952439885e
The generic upgrade script is moved to run after the more specific scripts. In addition, the script will now remove the configuration sections of uninstalled VPN packages, so both positive and negative changes of the default enable state can be migrated correctly. Based-on-patch-by: Cyrus Fox <cyrus@lambdacore.de> Fixes: #1187
99 lines
2.0 KiB
Lua
Executable File
99 lines
2.0 KiB
Lua
Executable File
#!/usr/bin/lua
|
|
|
|
local site = require 'gluon.site_config'
|
|
local util = require 'gluon.util'
|
|
|
|
local uci = require('simple-uci').cursor()
|
|
|
|
|
|
local syslog_level = uci:get('fastd', 'mesh_vpn', 'syslog_level') or 'verbose'
|
|
|
|
local methods
|
|
|
|
if site.mesh_vpn.fastd.configurable then
|
|
local has_null = util.contains(site.mesh_vpn.fastd.methods, 'null')
|
|
|
|
local old_methods = uci:get('fastd', 'mesh_vpn', 'method')
|
|
if old_methods then
|
|
has_null = util.contains(old_methods, 'null')
|
|
end
|
|
|
|
methods = {}
|
|
if has_null then
|
|
table.insert(methods, 'null')
|
|
end
|
|
|
|
for _, method in ipairs(site.mesh_vpn.fastd.methods) do
|
|
if method ~= 'null' then
|
|
table.insert(methods, method)
|
|
end
|
|
end
|
|
|
|
else
|
|
methods = site.mesh_vpn.fastd.methods
|
|
end
|
|
|
|
|
|
uci:section('fastd', 'fastd', 'mesh_vpn', {
|
|
group = 'gluon-mesh-vpn',
|
|
syslog_level = syslog_level,
|
|
interface = 'mesh-vpn',
|
|
mode = 'tap',
|
|
mtu = site.mesh_vpn.mtu,
|
|
secure_handshakes = true,
|
|
method = methods,
|
|
packet_mark = 1,
|
|
status_socket = '/var/run/fastd.mesh_vpn.socket',
|
|
})
|
|
uci:delete('fastd', 'mesh_vpn', 'user')
|
|
|
|
|
|
local add_groups
|
|
|
|
local function add_peer(group, name, config)
|
|
uci:section('fastd', 'peer', group .. '_peer_' .. name, {
|
|
enabled = true,
|
|
net = 'mesh_vpn',
|
|
group = group,
|
|
key = config.key,
|
|
remote = config.remotes,
|
|
})
|
|
end
|
|
|
|
local function add_group(name, config, parent)
|
|
uci:delete('fastd', name)
|
|
uci:delete_all('fastd', 'peer', function(peer)
|
|
return (peer.net == 'mesh_vpn' and peer.group == name)
|
|
end)
|
|
|
|
|
|
uci:section('fastd', 'peer_group', name, {
|
|
enabled = true,
|
|
net = 'mesh_vpn',
|
|
parent = parent,
|
|
peer_limit = config.limit,
|
|
})
|
|
|
|
if config.peers then
|
|
for peername, peerconfig in pairs(config.peers) do
|
|
add_peer(name, peername, peerconfig)
|
|
end
|
|
end
|
|
|
|
add_groups(name, config.groups, name)
|
|
end
|
|
|
|
-- declared local above
|
|
function add_groups(prefix, groups, parent)
|
|
if groups then
|
|
for name, group in pairs(groups) do
|
|
add_group(prefix .. '_' .. name, group, parent)
|
|
end
|
|
end
|
|
end
|
|
|
|
add_groups('mesh_vpn', site.mesh_vpn.fastd.groups)
|
|
|
|
|
|
uci:save('fastd')
|