | |||
180 | 171 | ||
181 | Ok(res) | 172 | Ok(res) |
182 | } | 173 | } |
174 | |||
175 | pub fn public_key(&self) -> Result<String> { | ||
176 | let mut wg = Command::new("wg") | ||
177 | .arg("pubkey") | ||
178 | .stdin(Stdio::piped()) | ||
179 | .stdout(Stdio::piped()) | ||
180 | .spawn() | ||
181 | .context("could not start 'wg pubkey'")?; | ||
182 | |||
183 | let pk = self.private_key.clone(); | ||
184 | let mut stdin = wg.stdin.take().context("could not open stdin")?; | ||
185 | std::thread::spawn(move || { | ||
186 | stdin.write_all(pk.as_bytes()).unwrap(); | ||
187 | }); | ||
188 | |||
189 | let public = wg.wait_with_output()?; | ||
190 | let public = String::from_utf8(public.stdout)?; | ||
191 | let public = String::from(public.trim()); | ||
192 | |||
193 | Ok(public) | ||
194 | } | ||
183 | } | 195 | } |
184 | 196 | ||
185 | 197 | ||
diff --git a/src/wg/peer.rs b/src/wg/peer.rs index 1f9a173..1d2002f 100644 --- a/src/wg/peer.rs +++ b/src/wg/peer.rs | |||
@@ -1,5 +1,4 @@ | |||
1 | use std::net::Ipv4Addr; | 1 | use std::net::Ipv4Addr; |
2 | use std::env::join_paths; | ||
3 | use std::fs::{read_to_string, self, File}; | 2 | use std::fs::{read_to_string, self, File}; |
4 | use std::fmt::Write; | 3 | use std::fmt::Write; |
5 | use std::path::{Path}; | 4 | use std::path::{Path}; |
@@ -84,8 +83,7 @@ impl Peer { | |||
84 | } | 83 | } |
85 | 84 | ||
86 | pub fn private_key(&self) -> Result<String> { | 85 | pub fn private_key(&self) -> Result<String> { |
87 | let pk_folder = self.private_key_folder()?; | 86 | let pk_path = self.private_key_path()?; |
88 | let pk_path = join_paths(&[pk_folder, self.name.clone()])?; | ||
89 | let pk = read_to_string(pk_path)?; | 87 | let pk = read_to_string(pk_path)?; |
90 | 88 | ||
91 | Ok(pk) | 89 | Ok(pk) |
@@ -100,7 +98,7 @@ impl Peer { | |||
100 | writeln!(res, "DNS = TODO\n")?; | 98 | writeln!(res, "DNS = TODO\n")?; |
101 | 99 | ||
102 | writeln!(res, "[Peer]")?; | 100 | writeln!(res, "[Peer]")?; |
103 | writeln!(res, "PublicKey = TODO")?; | 101 | writeln!(res, "PublicKey = {}", conf.public_key().context("error getting server public key")?)?; |
104 | 102 | ||
105 | let allowed_ips = match is_full { | 103 | let allowed_ips = match is_full { |
106 | true => String::from("0.0.0.0/0"), | 104 | true => String::from("0.0.0.0/0"), |