[vpn/doc] update docs
This commit is contained in:
parent
689375a2fe
commit
cdab685269
4 changed files with 24 additions and 80 deletions
|
@ -1,8 +1,15 @@
|
|||
* Bootstrap / Installation
|
||||
** Pre-requisites by operating system
|
||||
*** General
|
||||
To run uncloud you need:
|
||||
- ldap development libraries
|
||||
- libxml2-dev libxslt-dev
|
||||
- gcc / libc headers: for compiling things
|
||||
- python3-dev
|
||||
- wireguard: wg (for checking keys)
|
||||
*** Alpine
|
||||
#+BEGIN_SRC sh
|
||||
apk add openldap-dev postgresql-dev libxml2-dev libxslt-dev gcc python3-dev musl-dev
|
||||
apk add openldap-dev postgresql-dev libxml2-dev libxslt-dev gcc python3-dev musl-dev wireguard-tools-wg
|
||||
#+END_SRC
|
||||
*** Debian/Devuan:
|
||||
#+BEGIN_SRC sh
|
||||
|
|
|
@ -82,7 +82,7 @@ class WireGuardVPN(models.Model):
|
|||
|
||||
pool_index = models.IntegerField(unique=True)
|
||||
|
||||
wireguard_public_key = models.CharField(max_length=48)
|
||||
wireguard_public_key = models.CharField(max_length=48, unique=True)
|
||||
|
||||
@property
|
||||
def network_mask(self):
|
||||
|
|
|
@ -23,84 +23,21 @@ class WireGuardVPNSerializer(serializers.ModelSerializer):
|
|||
}
|
||||
|
||||
|
||||
# class VPNNetworkSerializer(serializers.ModelSerializer):
|
||||
# class Meta:
|
||||
# model = VPNNetwork
|
||||
# fields = '__all__'
|
||||
def validate_wireguard_public_key(self, value):
|
||||
msg = _("Supplied key is not a valid wireguard public key")
|
||||
|
||||
# # This is required for finding the VPN pool, but does not
|
||||
# # exist in the model
|
||||
# network_size = serializers.IntegerField(min_value=0,
|
||||
# max_value=128,
|
||||
# write_only=True)
|
||||
"""
|
||||
FIXME: verify that this does not create broken wireguard config files,
|
||||
i.e. contains \n or similar!
|
||||
We might even need to be more strict to not break wireguard...
|
||||
"""
|
||||
|
||||
# def validate_wireguard_public_key(self, value):
|
||||
# msg = _("Supplied key is not a valid wireguard public key")
|
||||
try:
|
||||
base64.standard_b64decode(value)
|
||||
except Exception as e:
|
||||
raise serializers.ValidationError(msg)
|
||||
|
||||
# """ FIXME: verify that this does not create broken wireguard config files,
|
||||
# i.e. contains \n or similar!
|
||||
# We might even need to be more strict to not break wireguard...
|
||||
# """
|
||||
if '\n' in value:
|
||||
raise serializers.ValidationError(msg)
|
||||
|
||||
# try:
|
||||
# base64.standard_b64decode(value)
|
||||
# except Exception as e:
|
||||
# raise serializers.ValidationError(msg)
|
||||
|
||||
# if '\n' in value:
|
||||
# raise serializers.ValidationError(msg)
|
||||
|
||||
# return value
|
||||
|
||||
# def validate(self, data):
|
||||
|
||||
# # FIXME: filter for status = active or similar
|
||||
# all_pools = VPNPool.objects.all()
|
||||
# sizes = [ p.subnetwork_size for p in all_pools ]
|
||||
|
||||
# pools = VPNPool.objects.filter(subnetwork_size=data['network_size'])
|
||||
|
||||
# if len(pools) == 0:
|
||||
# msg = _("No pool available for networks with size = {}. Available are: {}".format(data['network_size'], sizes))
|
||||
# raise serializers.ValidationError(msg)
|
||||
|
||||
# return data
|
||||
|
||||
# def create(self, validated_data):
|
||||
# """
|
||||
# Creating a new vpnnetwork - there are a couple of race conditions,
|
||||
# especially when run in parallel.
|
||||
|
||||
# What we should be doing:
|
||||
|
||||
# - create a reservation race free
|
||||
# - map the reservation to a network (?)
|
||||
# """
|
||||
|
||||
# pools = VPNPool.objects.filter(subnetwork_size=validated_data['network_size'])
|
||||
|
||||
# vpn_network = None
|
||||
|
||||
# for pool in pools:
|
||||
# if pool.num_free_networks > 0:
|
||||
# next_address = pool.next_free_network
|
||||
|
||||
# reservation, created = VPNNetworkReservation.objects.update_or_create(
|
||||
# vpnpool=pool, address=next_address,
|
||||
# defaults = {
|
||||
# 'status': 'used'
|
||||
# })
|
||||
|
||||
# vpn_network = VPNNetwork.objects.create(
|
||||
# owner=self.context['request'].user,
|
||||
# network=reservation,
|
||||
# wireguard_public_key=validated_data['wireguard_public_key']
|
||||
# )
|
||||
|
||||
# break
|
||||
# if not vpn_network:
|
||||
# # FIXME: use correct exception
|
||||
# raise Exception("Did not find any free pool")
|
||||
|
||||
|
||||
# return vpn_network
|
||||
return value
|
||||
|
|
|
@ -49,7 +49,7 @@ def cdist_configure_wireguard_server(config, server):
|
|||
|
||||
|
||||
log.debug("git committing wireguard changes")
|
||||
subprocess.run(f"cd {dirname} && git pull && git add {server} && git commit -m 'Updating config for ${server}' && git push",
|
||||
subprocess.run(f"cd {dirname} && git pull && git add {server} && git commit -m 'Updating config for {server}' && git push",
|
||||
shell=True, check=True)
|
||||
|
||||
log.debug(f"Configuring VPN server {server} with cdist")
|
||||
|
|
Loading…
Reference in a new issue