forked from uncloud/uncloud
[vpn/doc] update docs
This commit is contained in:
parent
689375a2fe
commit
cdab685269
4 changed files with 24 additions and 80 deletions
|
@ -1,8 +1,15 @@
|
||||||
* Bootstrap / Installation
|
* Bootstrap / Installation
|
||||||
** Pre-requisites by operating system
|
** Pre-requisites by operating system
|
||||||
|
*** General
|
||||||
|
To run uncloud you need:
|
||||||
|
- ldap development libraries
|
||||||
|
- libxml2-dev libxslt-dev
|
||||||
|
- gcc / libc headers: for compiling things
|
||||||
|
- python3-dev
|
||||||
|
- wireguard: wg (for checking keys)
|
||||||
*** Alpine
|
*** Alpine
|
||||||
#+BEGIN_SRC sh
|
#+BEGIN_SRC sh
|
||||||
apk add openldap-dev postgresql-dev libxml2-dev libxslt-dev gcc python3-dev musl-dev
|
apk add openldap-dev postgresql-dev libxml2-dev libxslt-dev gcc python3-dev musl-dev wireguard-tools-wg
|
||||||
#+END_SRC
|
#+END_SRC
|
||||||
*** Debian/Devuan:
|
*** Debian/Devuan:
|
||||||
#+BEGIN_SRC sh
|
#+BEGIN_SRC sh
|
||||||
|
|
|
@ -82,7 +82,7 @@ class WireGuardVPN(models.Model):
|
||||||
|
|
||||||
pool_index = models.IntegerField(unique=True)
|
pool_index = models.IntegerField(unique=True)
|
||||||
|
|
||||||
wireguard_public_key = models.CharField(max_length=48)
|
wireguard_public_key = models.CharField(max_length=48, unique=True)
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def network_mask(self):
|
def network_mask(self):
|
||||||
|
|
|
@ -23,84 +23,21 @@ class WireGuardVPNSerializer(serializers.ModelSerializer):
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# class VPNNetworkSerializer(serializers.ModelSerializer):
|
def validate_wireguard_public_key(self, value):
|
||||||
# class Meta:
|
msg = _("Supplied key is not a valid wireguard public key")
|
||||||
# model = VPNNetwork
|
|
||||||
# fields = '__all__'
|
|
||||||
|
|
||||||
# # This is required for finding the VPN pool, but does not
|
"""
|
||||||
# # exist in the model
|
FIXME: verify that this does not create broken wireguard config files,
|
||||||
# network_size = serializers.IntegerField(min_value=0,
|
i.e. contains \n or similar!
|
||||||
# max_value=128,
|
We might even need to be more strict to not break wireguard...
|
||||||
# write_only=True)
|
"""
|
||||||
|
|
||||||
# def validate_wireguard_public_key(self, value):
|
try:
|
||||||
# msg = _("Supplied key is not a valid wireguard public key")
|
base64.standard_b64decode(value)
|
||||||
|
except Exception as e:
|
||||||
|
raise serializers.ValidationError(msg)
|
||||||
|
|
||||||
# """ FIXME: verify that this does not create broken wireguard config files,
|
if '\n' in value:
|
||||||
# i.e. contains \n or similar!
|
raise serializers.ValidationError(msg)
|
||||||
# We might even need to be more strict to not break wireguard...
|
|
||||||
# """
|
|
||||||
|
|
||||||
# try:
|
return value
|
||||||
# base64.standard_b64decode(value)
|
|
||||||
# except Exception as e:
|
|
||||||
# raise serializers.ValidationError(msg)
|
|
||||||
|
|
||||||
# if '\n' in value:
|
|
||||||
# raise serializers.ValidationError(msg)
|
|
||||||
|
|
||||||
# return value
|
|
||||||
|
|
||||||
# def validate(self, data):
|
|
||||||
|
|
||||||
# # FIXME: filter for status = active or similar
|
|
||||||
# all_pools = VPNPool.objects.all()
|
|
||||||
# sizes = [ p.subnetwork_size for p in all_pools ]
|
|
||||||
|
|
||||||
# pools = VPNPool.objects.filter(subnetwork_size=data['network_size'])
|
|
||||||
|
|
||||||
# if len(pools) == 0:
|
|
||||||
# msg = _("No pool available for networks with size = {}. Available are: {}".format(data['network_size'], sizes))
|
|
||||||
# raise serializers.ValidationError(msg)
|
|
||||||
|
|
||||||
# return data
|
|
||||||
|
|
||||||
# def create(self, validated_data):
|
|
||||||
# """
|
|
||||||
# Creating a new vpnnetwork - there are a couple of race conditions,
|
|
||||||
# especially when run in parallel.
|
|
||||||
|
|
||||||
# What we should be doing:
|
|
||||||
|
|
||||||
# - create a reservation race free
|
|
||||||
# - map the reservation to a network (?)
|
|
||||||
# """
|
|
||||||
|
|
||||||
# pools = VPNPool.objects.filter(subnetwork_size=validated_data['network_size'])
|
|
||||||
|
|
||||||
# vpn_network = None
|
|
||||||
|
|
||||||
# for pool in pools:
|
|
||||||
# if pool.num_free_networks > 0:
|
|
||||||
# next_address = pool.next_free_network
|
|
||||||
|
|
||||||
# reservation, created = VPNNetworkReservation.objects.update_or_create(
|
|
||||||
# vpnpool=pool, address=next_address,
|
|
||||||
# defaults = {
|
|
||||||
# 'status': 'used'
|
|
||||||
# })
|
|
||||||
|
|
||||||
# vpn_network = VPNNetwork.objects.create(
|
|
||||||
# owner=self.context['request'].user,
|
|
||||||
# network=reservation,
|
|
||||||
# wireguard_public_key=validated_data['wireguard_public_key']
|
|
||||||
# )
|
|
||||||
|
|
||||||
# break
|
|
||||||
# if not vpn_network:
|
|
||||||
# # FIXME: use correct exception
|
|
||||||
# raise Exception("Did not find any free pool")
|
|
||||||
|
|
||||||
|
|
||||||
# return vpn_network
|
|
||||||
|
|
|
@ -49,7 +49,7 @@ def cdist_configure_wireguard_server(config, server):
|
||||||
|
|
||||||
|
|
||||||
log.debug("git committing wireguard changes")
|
log.debug("git committing wireguard changes")
|
||||||
subprocess.run(f"cd {dirname} && git pull && git add {server} && git commit -m 'Updating config for ${server}' && git push",
|
subprocess.run(f"cd {dirname} && git pull && git add {server} && git commit -m 'Updating config for {server}' && git push",
|
||||||
shell=True, check=True)
|
shell=True, check=True)
|
||||||
|
|
||||||
log.debug(f"Configuring VPN server {server} with cdist")
|
log.debug(f"Configuring VPN server {server} with cdist")
|
||||||
|
|
Loading…
Reference in a new issue