mirror of
https://github.com/Kiritow/wg-ops.git
synced 2024-03-22 13:11:37 +08:00
Remove PostUp/PostDown
This commit is contained in:
parent
63d4c9be2e
commit
d93c00a707
115
generate.py
115
generate.py
|
@ -348,10 +348,10 @@ class Parser:
|
||||||
|
|
||||||
ipt_filename_inside = "/root/conf/{}-ipt.conf".format(conf_uuid)
|
ipt_filename_inside = "/root/conf/{}-ipt.conf".format(conf_uuid)
|
||||||
|
|
||||||
self.result_container_postbootstrap.append('PostUp=IPT_COMMANDS=$({}); echo $IPT_COMMANDS; $IPT_COMMANDS'.format(
|
self.result_container_postbootstrap.append('IPT_COMMANDS=$({}); echo $IPT_COMMANDS; $IPT_COMMANDS'.format(
|
||||||
self.get_podman_cmd_with("podman exec {} /root/bin/udp2raw_amd64 --conf-file {} | grep ^iptables".format(self.get_container_name(), ipt_filename_inside))
|
self.get_podman_cmd_with("podman exec {} /root/bin/udp2raw_amd64 --conf-file {} | grep ^iptables".format(self.get_container_name(), ipt_filename_inside))
|
||||||
))
|
))
|
||||||
self.result_postdown.append("PostDown=IPT_COMMANDS=$({}); IPT_COMMANDS=$(echo $IPT_COMMANDS | sed -e 's/-I /-D /g'); echo $IPT_COMMANDS; $IPT_COMMANDS".format(
|
self.result_postdown.append("IPT_COMMANDS=$({}); IPT_COMMANDS=$(echo $IPT_COMMANDS | sed -e 's/-I /-D /g'); echo $IPT_COMMANDS; $IPT_COMMANDS".format(
|
||||||
self.get_podman_cmd_with("podman exec {} /root/bin/udp2raw_amd64 --conf-file {} | grep ^iptables".format(self.get_container_name(), ipt_filename_inside))
|
self.get_podman_cmd_with("podman exec {} /root/bin/udp2raw_amd64 --conf-file {} | grep ^iptables".format(self.get_container_name(), ipt_filename_inside))
|
||||||
))
|
))
|
||||||
|
|
||||||
|
@ -386,10 +386,10 @@ class Parser:
|
||||||
|
|
||||||
ipt_filename_inside = "/root/conf/{}-ipt.conf".format(conf_uuid)
|
ipt_filename_inside = "/root/conf/{}-ipt.conf".format(conf_uuid)
|
||||||
|
|
||||||
self.result_container_postbootstrap.append('PostUp=IPT_COMMANDS=$({}); echo $IPT_COMMANDS; $IPT_COMMANDS'.format(
|
self.result_container_postbootstrap.append('IPT_COMMANDS=$({}); echo $IPT_COMMANDS; $IPT_COMMANDS'.format(
|
||||||
self.get_podman_cmd_with("podman exec {} /root/bin/udp2raw_amd64 --conf-file {} | grep ^iptables".format(self.get_container_name(), ipt_filename_inside))
|
self.get_podman_cmd_with("podman exec {} /root/bin/udp2raw_amd64 --conf-file {} | grep ^iptables".format(self.get_container_name(), ipt_filename_inside))
|
||||||
))
|
))
|
||||||
self.result_postdown.append("PostDown=IPT_COMMANDS=$({}); IPT_COMMANDS=$(echo $IPT_COMMANDS | sed -e 's/-I /-D /g'); echo $IPT_COMMANDS; $IPT_COMMANDS".format(
|
self.result_postdown.append("IPT_COMMANDS=$({}); IPT_COMMANDS=$(echo $IPT_COMMANDS | sed -e 's/-I /-D /g'); echo $IPT_COMMANDS; $IPT_COMMANDS".format(
|
||||||
self.get_podman_cmd_with("podman exec {} /root/bin/udp2raw_amd64 --conf-file {} | grep ^iptables".format(self.get_container_name(), ipt_filename_inside))
|
self.get_podman_cmd_with("podman exec {} /root/bin/udp2raw_amd64 --conf-file {} | grep ^iptables".format(self.get_container_name(), ipt_filename_inside))
