Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Wireguard #409

Merged
merged 93 commits into from
Nov 21, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
93 commits
Select commit Hold shift + click to select a range
049649c
Update init.pp
AlexanderMalmstrom Nov 18, 2024
fbd15cc
puppet run order
AlexanderMalmstrom Nov 18, 2024
046c89b
Merge branch 'production' into wireguard
AlexanderMalmstrom Nov 18, 2024
2ae8d6b
Update wireguard.py
AlexanderMalmstrom Nov 18, 2024
d555abe
Merge branch 'wireguard' of https://github.com/dhtech/puppet-modules …
AlexanderMalmstrom Nov 18, 2024
652f1e8
lint fix
AlexanderMalmstrom Nov 18, 2024
c1c6162
lint fix
AlexanderMalmstrom Nov 18, 2024
b46f58a
lint
AlexanderMalmstrom Nov 18, 2024
c07d41b
Update init.pp
AlexanderMalmstrom Nov 18, 2024
41a2a98
Merge branch 'wireguard' of https://github.com/dhtech/puppet-modules …
AlexanderMalmstrom Nov 18, 2024
ba1b75a
Update init.pp
AlexanderMalmstrom Nov 18, 2024
f01c180
Update init.pp
AlexanderMalmstrom Nov 18, 2024
378a30e
Update init.pp
AlexanderMalmstrom Nov 18, 2024
4634e72
Update init.pp
AlexanderMalmstrom Nov 18, 2024
c089b79
Update init.pp
AlexanderMalmstrom Nov 19, 2024
aa56b05
Update init.pp
AlexanderMalmstrom Nov 19, 2024
cb9ae00
Update init.pp
AlexanderMalmstrom Nov 19, 2024
df12e2e
Update init.pp
AlexanderMalmstrom Nov 19, 2024
6e20cc4
Update init.pp
AlexanderMalmstrom Nov 19, 2024
5d970ca
Update init.pp
AlexanderMalmstrom Nov 19, 2024
9c627d3
Update init.pp
AlexanderMalmstrom Nov 19, 2024
b6c7837
Update init.pp
AlexanderMalmstrom Nov 19, 2024
f302d64
Update init.pp
AlexanderMalmstrom Nov 19, 2024
1051a97
Update init.pp
AlexanderMalmstrom Nov 19, 2024
2c085ae
Update init.pp
AlexanderMalmstrom Nov 19, 2024
cbf33d2
Update init.pp
AlexanderMalmstrom Nov 19, 2024
ab4062b
Update init.pp
AlexanderMalmstrom Nov 19, 2024
ff2bbd7
Update init.pp
AlexanderMalmstrom Nov 19, 2024
bff1fb6
Update init.pp
AlexanderMalmstrom Nov 19, 2024
5031ae9
Update init.pp
AlexanderMalmstrom Nov 19, 2024
8a4b208
Update init.pp
AlexanderMalmstrom Nov 19, 2024
48bc01a
Update init.pp
AlexanderMalmstrom Nov 19, 2024
4421e84
Update init.pp
AlexanderMalmstrom Nov 19, 2024
115bc27
Update init.pp
AlexanderMalmstrom Nov 19, 2024
59bc73e
Update init.pp
AlexanderMalmstrom Nov 19, 2024
47d2889
Update init.pp
AlexanderMalmstrom Nov 19, 2024
203bf49
Update init.pp
AlexanderMalmstrom Nov 19, 2024
721c379
Update init.pp
AlexanderMalmstrom Nov 19, 2024
ded8aea
Update init.pp
AlexanderMalmstrom Nov 19, 2024
3ba5cff
Update init.pp
AlexanderMalmstrom Nov 19, 2024
e02635a
Update wg0.conf.erb
AlexanderMalmstrom Nov 19, 2024
f38cf84
client fix
AlexanderMalmstrom Nov 19, 2024
c1617da
Update init.pp
AlexanderMalmstrom Nov 19, 2024
8507aba
Update init.pp
AlexanderMalmstrom Nov 19, 2024
a4c1e89
Update init.pp
AlexanderMalmstrom Nov 19, 2024
b944323
Update init.pp
AlexanderMalmstrom Nov 19, 2024
04d2c82
Update init.pp
AlexanderMalmstrom Nov 19, 2024
5d3ac5a
Update init.pp
AlexanderMalmstrom Nov 19, 2024
4572f9c
Update init.pp
AlexanderMalmstrom Nov 19, 2024
56b9c54
Update init.pp
AlexanderMalmstrom Nov 19, 2024
e3446f9
Update init.pp
AlexanderMalmstrom Nov 19, 2024
533ef6f
Update init.pp
AlexanderMalmstrom Nov 19, 2024
a28be86
Update init.pp
AlexanderMalmstrom Nov 19, 2024
8c4cf92
added metadata.json
AlexanderMalmstrom Nov 19, 2024
39222c0
Update init.pp
AlexanderMalmstrom Nov 19, 2024
086a723
Tunnel IP is no pulled from ipplan
AlexanderMalmstrom Nov 19, 2024
1ae9c43
Update init.pp
AlexanderMalmstrom Nov 19, 2024
3b69857
Update wireguard.py
AlexanderMalmstrom Nov 19, 2024
a914318
Update wireguard.py
AlexanderMalmstrom Nov 19, 2024
d14a2be
Update wireguard.py
AlexanderMalmstrom Nov 19, 2024
344ea3d
Update wireguard.py
AlexanderMalmstrom Nov 19, 2024
6b2c477
Update wireguard.py
AlexanderMalmstrom Nov 19, 2024
3c82fa5
Update wireguard.py
AlexanderMalmstrom Nov 19, 2024
b33e2d4
Update wireguard.py
AlexanderMalmstrom Nov 19, 2024
6679093
Update init.pp
AlexanderMalmstrom Nov 19, 2024
a8456c3
Update init.pp
AlexanderMalmstrom Nov 19, 2024
0ed1978
Update init.pp
AlexanderMalmstrom Nov 19, 2024
ab8d2c3
Update init.pp
AlexanderMalmstrom Nov 19, 2024
85c93a6
Update init.pp
AlexanderMalmstrom Nov 20, 2024
bcfddb5
Update wireguard.py
AlexanderMalmstrom Nov 20, 2024
fde968d
Update metadata.json
AlexanderMalmstrom Nov 20, 2024
5fd7e1c
Update wireguard.py
AlexanderMalmstrom Nov 20, 2024
74ed8f1
Update init.pp
AlexanderMalmstrom Nov 20, 2024
247d2c0
Update init.pp
AlexanderMalmstrom Nov 20, 2024
003382e
remove trailing spaces
AlexanderMalmstrom Nov 20, 2024
f18b3c8
Removed empty rows, and some non working checking
AlexanderMalmstrom Nov 20, 2024
31d2ca1
Changed to use puppets built in "creates", instead of ls. Also added …
AlexanderMalmstrom Nov 20, 2024
eec234f
lint fix
AlexanderMalmstrom Nov 20, 2024
bbf07ec
Update init.pp
AlexanderMalmstrom Nov 20, 2024
cfc3eb7
Update wireguard.py
AlexanderMalmstrom Nov 20, 2024
c6bc01a
Update wireguard.py
AlexanderMalmstrom Nov 20, 2024
555e9aa
trailing whitespace
AlexanderMalmstrom Nov 20, 2024
40a2b15
Update wireguard.py
AlexanderMalmstrom Nov 20, 2024
05a7e39
Update init.pp
AlexanderMalmstrom Nov 20, 2024
d4b6dd8
Update init.pp
AlexanderMalmstrom Nov 20, 2024
8914d11
Update init.pp
AlexanderMalmstrom Nov 20, 2024
ed9f307
Update init.pp
AlexanderMalmstrom Nov 20, 2024
3214857
Update init.pp
AlexanderMalmstrom Nov 20, 2024
9cdaa2f
Update init.pp
AlexanderMalmstrom Nov 20, 2024
9ae8984
Update init.pp
AlexanderMalmstrom Nov 20, 2024
c77b1df
Update wireguard.py
AlexanderMalmstrom Nov 20, 2024
801953f
Changed dir
AlexanderMalmstrom Nov 20, 2024
5b7adc9
Update wireguard.py
AlexanderMalmstrom Nov 20, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 36 additions & 4 deletions modules/wireguard.py
Original file line number Diff line number Diff line change
@@ -1,16 +1,48 @@
# Copyright 2024 dhtech
#
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file

