diff --git a/.gitignore b/.gitignore index f9b8bc1..6d3eeb3 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ __pycache__/ password.txt ssh_config_for_clients virsh_backup +.wireguard_keys diff --git a/README.md b/README.md index 8d9c374..3c45d8c 100644 --- a/README.md +++ b/README.md @@ -6,3 +6,6 @@ cd ansible/files/ git clone git@git_atlantis_hub_content.atlantishq.de:FAUSheppy/atlantis-hub-content.git +# Requires + + apt install wireguard diff --git a/wireguard.py b/wireguard.py new file mode 100644 index 0000000..a3ca62c --- /dev/null +++ b/wireguard.py @@ -0,0 +1,56 @@ +import jinja2 +import subprocess +import os + +key_cache_dir = ".wireguard_keys/" + +def generate_wireguard_keypair(hostname): + + # create & sanity check filename & create dir # + assert(hostname.replace(".", "").isalnum()) + filename = os.path.join(key_cache_dir, hostname) + os.makedirs(key_cache_dir, exist_ok=True) + + # return cache if exists # + if os.path.isfile(filename): + with open(filename) as key_file: + return key_file.read().strip("\n").split(" ") + + # otherwise generate private & public key # + private_key = subprocess.check_output(['wg', 'genkey']).strip() + public_key = subprocess.check_output(['wg', 'pubkey'], input=private_key).strip() + + # encode + private_key = private_key.decode('utf-8') + public_key = public_key.decode('utf-8') + + # save in key cache # + with open(filename, "w") as key_file: + key_file.write(private_key) + key_file.write(" ") + key_file.write(public_key) + + return private_key, public_key + + +def dump_config(vm_list): + + vms_sorted_by_ip = sorted(vm_list, key=lambda x: x.ip) + clients = [] + + for vmo in vms_sorted_by_ip: + + private_key, public_key = generate_wireguard_keypair(vmo.hostname) + clients.append({ + "name" : vmo.hostname, + "private_key" : private_key + "public_key" : public_key + }) + + # dump wireguard vars for ansible # + with open("./ansible/vers/wireguard.yaml", "w") as f: + pass + + # dump hypervisor config # + with open("/etc/wireguard/hypervisor.conf") as f: + pass