|
||||||
))
|
))
|
||||||
|
|
||||||
|
@ -398,11 +398,11 @@ class Parser:
|
||||||
cert_filepath = "/root/ssl/{}.cert".format(cert_uuid)
|
cert_filepath = "/root/ssl/{}.cert".format(cert_uuid)
|
||||||
key_filepath = "/root/ssl/{}.key".format(cert_uuid)
|
key_filepath = "/root/ssl/{}.key".format(cert_uuid)
|
||||||
|
|
||||||
self.result_container_prebootstrap.append('PostUp={}'.format(
|
self.result_container_prebootstrap.append(self.get_podman_cmd_with(
|
||||||
self.get_podman_cmd_with('podman cp {} {}:{}'.format(ssl_cert_path, self.get_container_name(), cert_filepath))
|
'podman cp {} {}:{}'.format(ssl_cert_path, self.get_container_name(), cert_filepath)
|
||||||
))
|
))
|
||||||
self.result_container_prebootstrap.append('PostUp={}'.format(
|
self.result_container_prebootstrap.append(self.get_podman_cmd_with(
|
||||||
self.get_podman_cmd_with('podman cp {} {}:{}'.format(ssl_key_path, self.get_container_name(), key_filepath))
|
'podman cp {} {}:{}'.format(ssl_key_path, self.get_container_name(), key_filepath)
|
||||||
))
|
))
|
||||||
|
|
||||||
self.container_bootstrap.append({
|
self.container_bootstrap.append({
|
||||||
|
@ -592,19 +592,20 @@ class Parser:
|
||||||
continue
|
continue
|
||||||
|
|
||||||
elif line.startswith('#enable-bbr'):
|
elif line.startswith('#enable-bbr'):
|
||||||
self.result_postup.append('PostUp=sysctl net.core.default_qdisc=fq\nPostUp=sysctl net.ipv4.tcp_congestion_control=bbr')
|
self.result_postup.append('sysctl net.core.default_qdisc=fq')
|
||||||
|
self.result_postup.append('sysctl net.ipv4.tcp_congestion_control=bbr')
|
||||||
elif line.startswith('#enable-forward'):
|
elif line.startswith('#enable-forward'):
|
||||||
self.result_postup.append('PostUp=sysctl net.ipv4.ip_forward=1')
|
self.result_postup.append('sysctl net.ipv4.ip_forward=1')
|
||||||
elif line.startswith('#iptables-forward'):
|
elif line.startswith('#iptables-forward'):
|
||||||
self.result_postup.append('PostUp=iptables -A FORWARD -i {} -j ACCEPT'.format(self.wg_name))
|
self.result_postup.append('iptables -A FORWARD -i {} -j ACCEPT'.format(self.wg_name))
|
||||||
self.result_postdown.append('PostDown=iptables -D FORWARD -i {} -j ACCEPT'.format(self.wg_name))
|
self.result_postdown.append('iptables -D FORWARD -i {} -j ACCEPT'.format(self.wg_name))
|
||||||
elif line.startswith('#route-to'):
|
elif line.startswith('#route-to'):
|
||||||
self.flag_is_route_forward = True
|
self.flag_is_route_forward = True
|
||||||
|
|
||||||
parts = line.split(' ')[1:]
|
parts = line.split(' ')[1:]
|
||||||
table_name = parts[0]
|
table_name = parts[0]
|
||||||
|
|
||||||
self.result_postup.append('PostUp=ip route add 0.0.0.0/0 dev {} table {}'.format(self.wg_name, table_name))
|
self.result_postup.append('ip route add 0.0.0.0/0 dev {} table {}'.format(self.wg_name, table_name))
|
||||||
errprint('[WARN] Please ensure custom route table {} exists.'.format(table_name))
|
errprint('[WARN] Please ensure custom route table {} exists.'.format(table_name))
|
||||||
elif line.startswith('#route-from'):
|
elif line.startswith('#route-from'):
