smeserver-wireguard/root/etc/e-smith/events/actions/wireguard-network

#!/usr/bin/perl -w

package esmith;

use strict;
use Errno;
use esmith::ConfigDB;
use esmith::AccountsDB;
use NetAddr::IP;
use Net::Netmask;
use NetAddr::IP;

my $conf = esmith::ConfigDB->open;
my $netdb = esmith::ConfigDB->open('networks');
my $accounts = esmith::AccountsDB->open;
esmith::ConfigDB->create('/home/e-smith/db/wireguard') unless (-f '/home/e-smith/db/wireguard');
my $wg = esmith::ConfigDB->open('/home/e-smith/db/wireguard')  or die 'wireguard db missing';
my $wg0 = $conf->get('wg-quick@wg0');
my $wgip = $wg0->prop('ip') or die 'wireguard IP not configured';
my $wgmask = $wg0->prop('mask') or die 'wireguard network mask not configured';
#wg-quick@wg0=service
#    ip=172.16.0.1
#    mask=22
my $block = Net::Netmask->new("$wgip/$wgmask", shortnet => 1);
my $ip = $block->base;
my $mask = $block->mask;

#count clients
my @client = $wg->get_all_by_prop(type=>"wg0");
my $clients = scalar @client;

#check is_rfc1918
#if yes proceed
my $skipme = 0;
my $rfc=NetAddr::IP->new($wgip,$wgmask);
unless ( $rfc->is_rfc1918()  ) {
	if ($clients == 0 ) {
		#if not and no clients make it compliant 172.16.0.1/22 as default
		my $minimum=16;
		my $maximum=32;
		my $x = $minimum + int(rand($maximum - $minimum));
		warn("$wgip/$wgmask is not considered as a LAN addressing, set default to 172.$x.0.1/22");
		$wgip="172.$x.0.1";$wgmask="22";
		$wg0->set_prop('ip',$wgip); $wg0->set_prop('mask',$wgmask);
		$block = Net::Netmask->new("$wgip/$wgmask", shortnet => 1);
		$ip = $block->base;
		$mask = $block->mask;
	}
	else {
		#if not and clients configured, disable service delete network
		warn("$wgip/$wgmask is not considered as a LAN addressing, adding this network to SME trusted network could allow email relaying. Disabling service.");
		warn("Please remove configured client and start your configuration from scratch");
		$wg0->set_prop('status','disabled');
		$skipme=1; $ip="nop";
	}
}

#if yes proceed
#if not and no clients make it compliant 172.16.0.1/22 as default
#if not and clients configured, disable service delete network

#First delete any already there.
my @wg = $netdb->get_all_by_prop(Wireguard=>"wg0");
foreach my $netwg (@wg) {
	next if ($netwg->key eq $ip and $netwg->prop('Mask') eq $mask);
	print "delete " . $netwg->key;
	$netwg->delete();
}
# and then create one from the wireguard server ip
my $iswg=$netdb->get($ip);
unless ($iswg or $skipme == 1) {
  $netdb->new_record("$ip",{	type => "network", 
				Mask => "$mask",
				Wireguard => "wg0",
			});
  system("/sbin/e-smith/signal-event network-create $ip");
  print "creating $ip network with $mask for $wgip/$wgmask";
  exit;
}
initial commit of file from CVS for smeserver-wireguard on Sat Sep 7 16:45:37 AEST 2024 2024-09-07 08:45:37 +02:00			`#!/usr/bin/perl -w`

			`package esmith;`

			`use strict;`
			`use Errno;`
			`use esmith::ConfigDB;`
			`use esmith::AccountsDB;`
			`use NetAddr::IP;`
			`use Net::Netmask;`
			`use NetAddr::IP;`

			`my $conf = esmith::ConfigDB->open;`
			`my $netdb = esmith::ConfigDB->open('networks');`
			`my $accounts = esmith::AccountsDB->open;`
			`esmith::ConfigDB->create('/home/e-smith/db/wireguard') unless (-f '/home/e-smith/db/wireguard');`
			`my $wg = esmith::ConfigDB->open('/home/e-smith/db/wireguard') or die 'wireguard db missing';`
			`my $wg0 = $conf->get('wg-quick@wg0');`
			`my $wgip = $wg0->prop('ip') or die 'wireguard IP not configured';`
			`my $wgmask = $wg0->prop('mask') or die 'wireguard network mask not configured';`
			`#wg-quick@wg0=service`
			`# ip=172.16.0.1`
			`# mask=22`
			`my $block = Net::Netmask->new("$wgip/$wgmask", shortnet => 1);`
			`my $ip = $block->base;`
			`my $mask = $block->mask;`

			`#count clients`
			`my @client = $wg->get_all_by_prop(type=>"wg0");`
			`my $clients = scalar @client;`

			`#check is_rfc1918`
			`#if yes proceed`
			`my $skipme = 0;`
			`my $rfc=NetAddr::IP->new($wgip,$wgmask);`
			`unless ( $rfc->is_rfc1918() ) {`
			`if ($clients == 0 ) {`
			`#if not and no clients make it compliant 172.16.0.1/22 as default`
			`my $minimum=16;`
			`my $maximum=32;`
			`my $x = $minimum + int(rand($maximum - $minimum));`
			`warn("$wgip/$wgmask is not considered as a LAN addressing, set default to 172.$x.0.1/22");`
			`$wgip="172.$x.0.1";$wgmask="22";`
			`$wg0->set_prop('ip',$wgip); $wg0->set_prop('mask',$wgmask);`
			`$block = Net::Netmask->new("$wgip/$wgmask", shortnet => 1);`
			`$ip = $block->base;`
			`$mask = $block->mask;`
			`}`
			`else {`
			`#if not and clients configured, disable service delete network`
			`warn("$wgip/$wgmask is not considered as a LAN addressing, adding this network to SME trusted network could allow email relaying. Disabling service.");`
			`warn("Please remove configured client and start your configuration from scratch");`
			`$wg0->set_prop('status','disabled');`
			`$skipme=1; $ip="nop";`
			`}`
			`}`

			`#if yes proceed`
			`#if not and no clients make it compliant 172.16.0.1/22 as default`
			`#if not and clients configured, disable service delete network`

			`#First delete any already there.`
			`my @wg = $netdb->get_all_by_prop(Wireguard=>"wg0");`
			`foreach my $netwg (@wg) {`
			`next if ($netwg->key eq $ip and $netwg->prop('Mask') eq $mask);`
			`print "delete " . $netwg->key;`
			`$netwg->delete();`
			`}`
			`# and then create one from the wireguard server ip`
			`my $iswg=$netdb->get($ip);`
			`unless ($iswg or $skipme == 1) {`
			`$netdb->new_record("$ip",{ type => "network",`
			`Mask => "$mask",`
			`Wireguard => "wg0",`
			`});`
			`system("/sbin/e-smith/signal-event network-create $ip");`
			`print "creating $ip network with $mask for $wgip/$wgmask";`
			`exit;`
			`}`