initial commit of file from CVS for smeserver-wireguard on Sat Sep 7 16:45:37 AEST 2024

2024-09-07 16:45:37 +10:00
parent 224708b82c
commit b7eed5fe86
69 changed files with 9053 additions and 2 deletions
--- a/root/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/70wireguard
+++ b/root/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/70wireguard
@@ -0,0 +1,12 @@
+# wireguard specific configuration
+{
+$wg = $wireguard{status} || 'disabled';
+$wg0 = ${'wg-quick@wg0'}{status} || 'disabled';
+if ($wg0 eq 'enabled') {
+        $OUT .= "enable wg-quick\@wg0.service\n";
+} else {
+        $OUT .= "disable wg-quick\@wg0.service\n";
+}
+
+}
+
--- a/root/etc/e-smith/templates/etc/wireguard/server_private.key/10key
+++ b/root/etc/e-smith/templates/etc/wireguard/server_private.key/10key
@@ -0,0 +1 @@
+{${'wg-quick@wg0'}{private};}
--- a/root/etc/e-smith/templates/etc/wireguard/server_private.key/template-begin
+++ b/root/etc/e-smith/templates/etc/wireguard/server_private.key/template-begin
--- a/root/etc/e-smith/templates/etc/wireguard/server_public.key/10key
+++ b/root/etc/e-smith/templates/etc/wireguard/server_public.key/10key
@@ -0,0 +1,8 @@
+{
+    use esmith::templates;
+    esmith::templates::processTemplate({
+            TEMPLATE_PATH => "/etc/wireguard/server_private.key"
+            });
+    ${'wg-quick@wg0'}{public};
+
+}
--- a/root/etc/e-smith/templates/etc/wireguard/server_public.key/template-begin
+++ b/root/etc/e-smith/templates/etc/wireguard/server_public.key/template-begin
--- a/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface
+++ b/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface
@@ -0,0 +1,10 @@
+[Interface]
+Address = { ${'wg-quick@wg0'}{ip} . '/' . ${'wg-quick@wg0'}{mask}}
+ListenPort = {${'wg-quick@wg0'}{UDPPort} || '51820' }
+PrivateKey = {${'wg-quick@wg0'}{private}}
+
+# this is not needed as we define vpn network as lan in network db 
+# furthermore masquerading postrouting will also mess up with any openvpn-s2s vpn
+#PostUp = iptables -I FORWARD -i %i -j ACCEPT; iptables -I FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {$outernet = ($SystemMode eq "serveronly") ? $InternalInterface{Name} : $ExternalInterface{Name}; return $InternalInterface{Name} } -j MASQUERADE
+#PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {$outernet = ($SystemMode eq "serveronly") ? $InternalInterface{Name} : $ExternalInterface{Name}; return $InternalInterface{Name} } -j MASQUERADE
+
--- a/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers
+++ b/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers
@@ -0,0 +1,36 @@
+{
+use esmith::AccountsDB;
+
+my $wg =  esmith::ConfigDB->open_ro('/home/e-smith/db/wireguard');
+my $accounts = esmith::AccountsDB->open_ro;
+
+# for each user
+my @users = ( $accounts->users );
+push(@users, $accounts->get('admin'));
+for my $user ( @users ) {
+  my $username = $user->key;
+  my $count = 0;
+  for my $cnx ( $wg->get_all_by_prop(user => $username) ) {
+     $count++;
+     my $public = $cnx->prop('public');
+     my $ip = $cnx->key; 
+     my $info = $cnx->prop('info');
+     my $status = $cnx->prop('status') || "enabled";
+     if ( $status eq "disabled" ) {
+	$OUT .= "\n# $username : $info DISABLED (PublicKey = $public ; AllowedIPs = $ip)\n";
+	next;
+     }
+
+     $OUT .= "
+[Peer]
+# $username : $info
+PublicKey = $public
+AllowedIPs = $ip\n";
+
+
+  } 
+  $OUT .= "# no entry for user $username\n" if $count <1;
+}
+
+
+}