|
||||||
self.flag_is_route_lookup = True
|
self.flag_is_route_lookup = True
|
||||||
|
@ -737,31 +738,29 @@ class Parser:
|
||||||
tmp_base64_filepath = "/tmp/wg-op-container-bootstrap-{}.data".format(self.wg_name)
|
tmp_base64_filepath = "/tmp/wg-op-container-bootstrap-{}.data".format(self.wg_name)
|
||||||
tmp_filepath = "/tmp/wg-op-container-bootstrap-{}.json".format(self.wg_name)
|
tmp_filepath = "/tmp/wg-op-container-bootstrap-{}.json".format(self.wg_name)
|
||||||
|
|
||||||
self.result_postup.append('PostUp=rm -f {}'.format(tmp_base64_filepath))
|
self.result_postup.append('rm -f {}'.format(tmp_base64_filepath))
|
||||||
for this_config_line in config_parts:
|
for this_config_line in config_parts:
|
||||||
self.result_postup.append('PostUp=echo {} >> {}'.format(this_config_line, tmp_base64_filepath))
|
self.result_postup.append('echo {} >> {}'.format(this_config_line, tmp_base64_filepath))
|
||||||
self.result_postup.append('PostUp=base64 -d {} > {}'.format(tmp_base64_filepath, tmp_filepath))
|
self.result_postup.append('base64 -d {} > {}'.format(tmp_base64_filepath, tmp_filepath))
|
||||||
self.result_postup.append('PostUp=rm {}'.format(tmp_base64_filepath))
|
self.result_postup.append('rm {}'.format(tmp_base64_filepath))
|
||||||
|
|
||||||
self.result_container_prebootstrap.append('PostUp={}'.format(
|
self.result_container_prebootstrap.append(self.get_podman_cmd_with(
|
||||||
self.get_podman_cmd_with('podman cp {} {}:/root/conf/bootstrap.json'.format(tmp_filepath, self.get_container_name()))
|
'podman cp {} {}:/root/conf/bootstrap.json'.format(tmp_filepath, self.get_container_name())
|
||||||
))
|
))
|
||||||
self.result_container_prebootstrap.append('PostUp=rm {}'.format(tmp_filepath))
|
self.result_container_prebootstrap.append('rm {}'.format(tmp_filepath))
|
||||||
|
|
||||||
if self.result_container_prebootstrap or self.result_container_postbootstrap:
|
if self.result_container_prebootstrap or self.result_container_postbootstrap:
|
||||||
self.result_postup.append('PostUp={}'.format(
|
self.result_postup.append(self.get_podman_cmd_with(
|
||||||
self.get_podman_cmd_with('podman container exists {} && podman stop {} && podman rm {}; $(exit 0)'.format(
|
'podman container exists {} && podman stop {} && podman rm {}; $(exit 0)'.format(self.get_container_name(), self.get_container_name(), self.get_container_name())
|
||||||
self.get_container_name(), self.get_container_name(), self.get_container_name()))
|
|
||||||
))
|
))
|
||||||
|
|
||||||
self.result_postup.append('PostUp={}'.format(
|
self.result_postup.append(self.get_podman_cmd_with(
|
||||||
self.get_podman_cmd_with('podman network exists {} && podman network rm {}; $(exit 0)'.format(
|
'podman network exists {} && podman network rm {}; $(exit 0)'.format(self.get_container_network_name(), self.get_container_network_name())
|
||||||
self.get_container_network_name(), self.get_container_network_name()))
|
|
||||||
))
|
))
|
||||||
|
|
||||||
if not self.flag_container_must_host:
|
if not self.flag_container_must_host:
