more on this

author: Paul Buetow <paul@buetow.org> 2025-05-01 12:13:55 +0300
committer: Paul Buetow <paul@buetow.org> 2025-05-01 12:13:55 +0300
commit: 16968e662e7da5f2d9770ee9421b6ef53d2a712c (patch)
tree: aaef33e6a3193e40c3ee0728d556e889674c2a73
parent: 4f2058fe130ad25c72ffd09d0411eb84995df760 (diff)
3 files changed, 82 insertions, 48 deletions
diff --git a/README.md b/README.md
index 55797aa..7b4cc1a 100644
--- a/README.md
+++ b/README.md
@@ -9,10 +9,10 @@ bundler install
 sudo dnf install -y wireguard-tools
 ```
 
-## Usage
+## Generate
 
 ```sh
-rake
+rake generate
 ```
 
 It will generate the configs and scp the configs to the hosts
@@ -47,20 +47,38 @@ keys/r2/pubkey
 ### FreeBSD
 
 ```sh
-doas freebsd-update fetch..... and so on... reboot
-doas pkg update
-doas pkg upgrade
-reboot
+paul@f0:~ % doas freebsd-update fetch..... and so on... reboot
+paul@f0:~ % doas pkg update
+paul@f0:~ % doas pkg upgrade
+paul@f0:~ % reboot
 
-doas pkg install wireguard-tools
-doas mv wg0.conf /usr/local/etc/wireguard/
+paul@f0:~ % doas pkg install wireguard-tools
+paul@f0:~ % doas sysrc wireguard_interfaces=wg0
+wireguard_interfaces:  -> wg0
+paul@f0:~ % doas sysrc wireguard_enable=YES
+wireguard_enable:  -> YES
+paul@f0:~ % doas mkdir -p /usr/local/etc/wireguard
+paul@f0:~ % doas touch /usr/local/etc/wireguard/wg0.conf
+paul@f0:~ % doas service wireguard start
 ```
 
-
 ### Rocky Linux 9
 