import lib
import sqlite3
import os
import ipcalc

DB_FILE = '/etc/ipplan.db'

def generate(host, *args):

# Get current event, used to get up-to-date switch conf
netmask, gatewayip = None, None
info = {}

# Get current event
current_event = lib.get_current_event()

if os.path.isfile(DB_FILE):
try:
conn = sqlite3.connect(DB_FILE)
db = conn.cursor()
except sqlite3.Error:
info['current_event'] = current_event
info['tunnelip'] = tunnelip
return {'wireguard': info}
else:
info['current_event'] = current_event
info['tunnelip'] = tunnelip
return {'wireguard': info}

db.execute('SELECT ipv4_netmask_dec, ipv4_gateway_txt FROM network WHERE short_name = "TECH-WIREGUARD-VPN";')
res = db.fetchone()
conn.close()

if res:
netmask, gatewayip = res
tunnelip = ipcalc.IP(gatewayip) + 4
tunnelip = str(tunnelip) + '/' + str(netmask)
else:
netmask, gatewayip = None, None

info = {}
info['current_event'] = current_event
info['tunnelip'] = tunnelip
return {'wireguard': info}

# vim: ts=4: sts=4: sw=4: expandtab
# vim: ts=4: sts=4: sw=4: expandtab
104 changes: 67 additions & 37 deletions modules/wireguard/manifests/init.pp
Original file line number Diff line number Diff line change
@@ -1,68 +1,98 @@
class wireguard($current_event) {
class wireguard($current_event, $tunnelip) {
#Pull down FW rules from SVN
if ($current_event =~ String[1]) {
file { '/etc/iptables/rules.v4':
ensure => file,
source => "puppet:///svn/${current_event}/services/wireguard/rules.v4",
}
}