|
||||||
self.result_postup.append('PostUp={}'.format(
|
self.result_postup.append(self.get_podman_cmd_with(
|
||||||
self.get_podman_cmd_with('podman network create {}'.format(self.get_container_network_name()))
|
'podman network create {}'.format(self.get_container_network_name())
|
||||||
))
|
))
|
||||||
|
|
||||||
if not self.flag_container_must_host and self.container_expose_port:
|
if not self.flag_container_must_host and self.container_expose_port:
|
||||||
|
@ -770,50 +769,41 @@ class Parser:
|
||||||
else:
|
else:
|
||||||
cmd_ports = ''
|
cmd_ports = ''
|
||||||
|
|
||||||
self.result_postup.append('PostUp={}'.format(
|
self.result_postup.append(self.get_podman_cmd_with(
|
||||||
self.get_podman_cmd_with('podman run --cap-add NET_RAW -v {}:/root/bin -v {}:/root/app {} --name {} --network {} -d wg-ops-runenv'.format(
|
'podman run --cap-add NET_RAW -v {}:/root/bin -v {}:/root/app {} --name {} --network {} -d wg-ops-runenv'.format(
|
||||||
path_bin_dir, path_app_dir, cmd_ports, self.get_container_name(), self.get_container_network_name()))
|
path_bin_dir, path_app_dir, cmd_ports, self.get_container_name(), self.get_container_network_name())
|
||||||
))
|
))
|
||||||
self.result_postup.append('PostUp={}'.format(
|
self.result_postup.append(self.get_podman_cmd_with(
|
||||||
self.get_podman_cmd_with('podman exec {} mkdir -p /root/ssl /root/runner /root/conf'.format(
|
'podman exec {} mkdir -p /root/ssl /root/runner /root/conf'.format(self.get_container_name())
|
||||||
self.get_container_name()))
|
|
||||||
))
|
))
|
||||||
|
|
||||||
if not self.flag_container_must_host and not self.podman_user:
|
if not self.flag_container_must_host and not self.podman_user:
|
||||||
self.result_postup.append("PostUp=CT_IP=$({}); iptables -A FORWARD -d $CT_IP -j ACCEPT; iptables -A INPUT -s $CT_IP -j ACCEPT".format(
|
self.result_postup.append("CT_IP=$({}); iptables -A FORWARD -d $CT_IP -j ACCEPT; iptables -A INPUT -s $CT_IP -j ACCEPT".format(
|
||||||
self.get_podman_cmd_with('/usr/bin/python3 {} {} {}'.format(path_get_ip, self.get_container_network_name(), self.get_container_name()))))
|
self.get_podman_cmd_with('/usr/bin/python3 {} {} {}'.format(path_get_ip, self.get_container_network_name(), self.get_container_name()))))
|
||||||
self.result_postdown.append("PostDown=CT_IP=$({}); iptables -D FORWARD -d $CT_IP -j ACCEPT; iptables -D INPUT -s $CT_IP -j ACCEPT".format(
|
self.result_postdown.append("CT_IP=$({}); iptables -D FORWARD -d $CT_IP -j ACCEPT; iptables -D INPUT -s $CT_IP -j ACCEPT".format(
|
||||||
self.get_podman_cmd_with('/usr/bin/python3 {} {} {}'.format(path_get_ip, self.get_container_network_name(), self.get_container_name()))))
|
self.get_podman_cmd_with('/usr/bin/python3 {} {} {}'.format(path_get_ip, self.get_container_network_name(), self.get_container_name()))))
|
||||||
|
|
||||||
self.result_postdown.append('PostDown={}'.format(
|
self.result_postdown.append(self.get_podman_cmd_with('podman stop {}'.format(self.get_container_name())))
|
||||||
self.get_podman_cmd_with('podman stop {}'.format(self.get_container_name()))
