wip: wireguard server extender

2025-12-06 05:41:35 +01:00 · 2025-05-10 12:46:50 +02:00
parent 9634f35a1e
commit cd76f3fe6b
2 changed files with 266 additions and 0 deletions
--- a/helper_scripts/wireguard-config-helper.py
+++ b/helper_scripts/wireguard-config-helper.py
@@ -0,0 +1,107 @@
+import subprocess
+import json
+import os
+from pathlib import Path
+import configparser
+import ipaddress
+
+LINK_BASE = f"10.0.{len(EXISTING_HOSTS)+10}.1/32"
+LINK_BASE_PEER = f"10.0.{len(EXISTING_HOSTS)+10}.2/32"
+PORT_BASE = 51820 + len(EXISTING_HOSTS)
+
+MASTER_CONFIG = """[Interface]
+PrivateKey = {local_private}
+Address = {local_address}
+
+[Peer]
+Endpoint = {peer_endpoint}
+PublicKey = {peer_public}
+AllowedIPs = {", ".join(peer_allowed_ips)}
+"""
+
+PEER_CONFIG = f"""[Interface]
+PrivateKey = {peer_private}
+Address = {peer_address}
+
+[Peer]
+PublicKey = {local_public}
+AllowedIPs = {", ".join(peer_allowed_ips)}
+"""
+
+def create_wireguard_config_pair(
+    new_host: str,
+    old_host: str,
+    new_host_allowed_ips: list[str],
+    old_host_allowed_ips,
+    old_host_public_key,
+    old_host_private_key,
+    output_dir: str = "./tmp"
+):
+
+    # Validate input subnet
+    try:
+        ipaddress.IPv4Interface(local_address)
+    except ValueError as e:
+        raise ValueError(f"Invalid IP address: {local_address}") from e
+
+    Path(output_dir).mkdir(parents=True, exist_ok=True)
+
+    # Generate key pairs
+    local_private, local_public = generate_keypair()
+    peer_private, peer_public = generate_keypair()
+
+    new_host = MASTER_CONFIG.format(
+        local_private = local_private,
+        local_address = LINK_BASE,
+        local_public = local_public,
+        peer_endpoint = old_host,
+        peer_public = old_host_public_key,
+        peer_allowed_ips = [LINK_BASE_PEER, old_host_allowed_ips],
+
+    )
+    old_host = PEER_CONFIG.format(
+        peer_private = old_host_private_key,
+        peer_address = LINK_BASE_PEER,
+        local_public= local_public,
+        peer_allowed_ips = [LINK_BASE, new_host_subnet]
+    )
+
+    old_host_file = Path(output_dir) / f"{new_host}_local.conf"
+    new_host_file = Path(output_dir) / f"{new_host}_peer.conf"
+
+    new_host_file.write_text(new_host)
+    old_host_file.write_text(old_host)
+
+    return str(local_file), str(peer_file)
+
+def generate_wireguard_keys():
+
+    private_key = subprocess.check_output(["wg", "genkey"]).strip()
+    public_key = subprocess.check_output(["wg", "pubkey"], input=private_key).strip()
+
+    return private_key.decode(), public_key.decode()
+
+if __name__ == "__main__":
+
+    parser = argparse.ArgumentParser(description="WireGuard utility script")
+    
+    parser.add_argument("--new-host", help="Hostname or IP of the new host")
+    parser.add_argument("--new-host-subnet", type=ipaddress.IPv4Network, help="Subnet of new host")
+    parser.add_argument("--write", action=argparse.BooleanOptionalAction, default=False)
+    parser.add_argument("--allow-overwrite", action=argparse.BooleanOptionalAction, default=False)
+
+    args = parser.parse_args()
+
+    configs = {}
+
+    for host in EXISTING_HOSTS:
+        fetch_conf_files(host)
+        configs |= load_all_confs(host)
+
+    # output current state #
+    print(json.dumps(configs, indent=2))
+
+    if args.new_host and args.new_host_subnet:
+
+        # TODO get keys from old host
+        create_wireguard_config_pair(LINK_BASE, new_host) #TODO