#Apply FW rules
exec { 'fw-rules':
command => '/usr/sbin/iptables-restore /etc/iptables/rules.v4',
require => File['/etc/iptables/rules.v4'],
}

# Execute 'apt-get update'
exec { 'apt-update': # exec resource named 'apt-update'
command => '/usr/bin/apt-get update' # command this resource will run
exec { 'apt-update':
command => '/usr/bin/apt-get update',
}

# Install wireguard package
package { 'wireguard':
ensure => installed,
require => Exec['apt-update'], # require 'apt-update' before installing
require => Exec['apt-update'],
}

# Create wireguard interface
exec { 'create':
#Create wireguard dir
file{ '/etc/wireguard':
ensure => directory,
mode => '0600',
require => Package['wireguard'],
command => '/usr/bin/ip link add dev wg0 type wireguard',
unless => '/usr/bin/ip link show wg0'
}

# Enable IPv4 Forwardning
exec { 'enable-forward':
command => '/usr/sbin/sysctl -w net.ipv4.ip_forward=1',
unless => '/usr/sbin/sysctl net.ipv4.ip_forward | grep 0',
require => File['/etc/wireguard'],
}

# Create wireguard privkey
exec { 'create-privkey':
command => '/usr/bin/wg pubkey < /etc/wireguard/privkey > /etc/wireguard/pubkey',
unless => '/usr/bin/ls /etc/wireguard/privkey'
require => Exec['create'],
command => '/usr/bin/wg genkey > /etc/wireguard/privkey',
creates => '/etc/wireguard/privkey',
require => Exec['enable-forward'],
}

# Create wireguard pubkey
exec { 'create-pubkey':
command => '/usr/bin/wg genkey > /etc/wireguard/privkey',
unless => '/usr/bin/ls /etc/wireguard/privkey'
command => '/usr/bin/wg pubkey < /etc/wireguard/privkey > /etc/wireguard/pubkey',
creates => '/etc/wireguard/pubkey',
require => Exec['create-privkey'],
}


exec { 'add-key':
command => '/usr/bin/wg set wg0 listen-port 51820 private-key /etc/wireguard/privkey',
# Create wireguard interface
exec { 'create-interface':
require => Exec['create-pubkey'],
command => '/usr/bin/ip link add dev wg0 type wireguard',
unless => '/usr/bin/ip link show wg0'
}

#Pull the tunnel up
exec { 'link-up':
require => Exec['create-interface'],
command => '/usr/bin/ip link set up dev wg0',
unless => '/usr/bin/ip link show wg0 | grep UP'
}

# Set wireguard interface IP
exec { 'set-IP':
require => Exec['add-key'],
command => '/usr/bin/ip address add dev wg0 77.80.229.133/25',
unless => '/usr/bin/ip addr show wg0 | grep 77.80.229.133/25'
if ($tunnelip =~ String[1]) {
#Set tunnel IP
exec { 'set-IP':
require => Exec['link-up'],
command => "/usr/bin/ip address add dev wg0 ${tunnelip}",
unless => "/usr/bin/ip addr show wg0 | grep ${tunnelip}"
}
}

file { '/etc/wireguard/yaml':
ensure => directory,
#Set port and privkey
exec { 'add-key':
command => '/usr/bin/wg set wg0 listen-port 51820 private-key /etc/wireguard/privkey',
require => Exec['set-IP'],
recurse => remote,
source => 'puppet:///svn/$::{current_event}/services/wireguard',
}

unless => '/usr/bin/wg | grep 51820'
}

# Build the wg0 config file will all clients from previous step
file { 'setConf':
#Pull down clients
file { '/etc/wireguard/wg0.conf':
ensure => file,
path => '/etc/wireguard/wg0.conf',
notify => Exec[syncConf],
content => template('wireguard/wg0.conf.erb'),
require => file['/etc/wireguard/yaml'], # require that yaml file exists before trying to use it....
require => Exec['set-IP'],
recurse => remote,
source => "puppet:///svn/${current_event}/services/wireguard/clients.txt",
}

# Sync changes towards the wg0 interface
#Append config file to tunnel config
exec { 'syncConf':
require => file['setConf'],
command => '/usr/bin/wg syncconf wg0 /etc/wireguard/wg0.conf',
require => File['/etc/wireguard/wg0.conf'],
command => '/usr/bin/wg addconf wg0 /etc/wireguard/wg0.conf',
}
}
}
13 changes: 13 additions & 0 deletions modules/wireguard/metadata.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{
"name": "dhtech-WireGuard",
"version": "0.1.0",
"author": "dhtech",
"summary": "WireGuard serever setup",
"license": "Apache 2.0",
"source": "",
"project_page": null,
"issues_url": null,
"dependencies": [
{"name":"puppetlabs/stdlib","version_requirement":">= 1.0.0"}
]
}
10 changes: 0 additions & 10 deletions modules/wireguard/templates/wg0.conf.erb

This file was deleted.