 ```sh
-dnf update -y
-reboot
-dnf install wireguard-tools
+[root@r0 ~] dnf update -y
+[root@r0 ~] reboot
+
+[root@r0 ~] dnf install wireguard-tools
+[root@r0 ~] mkdir -p /etc/wireguard
+[root@r0 ~] touch /etc/wireguard/wg0.conf
+[root@r0 ~] systemctl enable wg-quick@wg0.service
+[root@r0 ~] systemctl start wg-quick@wg0.service
+```
+
+### Install the config
+
+```sh
+rake install
 ```
+
+
diff --git a/wireguardmeshgenerator.rb b/wireguardmeshgenerator.rb
index 06b120a..001b2aa 100644
--- a/wireguardmeshgenerator.rb
+++ b/wireguardmeshgenerator.rb
@@ -55,21 +55,21 @@ PeerSnippet = Struct.new(:myself, :peer, :domain, :wgdomain,
                          :allowed_ips, :endpoint) do
   def to_s
     keytool = KeyTool.new(myself)
-    <<~PEER_CONFIG
+    <<~PEER_CONF
       [Peer]
       # #{myself}.#{domain} as #{myself}.#{wgdomain}
       PublicKey = #{keytool.pub}
-      pskKey = #{keytool.psk(peer)}
+      PresharedKey = #{keytool.psk(peer)}
       Endpoint = #{endpoint}:56709
       AllowedIPs = #{allowed_ips}/32
-    PEER_CONFIG
+    PEER_CONF
   end
 end
 
 WireguardConfig = Struct.new(:myself, :hosts) do
   def to_s
     keytool = KeyTool.new(myself)
-    <<~CONFIG
+    <<~CONF
       [Interface]
       # #{myself}.#{hosts[myself]['wg0']['domain']}
       Address = #{hosts[myself]['wg0']['ip']}
@@ -77,7 +77,7 @@ WireguardConfig = Struct.new(:myself, :hosts) do
       ListenPort = 56709
 
       #{peers(&:to_s).join("\n")}
-    CONFIG
+    CONF
   end
 
   def clean!
@@ -107,44 +107,60 @@ end
 
 InstallConfig = Struct.new(:myself, :hosts) do
   def initialize(myself, hosts)
+    @myself = myself
     @ssh_user = hosts[myself]['ssh']['user']
     @sudo_cmd = hosts[myself]['ssh']['sudo_cmd']
-    @restart_cmd = hosts[myself]['ssh']['restart_cmd']
+    @reload_cmd = hosts[myself]['ssh']['reload_cmd']
+    @conf_dir = hosts[myself]['ssh']['conf_dir']
   end
 
   def upload!
-    wg0_conf = "dist/#{myself}/etc/wireguard/wg0.conf"
-    puts "Uploading #{wg0_conf} to #{myself}:."
-    raise "Upload to #{myself} failed" unless
-      Net::SCP.upload!(myself, @ssh_user, wg0_conf, '.')
-
+    wg0_conf = "dist/#{@myself}/etc/wireguard/wg0.conf"
+    scp(wg0_conf)
     self
   end
 
   def install!
-    puts "Installing Wireguard config on #{myself}"
+    puts "Installing Wireguard config on #{@myself}"
     ssh <<~SH
-      if [ ! -d #{@config_path} ]; then
-        #{@sudo_cmd} mkdir -p #{@config_path}
-        #{@sudo_cmd} mv -v wg0.conf #{@config_path}
+      if [ ! -d #{@conf_dir} ]; then
+        #{@sudo_cmd} mkdir -p #{@conf_dir}
       fi
+      #{@sudo_cmd} chmod 700 #{@conf_dir}
+      #{@sudo_cmd} mv -v wg0.conf #{@conf_dir}
+      #{@sudo_cmd} chmod 600 #{@conf_dir}/wg0.conf
     SH
-    raise "Unable to install Wireguard config on #{myself}" unless
-      $CHILD_STATUS.success?
-
-    self
   end
 
   def restart!
-    puts "Restarting Wireguard on #{myself}"
-    ssh "#{@sudo_cmd} #{@restart_cmd}"
-    raise "Unable to restart Wireguard on #{myself}" unless
-       $CHILD_STATUS.success?
+    puts "Reloading Wireguard on #{@myself}"
+    ssh <<~SH
+      #{@sudo_cmd} #{@reload_cmd}
+    SH
   end
 
   private
 
-  def ssh(cmd) = Net::SSH.start(myself, @ssh_user) { _1.exec!(cmd) }
+  def scp(src, dst = '.')
+    puts "Uploading #{src} to #{@myself}:#{dst}"
+    raise "Upload #{srd} to #{@myself}:#{dst} failed" unless
+      Net::SCP.upload!(@myself, @ssh_user, src, dst)
+  end
+
+  def ssh(cmd)
+    File.write('cmd.sh', <<~SH) and scp('cmd.sh')
+      #!/bin/sh
+      set -x
+      #{cmd}
+    SH
+    Net::SSH.start(@myself, @ssh_user) do |ssh|
+      output = ssh.exec!('sh cmd.sh')
+      raise output unless output.exitstatus.zero?
+
+      puts output
+    end
+    self
+  end
 end
 
 begin
diff --git a/wireguardmeshgenerator.yaml b/wireguardmeshgenerator.yaml
index e58f869..920750f 100644
--- a/wireguardmeshgenerator.yaml
+++ b/wireguardmeshgenerator.yaml
@@ -4,9 +4,9 @@ hosts:
   f0:
     ssh:
       user: paul
-      config_dir: /usr/local/etc/wireguard
+      conf_dir: /usr/local/etc/wireguard
       sudo_cmd: doas
-      restart_cmd: doas service restart wireguard
+      reload_cmd: service wireguard reload
     lan:
       domain: 'lan.buetow.org'
       ip: '192.168.1.130'
@@ -16,9 +16,9 @@ hosts:
   f1:
     ssh:
       user: paul
-      config_dir: /usr/local/etc/wireguard
+      conf_dir: /usr/local/etc/wireguard
       sudo_cmd: doas
-      restart_cmd: doas service restart wireguard
+      reload_cmd: service wireguard reload
     lan:
       domain: 'lan.buetow.org'
       ip: '192.168.1.131'
@@ -28,9 +28,9 @@ hosts:
   f2:
     ssh:
       user: paul
-      config_dir: /usr/local/etc/wireguard
+      conf_dir: /usr/local/etc/wireguard
       sudo_cmd: doas
-      restart_cmd: doas service restart wireguard
+      reload_cmd: service wireguard reload
     lan:
       domain: 'lan.buetow.org'
       ip: '192.168.1.132'
@@ -40,9 +40,9 @@ hosts:
   r0:
     ssh:
       user: root
-      config_dir: /usr/local/etc/wireguard
+      conf_dir: /etc/wireguard
       sudo_cmd:
-      restart_cmd: service restart wireguard
+      reload_cmd: systemctl reload wg-quick@wg0.service
     lan:
       domain: 'lan.buetow.org'
       ip: '192.168.1.120'
@@ -52,9 +52,9 @@ hosts:
   r1:
     ssh:
       user: root
-      config_dir: /usr/local/etc/wireguard
+      conf_dir: /etc/wireguard
       sudo_cmd:
-      restart_cmd: service restart wireguard
+      reload_cmd: systemctl reload wg-quick@wg0.service
     lan:
       domain: 'lan.buetow.org'
       ip: '192.168.1.121'
@@ -64,9 +64,9 @@ hosts:
   r2:
     ssh:
       user: root
-      config_dir: /usr/local/etc/wireguard
+      conf_dir: /etc/wireguard
       sudo_cmd:
-      restart_cmd: service restart wireguard
+      reload_cmd: systemctl reload wg-quick@wg0.service
     lan:
       domain: 'lan.buetow.org'
       ip: '192.168.1.122'
author	Paul Buetow <paul@buetow.org>	2025-05-01 12:13:55 +0300
committer	Paul Buetow <paul@buetow.org>	2025-05-01 12:13:55 +0300
commit	16968e662e7da5f2d9770ee9421b6ef53d2a712c (patch)
tree	aaef33e6a3193e40c3ee0728d556e889674c2a73
parent	4f2058fe130ad25c72ffd09d0411eb84995df760 (diff)