|
self.result_postdown.append(self.get_podman_cmd_with('podman rm {}'.format(self.get_container_name())))
|
||||||
))
|
|
||||||
|
|
||||||
self.result_postdown.append('PostDown={}'.format(
|
|
||||||
self.get_podman_cmd_with('podman rm {}'.format(self.get_container_name()))
|
|
||||||
))
|
|
||||||
|
|
||||||
if not self.flag_container_must_host:
|
if not self.flag_container_must_host:
|
||||||
self.result_postdown.append('PostDown={}'.format(
|
self.result_postdown.append(self.get_podman_cmd_with('podman network rm {}'.format(self.get_container_network_name())))
|
||||||
self.get_podman_cmd_with('podman network rm {}'.format(self.get_container_network_name()))
|
|
||||||
))
|
|
||||||
|
|
||||||
self.result_postup.extend(self.result_container_prebootstrap)
|
self.result_postup.extend(self.result_container_prebootstrap)
|
||||||
|
|
||||||
if self.flag_container_must_host:
|
if self.flag_container_must_host:
|
||||||
self.result_postup.append('PostUp={}'.format(
|
self.result_postup.append(self.get_podman_cmd_with(
|
||||||
self.get_podman_cmd_with('podman exec -t -e GATEWAY_IP=127.0.0.1 -e WG_PORT={} {} /usr/bin/python3 /root/app/bootstrap.py'.format(
|
'podman exec -t -e GATEWAY_IP=127.0.0.1 -e WG_PORT={} {} /usr/bin/python3 /root/app/bootstrap.py'.format(self.wg_port, self.get_container_name())
|
||||||
self.wg_port, self.get_container_name()))
|
|
||||||
))
|
))
|
||||||
elif self.podman_user:
|
elif self.podman_user:
|
||||||
self.result_postup.append('PostUp={}'.format(
|
self.result_postup.append(self.get_podman_cmd_with(
|
||||||
self.get_podman_cmd_with('CT_GATEWAY=$(/usr/bin/python3 {}); podman exec -t -e GATEWAY_IP=$CT_GATEWAY -e WG_PORT={} {} /usr/bin/python3 /root/app/bootstrap.py'.format(
|
'CT_GATEWAY=$(/usr/bin/python3 {}); podman exec -t -e GATEWAY_IP=$CT_GATEWAY -e WG_PORT={} {} /usr/bin/python3 /root/app/bootstrap.py'.format(
|
||||||
path_get_lan_ip, self.wg_port, self.get_container_name()))
|
path_get_lan_ip, self.wg_port, self.get_container_name())
|
||||||
))
|
))
|
||||||
else:
|
else:
|
||||||
self.result_postup.append('PostUp={}'.format(
|
self.result_postup.append(self.get_podman_cmd_with(
|
||||||
self.get_podman_cmd_with('CT_GATEWAY=$(/usr/bin/python3 {} {}); podman exec -t -e GATEWAY_IP=$CT_GATEWAY -e WG_PORT={} {} /usr/bin/python3 /root/app/bootstrap.py'.format(
|
'CT_GATEWAY=$(/usr/bin/python3 {} {}); podman exec -t -e GATEWAY_IP=$CT_GATEWAY -e WG_PORT={} {} /usr/bin/python3 /root/app/bootstrap.py'.format(
|
||||||
path_get_gateway, self.get_container_network_name(), self.wg_port, self.get_container_name()))
|
path_get_gateway, self.get_container_network_name(), self.wg_port, self.get_container_name())
|
||||||
))
|
))
|
||||||
|
|
||||||
self.result_postup.extend(self.result_container_postbootstrap)
|
self.result_postup.extend(self.result_container_postbootstrap)
|
||||||
|
@ -880,10 +870,10 @@ class Parser:
|
||||||
if addr_host == "gateway":
|
if addr_host == "gateway":
|
||||||
tunnel_addr = ""
|
tunnel_addr = ""
|
||||||
