diff options
| author | Christian Poessinger <christian@poessinger.com> | 2019-09-22 19:13:07 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2019-09-22 19:13:07 +0200 |
| commit | 79a655a12875f5f152abba2d17eb6a1033b59131 (patch) | |
| tree | 5a75960039a0dd81608b5a38351a8c8314cabccf /src/conf_mode/interface-wireguard.py | |
| parent | c4d0b9ed4736911d341efdebf34997e6cee8c5a8 (diff) | |
| parent | 2b9c84594a693c66b949183a25cc32dfcdee72e1 (diff) | |
| download | vyos-1x-79a655a12875f5f152abba2d17eb6a1033b59131.tar.gz vyos-1x-79a655a12875f5f152abba2d17eb6a1033b59131.zip | |
Merge branch 'current' of github.com:vyos/vyos-1x into equuleus
* 'current' of github.com:vyos/vyos-1x: (49 commits)
Jenkins: ease Pipeline
vxlan: T1636: simplyfy code (don't delete intf addresses)
ethernet: T1637: interfaces in a bond can be disabled
ethernet: T1637: fix calling arp_cache_tmo property
ethernet: T1637: do not overwrite interface description with interface name
ethernet: T1637: support offloading functions
Python/ifconfig: T1557: ethernet: add offloading interfaces
Python/ifconfig: T1557: update comments
Python/ifconfig: T1557: delete all assigned IP addresses on remove()
ethernet: T1637: call remove() on interface deletion
Python/ifconfig: T1557: use proper inheritance levels on remove()
ethernet: T1637: remove debug pprint
bridge: T1556: minor comment cleanup
bonding: T1614: minor comment cleanup
Python/ifconfig: T1557: unify '/sys/class/net/{}' path
Python/ifconfig: T1557: vmxnet3/virtio_net do not support changing speed/duplex control
Python/ifconfig: T1557: vmxnet3/virtio_net do not support changing flow control
Python/ifconfig: T1557: query driver if it supports auto negotiation
Python/ifconfig: T1557: call ethtool with full path
Python/ifconfig: T1557: return stdout string for _cmd()
...
Diffstat (limited to 'src/conf_mode/interface-wireguard.py')
| -rwxr-xr-x | src/conf_mode/interface-wireguard.py | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/src/conf_mode/interface-wireguard.py b/src/conf_mode/interface-wireguard.py index d51a7a08d..4ae3251fe 100755 --- a/src/conf_mode/interface-wireguard.py +++ b/src/conf_mode/interface-wireguard.py @@ -26,12 +26,16 @@ from vyos.config import Config from vyos import ConfigError from vyos.ifconfig import WireGuardIf -ifname = str(os.environ['VYOS_TAGNODE_VALUE']) -intfc = WireGuardIf(ifname) +try: + ifname = str(os.environ['VYOS_TAGNODE_VALUE']) + intfc = WireGuardIf(ifname) +except KeyError: + print("Interface not specified") + sys.exit(1) kdir = r'/config/auth/wireguard' -def check_kmod(): +def _check_kmod(): if not os.path.exists('/sys/module/wireguard'): sl.syslog(sl.LOG_NOTICE, "loading wirguard kmod") if os.system('sudo modprobe wireguard') != 0: @@ -39,6 +43,19 @@ def check_kmod(): raise ConfigError("modprobe wireguard failed") +def _migrate_default_keys(): + if os.path.exists('{}/private.key'.format(kdir)) and not os.path.exists('{}/default/private.key'.format(kdir)): + sl.syslog(sl.LOG_NOTICE, "migrate keypair to default") + old_umask = os.umask(0o027) + location = '{}/default'.format(kdir) + subprocess.call(['sudo mkdir -p ' + location], shell=True) + subprocess.call(['sudo chgrp vyattacfg ' + location], shell=True) + subprocess.call(['sudo chmod 750 ' + location], shell=True) + os.rename('{}/private.key'.format(kdir),'{}/private.key'.format(location)) + os.rename('{}/public.key'.format(kdir),'{}/public.key'.format(location)) + os.umask(old_umask) + + def get_config(): c = Config() if not c.exists('interfaces wireguard'): @@ -257,7 +274,8 @@ def apply(c): if __name__ == '__main__': try: - check_kmod() + _check_kmod() + _migrate_default_keys() c = get_config() verify(c) apply(c) |