[vpn/doc] update docs

This commit is contained in:
Nico Schottelius 2020-12-20 19:37:12 +01:00
parent 689375a2fe
commit cdab685269
4 changed files with 24 additions and 80 deletions

View file

@ -1,8 +1,15 @@
* Bootstrap / Installation * Bootstrap / Installation
** Pre-requisites by operating system ** Pre-requisites by operating system
*** General
To run uncloud you need:
- ldap development libraries
- libxml2-dev libxslt-dev
- gcc / libc headers: for compiling things
- python3-dev
- wireguard: wg (for checking keys)
*** Alpine *** Alpine
#+BEGIN_SRC sh #+BEGIN_SRC sh
apk add openldap-dev postgresql-dev libxml2-dev libxslt-dev gcc python3-dev musl-dev apk add openldap-dev postgresql-dev libxml2-dev libxslt-dev gcc python3-dev musl-dev wireguard-tools-wg
#+END_SRC #+END_SRC
*** Debian/Devuan: *** Debian/Devuan:
#+BEGIN_SRC sh #+BEGIN_SRC sh

View file

@ -82,7 +82,7 @@ class WireGuardVPN(models.Model):
pool_index = models.IntegerField(unique=True) pool_index = models.IntegerField(unique=True)
wireguard_public_key = models.CharField(max_length=48) wireguard_public_key = models.CharField(max_length=48, unique=True)
@property @property
def network_mask(self): def network_mask(self):

View file

@ -23,84 +23,21 @@ class WireGuardVPNSerializer(serializers.ModelSerializer):
} }
# class VPNNetworkSerializer(serializers.ModelSerializer): def validate_wireguard_public_key(self, value):
# class Meta: msg = _("Supplied key is not a valid wireguard public key")
# model = VPNNetwork
# fields = '__all__'
# # This is required for finding the VPN pool, but does not """
# # exist in the model FIXME: verify that this does not create broken wireguard config files,
# network_size = serializers.IntegerField(min_value=0, i.e. contains \n or similar!
# max_value=128, We might even need to be more strict to not break wireguard...
# write_only=True) """
# def validate_wireguard_public_key(self, value): try:
# msg = _("Supplied key is not a valid wireguard public key") base64.standard_b64decode(value)
except Exception as e:
raise serializers.ValidationError(msg)
# """ FIXME: verify that this does not create broken wireguard config files, if '\n' in value:
# i.e. contains \n or similar! raise serializers.ValidationError(msg)
# We might even need to be more strict to not break wireguard...
# """
# try: return value
# base64.standard_b64decode(value)
# except Exception as e:
# raise serializers.ValidationError(msg)
# if '\n' in value:
# raise serializers.ValidationError(msg)
# return value
# def validate(self, data):
# # FIXME: filter for status = active or similar
# all_pools = VPNPool.objects.all()
# sizes = [ p.subnetwork_size for p in all_pools ]
# pools = VPNPool.objects.filter(subnetwork_size=data['network_size'])
# if len(pools) == 0:
# msg = _("No pool available for networks with size = {}. Available are: {}".format(data['network_size'], sizes))
# raise serializers.ValidationError(msg)
# return data
# def create(self, validated_data):
# """
# Creating a new vpnnetwork - there are a couple of race conditions,
# especially when run in parallel.
# What we should be doing:
# - create a reservation race free
# - map the reservation to a network (?)
# """
# pools = VPNPool.objects.filter(subnetwork_size=validated_data['network_size'])
# vpn_network = None
# for pool in pools:
# if pool.num_free_networks > 0:
# next_address = pool.next_free_network
# reservation, created = VPNNetworkReservation.objects.update_or_create(
# vpnpool=pool, address=next_address,
# defaults = {
# 'status': 'used'
# })
# vpn_network = VPNNetwork.objects.create(
# owner=self.context['request'].user,
# network=reservation,
# wireguard_public_key=validated_data['wireguard_public_key']
# )
# break
# if not vpn_network:
# # FIXME: use correct exception
# raise Exception("Did not find any free pool")
# return vpn_network

View file

@ -49,7 +49,7 @@ def cdist_configure_wireguard_server(config, server):
log.debug("git committing wireguard changes") log.debug("git committing wireguard changes")
subprocess.run(f"cd {dirname} && git pull && git add {server} && git commit -m 'Updating config for ${server}' && git push", subprocess.run(f"cd {dirname} && git pull && git add {server} && git commit -m 'Updating config for {server}' && git push",
shell=True, check=True) shell=True, check=True)
log.debug(f"Configuring VPN server {server} with cdist") log.debug(f"Configuring VPN server {server} with cdist")