if self.flag_container_must_host or self.podman_user:
|
if self.flag_container_must_host or self.podman_user:
|
||||||
self.result_postup.append("PostUp=wg set {} peer {} endpoint 127.0.0.1:{}".format(
|
self.result_postup.append("wg set {} peer {} endpoint 127.0.0.1:{}".format(
|
||||||
self.wg_name, current_pubkey, addr_port))
|
self.wg_name, current_pubkey, addr_port))
|
||||||
else:
|
else:
|
||||||
self.result_postup.append("PostUp=CT_IP=$({}); wg set {} peer {} endpoint $CT_IP:{}".format(
|
self.result_postup.append("CT_IP=$({}); wg set {} peer {} endpoint $CT_IP:{}".format(
|
||||||
self.get_podman_cmd_with('/usr/bin/python3 {} {} {}'.format(path_get_ip, self.get_container_network_name(), self.get_container_name())),
|
self.get_podman_cmd_with('/usr/bin/python3 {} {} {}'.format(path_get_ip, self.get_container_network_name(), self.get_container_name())),
|
||||||
self.wg_name, current_pubkey, addr_port))
|
self.wg_name, current_pubkey, addr_port))
|
||||||
elif tunnel_addr:
|
elif tunnel_addr:
|
||||||
|
@ -902,21 +892,24 @@ class Parser:
|
||||||
errprint('[WARN] comment or unknown hint: {}'.format(line))
|
errprint('[WARN] comment or unknown hint: {}'.format(line))
|
||||||
|
|
||||||
if self.flag_is_route_forward and this_peer_idx == 0:
|
if self.flag_is_route_forward and this_peer_idx == 0:
|
||||||
self.result_postup.insert(0, 'PostUp=wg set {} peer {} allowed-ips 0.0.0.0/0'.format(self.wg_name, current_pubkey))
|
self.result_postup.insert(0, 'wg set {} peer {} allowed-ips 0.0.0.0/0'.format(self.wg_name, current_pubkey))
|
||||||
|
|
||||||
if current_lookup:
|
if current_lookup:
|
||||||
for ip_cidr in current_allowed:
|
for ip_cidr in current_allowed:
|
||||||
self.result_postup.append('PostUp=ip rule add from {} lookup {}'.format(ip_cidr, current_lookup))
|
self.result_postup.append('ip rule add from {} lookup {}'.format(ip_cidr, current_lookup))
|
||||||
self.result_postdown.append('PostDown=ip rule del from {} lookup {}'.format(ip_cidr, current_lookup))
|
self.result_postdown.append('ip rule del from {} lookup {}'.format(ip_cidr, current_lookup))
|
||||||
|
|
||||||
def get_result(self):
|
def get_result(self):
|
||||||
current_time = time.strftime("%Y-%m-%d %H:%M:%S")
|
current_time = time.strftime("%Y-%m-%d %H:%M:%S")
|
||||||
|
gen_result_postup = ["PostUp={}".format(line) for line in self.result_postup]
|
||||||
|
gen_result_postdown = ["PostDown={}".format(line) for line in self.result_postdown]
|
||||||
|
|
||||||
return '''# Generated by wg-ops at {}. DO NOT EDIT.
|
return '''# Generated by wg-ops at {}. DO NOT EDIT.
|
||||||
{}
|
{}
|
||||||
{}
|
{}
|
||||||
{}
|
{}
|
||||||
{}
|
{}
|
||||||
'''.format(current_time, '\n'.join(self.result_interface), '\n'.join(self.result_postup), '\n'.join(self.result_postdown), '\n'.join(self.result_peers))
|
'''.format(current_time, '\n'.join(self.result_interface), '\n'.join(gen_result_postup), '\n'.join(gen_result_postdown), '\n'.join(self.result_peers))
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
|
|
Loading…
Reference in New Issue
Block a user