#+BEGIN_SRC perl :tangle inst
use MIME::Base64;
+sub write_wireguard ($);
if (defined $ARGV[0] && $ARGV[0] eq "pass") {
my $I = new IO::File;
"playbooks/nextcloud-old.yml -e user=$user",
">/dev/null");
$member->{"status"} = "former";
+ umask 077;
write_members_yaml $yaml;
+ write_wireguard $yaml;
mysystem ("ansible-playbook -e \@Secret/become.yml",
"-t accounts playbooks/site.yml",
">/dev/null");
umask 077;
write_members_yaml $yaml;
+ write_wireguard $yaml;
- if ($type eq "campus") {
- push @all_peers, [ $name, $hostnum, $type, $pubkey, "" ];
- } else {
- push @member_peers, [ $name, $hostnum, $type, $pubkey, $user ];
- push @all_peers, [ $name, $hostnum, $type, $pubkey, $user ];
+ umask 033;
+ write_wg_client ("public.conf",
+ hostnum_to_ipaddr ($hostnum, $public_wg_net_cidr),
+ $type,
+ $front_wg_pubkey,
+ "$front_addr:$public_wg_port",
+ hostnum_to_ipaddr (1, $public_wg_net_cidr))
+ if $type ne "campus";
+ write_wg_client ("campus.conf",
+ hostnum_to_ipaddr ($hostnum, $campus_wg_net_cidr),
+ $type,
+ $gate_wg_pubkey,
+ "$gate_wild_addr:$campus_wg_port",
+ hostnum_to_ipaddr (1, $campus_wg_net_cidr));
+
+ mysystem ("ansible-playbook -e \@Secret/become.yml",
+ "-l gate,front",
+ "-t accounts playbooks/site.yml",
+ ">/dev/null");
+ exit;
+}
+
+sub write_wireguard ($) {
+ my ($yaml) = @_;
+
+ my @campus_peers # [ name, hostnum, type, pubkey, user|"" ]
+ = map { [ (split / /), "" ] } @{$yaml->{"clients"}};
+
+ my $members = $yaml->{"members"};
+ my @member_peers = ();
+ for my $u (sort keys %$members) {
+ next if $members->{$u}->{"status"} ne "current";
+ push @member_peers,
+ map { [ (split / /), $u ] } @{$members->{$u}->{"clients"}};
}
+ my @all_peers = sort { $a->[1] <=> $b->[1] }
+ (@campus_peers, @member_peers);
+
my $core_wg_addr = hostnum_to_ipaddr (2, $public_wg_net_cidr);
my $extra_front_config = "
PostUp = resolvectl dns %i $core_addr
write_wg_server ("private/front-wg0.conf", \@member_peers,
hostnum_to_ipaddr_cidr (1, $public_wg_net_cidr),
- $public_wg_port, $extra_front_config)
- if $type ne "campus";
+ $public_wg_port, $extra_front_config);
write_wg_server ("private/gate-wg0.conf", \@all_peers,
hostnum_to_ipaddr_cidr (1, $campus_wg_net_cidr),
$campus_wg_port, "\n");
-
- umask 033;
- write_wg_client ("public.conf",
- hostnum_to_ipaddr ($hostnum, $public_wg_net_cidr),
- $type,
- $front_wg_pubkey,
- "$front_addr:$public_wg_port",
- hostnum_to_ipaddr (1, $public_wg_net_cidr))
- if $type ne "campus";
- write_wg_client ("campus.conf",
- hostnum_to_ipaddr ($hostnum, $campus_wg_net_cidr),
- $type,
- $gate_wg_pubkey,
- "$gate_wild_addr:$campus_wg_port",
- hostnum_to_ipaddr (1, $campus_wg_net_cidr));
-
- exit;
}
sub write_wg_server ($$$$$) {
}
use MIME::Base64;
+sub write_wireguard ($);
if (defined $ARGV[0] && $ARGV[0] eq "pass") {
my $I = new IO::File;
"playbooks/nextcloud-old.yml -e user=$user",
">/dev/null");
$member->{"status"} = "former";
+ umask 077;
write_members_yaml $yaml;
+ write_wireguard $yaml;
mysystem ("ansible-playbook -e \@Secret/become.yml",
"-t accounts playbooks/site.yml",
">/dev/null");
umask 077;
write_members_yaml $yaml;
+ write_wireguard $yaml;
- if ($type eq "campus") {
- push @all_peers, [ $name, $hostnum, $type, $pubkey, "" ];
- } else {
- push @member_peers, [ $name, $hostnum, $type, $pubkey, $user ];
- push @all_peers, [ $name, $hostnum, $type, $pubkey, $user ];
+ umask 033;
+ write_wg_client ("public.conf",
+ hostnum_to_ipaddr ($hostnum, $public_wg_net_cidr),
+ $type,
+ $front_wg_pubkey,
+ "$front_addr:$public_wg_port",
+ hostnum_to_ipaddr (1, $public_wg_net_cidr))
+ if $type ne "campus";
+ write_wg_client ("campus.conf",
+ hostnum_to_ipaddr ($hostnum, $campus_wg_net_cidr),
+ $type,
+ $gate_wg_pubkey,
+ "$gate_wild_addr:$campus_wg_port",
+ hostnum_to_ipaddr (1, $campus_wg_net_cidr));
+
+ mysystem ("ansible-playbook -e \@Secret/become.yml",
+ "-l gate,front",
+ "-t accounts playbooks/site.yml",
+ ">/dev/null");
+ exit;
+}
+
+sub write_wireguard ($) {
+ my ($yaml) = @_;
+
+ my @campus_peers # [ name, hostnum, type, pubkey, user|"" ]
+ = map { [ (split / /), "" ] } @{$yaml->{"clients"}};
+
+ my $members = $yaml->{"members"};
+ my @member_peers = ();
+ for my $u (sort keys %$members) {
+ next if $members->{$u}->{"status"} ne "current";
+ push @member_peers,
+ map { [ (split / /), $u ] } @{$members->{$u}->{"clients"}};
}
+ my @all_peers = sort { $a->[1] <=> $b->[1] }
+ (@campus_peers, @member_peers);
+
my $core_wg_addr = hostnum_to_ipaddr (2, $public_wg_net_cidr);
my $extra_front_config = "
PostUp = resolvectl dns %i $core_addr
write_wg_server ("private/front-wg0.conf", \@member_peers,
hostnum_to_ipaddr_cidr (1, $public_wg_net_cidr),
- $public_wg_port, $extra_front_config)
- if $type ne "campus";
+ $public_wg_port, $extra_front_config);
write_wg_server ("private/gate-wg0.conf", \@all_peers,
hostnum_to_ipaddr_cidr (1, $campus_wg_net_cidr),
$campus_wg_port, "\n");
-
- umask 033;
- write_wg_client ("public.conf",
- hostnum_to_ipaddr ($hostnum, $public_wg_net_cidr),
- $type,
- $front_wg_pubkey,
- "$front_addr:$public_wg_port",
- hostnum_to_ipaddr (1, $public_wg_net_cidr))
- if $type ne "campus";
- write_wg_client ("campus.conf",
- hostnum_to_ipaddr ($hostnum, $campus_wg_net_cidr),
- $type,
- $gate_wg_pubkey,
- "$gate_wild_addr:$campus_wg_port",
- hostnum_to_ipaddr (1, $campus_wg_net_cidr));
-
- exit;
}
sub write_wg_server ($$$$$) {
projects / Institute / commitdiff