From bf8f3040ec834bbf81851433e81373e5f84dcda5 Mon Sep 17 00:00:00 2001
From: Christof Schulze <christof.schulze@gmx.net>
Date: Sat, 24 Aug 2019 13:54:44 +0200
Subject: [PATCH] gluon-mesh-vpn-core: add wireguard support

---
 .../config-mode/reboot/0100-mesh-vpn.lua      |  9 +++++
 .../luasrc/lib/gluon/upgrade/500-mesh-vpn     | 33 +++++++++++--------
 2 files changed, 29 insertions(+), 13 deletions(-)

diff --git a/package/gluon-config-mode-mesh-vpn/luasrc/lib/gluon/config-mode/reboot/0100-mesh-vpn.lua b/package/gluon-config-mode-mesh-vpn/luasrc/lib/gluon/config-mode/reboot/0100-mesh-vpn.lua
index b94d194a..2c8e4192 100644
--- a/package/gluon-config-mode-mesh-vpn/luasrc/lib/gluon/config-mode/reboot/0100-mesh-vpn.lua
+++ b/package/gluon-config-mode-mesh-vpn/luasrc/lib/gluon/config-mode/reboot/0100-mesh-vpn.lua
@@ -35,6 +35,15 @@ elseif has_fastd then
 	else
 		msg = site_i18n._translate('gluon-config-mode:novpn')
 	end
+elseif has_wireguard then
+	local wireguard_enabled = uci:get_bool("wireguard", "mesh_vpn", "enabled")
+	if wireguard_enabled then
+		local secret = util.trim(util.exec("/usr/bin/gluon-mesh-vpn-wireguard-get-or-create-secret"))
+		pubkey = util.trim(util.exec("/usr/bin/wg pubkey < " .. secret))
+		msg = site_i18n._translate('gluon-config-mode:pubkey')
+	else
+		msg = site_i18n._translate('gluon-config-mode:novpn')
+	end
 end
 
 if not msg then return end
diff --git a/package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/500-mesh-vpn b/package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/500-mesh-vpn
index 019b9afb..63fc98eb 100755
--- a/package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/500-mesh-vpn
+++ b/package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/500-mesh-vpn
@@ -8,16 +8,19 @@ local uci = require('simple-uci').cursor()
 local unistd = require 'posix.unistd'
 
 
-uci:section('network', 'interface', 'mesh_vpn', {
-	ifname = 'mesh-vpn',
-	proto = 'gluon_mesh',
-	transitive = true,
-	fixed_mtu = true,
-	macaddr = util.generate_mac(7),
-	mtu = site.mesh_vpn.mtu(),
-})
-
-uci:save('network')
+if not unistd.access('/lib/gluon/mesh-vpn/wireguard') then
+	-- wireguard brings its own mechanism for creating interfaces as it
+	-- requires one interface per peer.
+	uci:section('network', 'interface', 'mesh_vpn', {
+		ifname = 'mesh-vpn',
+		proto = 'gluon_mesh',
+		transitive = true,
+		fixed_mtu = true,
+		macaddr = util.generate_mac(7),
+		mtu = site.mesh_vpn.mtu(),
+	})
+	uci:save('network')
+end
 
 
 -- The previously used user and group are removed, we now have a generic group
@@ -40,10 +43,13 @@ if not uci:get('gluon', 'mesh_vpn') then
 		vpn = 'fastd'
 	elseif unistd.access('/lib/gluon/mesh-vpn/tunneldigger') then
 		vpn = 'tunneldigger'
+	elseif  unistd.access('/lib/gluon/mesh-vpn/wireguard') then
+		vpn = 'wireguard'
 	end
 
 	local fastd_enabled = uci:get('fastd', 'mesh_vpn', 'enabled')
 	local tunneldigger_enabled = uci:get('tunneldigger', 'mesh_vpn', 'enabled')
+	local wireguard_enabled = uci:get('wireguard', 'mesh_vpn', 'enabled')
 
 	local enabled
 
@@ -52,15 +58,16 @@ if not uci:get('gluon', 'mesh_vpn') then
 		enabled = fastd_enabled == '1'
 	elseif vpn == 'tunneldigger' and tunneldigger_enabled then
 		enabled = tunneldigger_enabled == '1'
+	elseif vpn == 'wireguard' and wireguard_enabled then
+		enabled = wireguard_enabled == '1'
 	-- Otherwise, migrate the other package's value if any is set
-	elseif fastd_enabled or tunneldigger_enabled then
-		enabled = fastd_enabled == '1' or tunneldigger_enabled == '1'
+	elseif fastd_enabled or tunneldigger_enabled or wireguard_enabled then
+		enabled = fastd_enabled == '1' or tunneldigger_enabled == '1' or wireguard_enabled == '1'
 	-- If nothing is set, use the default
 	else
 		enabled = site.mesh_vpn.enabled(false)
 	end
 
-
 	local limit_enabled = tonumber((uci:get('simple-tc', 'mesh_vpn', 'enabled')))
 	if limit_enabled == nil then
 		limit_enabled = site.mesh_vpn.bandwidth_limit.enabled(false)