[vpn/doc] update docs

2020-12-20 19:37:12 +01:00 · 2020-12-20 19:37:12 +01:00 · cdab685269
commit cdab685269
parent 689375a2fe
4 changed files with 24 additions and 80 deletions
--- a/doc/uncloud-manual-2020-08-01.org
+++ b/doc/uncloud-manual-2020-08-01.org
@ -1,8 +1,15 @@
 * Bootstrap / Installation
 ** Pre-requisites by operating system
+*** General
+    To run uncloud you need:
+    - ldap development libraries
+    - libxml2-dev libxslt-dev
+    - gcc / libc headers: for compiling things
+    - python3-dev
+    - wireguard: wg (for checking keys)
 *** Alpine
    #+BEGIN_SRC sh
-apk add openldap-dev postgresql-dev libxml2-dev libxslt-dev gcc python3-dev musl-dev
+apk add openldap-dev postgresql-dev libxml2-dev libxslt-dev gcc python3-dev musl-dev wireguard-tools-wg
 #+END_SRC
 *** Debian/Devuan:
    #+BEGIN_SRC sh
--- a/uncloud_net/models.py
+++ b/uncloud_net/models.py
@ -82,7 +82,7 @@ class WireGuardVPN(models.Model):

    pool_index = models.IntegerField(unique=True)

-    wireguard_public_key = models.CharField(max_length=48)
+    wireguard_public_key = models.CharField(max_length=48, unique=True)

    @property
    def network_mask(self):
--- a/uncloud_net/serializers.py
+++ b/uncloud_net/serializers.py
@ -23,84 +23,21 @@ class WireGuardVPNSerializer(serializers.ModelSerializer):
        }


-# class VPNNetworkSerializer(serializers.ModelSerializer):
-#     class Meta:
-#         model = VPNNetwork
-#         fields = '__all__'
+    def validate_wireguard_public_key(self, value):
+        msg = _("Supplied key is not a valid wireguard public key")

-#     # This is required for finding the VPN pool, but does not
-#     # exist in the model
-#     network_size = serializers.IntegerField(min_value=0,
-#                                             max_value=128,
-#                                             write_only=True)
+        """
+        FIXME: verify that this does not create broken wireguard config files,
+        i.e. contains \n or similar!
+        We might even need to be more strict to not break wireguard...
+        """

-#     def validate_wireguard_public_key(self, value):
-#         msg = _("Supplied key is not a valid wireguard public key")
+        try:
+            base64.standard_b64decode(value)
+        except Exception as e:
+            raise serializers.ValidationError(msg)

-#         """ FIXME: verify that this does not create broken wireguard config files,
-#         i.e. contains \n or similar!
-#         We might even need to be more strict to not break wireguard...
-#         """
+        if '\n' in value:
+            raise serializers.ValidationError(msg)

-#         try:
-#             base64.standard_b64decode(value)
-#         except Exception as e:
-#             raise serializers.ValidationError(msg)
-
-#         if '\n' in value:
-#             raise serializers.ValidationError(msg)
-
-#         return value
-
-#     def validate(self, data):
-
-#         # FIXME: filter for status = active or similar
-#         all_pools = VPNPool.objects.all()
-#         sizes = [ p.subnetwork_size for p in all_pools ]
-
-#         pools = VPNPool.objects.filter(subnetwork_size=data['network_size'])
-
-#         if len(pools) == 0:
-#             msg = _("No pool available for networks with size = {}. Available are: {}".format(data['network_size'], sizes))
-#             raise serializers.ValidationError(msg)
-
-#         return data
-
-#     def create(self, validated_data):
-#         """
-#         Creating a new vpnnetwork - there are a couple of race conditions,
-#         especially when run in parallel.
-
-#         What we should be doing:
-
-#         - create a reservation race free
-#         - map the reservation to a network (?)
-#         """
-
-#         pools = VPNPool.objects.filter(subnetwork_size=validated_data['network_size'])
-
-#         vpn_network = None
-
-#         for pool in pools:
-#             if pool.num_free_networks > 0:
-#                 next_address = pool.next_free_network
-
-#                 reservation, created = VPNNetworkReservation.objects.update_or_create(
-#                     vpnpool=pool, address=next_address,
-#                     defaults = {
-#                         'status': 'used'
-#                     })
-
-#                 vpn_network = VPNNetwork.objects.create(
-#                     owner=self.context['request'].user,
-#                     network=reservation,
-#                     wireguard_public_key=validated_data['wireguard_public_key']
-#                 )
-
-#                 break
-#         if not vpn_network:
-#             # FIXME: use correct exception
-#             raise Exception("Did not find any free pool")
-
-
-#         return vpn_network
+        return value
--- a/uncloud_net/tasks.py
+++ b/uncloud_net/tasks.py
@ -49,7 +49,7 @@ def cdist_configure_wireguard_server(config, server):


    log.debug("git committing wireguard changes")
-    subprocess.run(f"cd {dirname} && git pull && git add {server} && git commit -m 'Updating config for ${server}' && git push",
+    subprocess.run(f"cd {dirname} && git pull && git add {server} && git commit -m 'Updating config for {server}' && git push",
                   shell=True, check=True)

    log.debug(f"Configuring VPN server {server} with cdist")