gluon/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd
David Bauer 98a1c196ed mesh-vpn: fully abstract VPN methods
This fully abstracts VPN methods, making gluon-mesh-vpn-fastd and
gluon-mesh-vpn-tunneldigger completely self-contained.

Provide a LUA interface for generic interacting with VPN methods in
gluon-mesh-vpn-core and web packages.

This also adds the ability to install tunneldigger and fastd to the same
image, selecting the VPN method based on the selected domain.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-05-22 06:54:23 +02:00

123 lines
2.7 KiB
Lua
Executable File

#!/usr/bin/lua
local site = require 'gluon.site'
local util = require 'gluon.util'
local vpn_core = require 'gluon.mesh-vpn'
local uci = require('simple-uci').cursor()
local syslog_level = uci:get('fastd', 'mesh_vpn', 'syslog_level') or 'verbose'
local methods
if site.mesh_vpn.fastd.configurable(false) then
local has_null = util.contains(site.mesh_vpn.fastd.methods(), 'null')
local old_methods = uci:get('fastd', 'mesh_vpn', 'method')
if old_methods then
has_null = util.contains(old_methods, 'null')
end
methods = {}
if has_null then
table.insert(methods, 'null')
end
for _, method in ipairs(site.mesh_vpn.fastd.methods()) do
if method ~= 'null' then
table.insert(methods, method)
end
end
else
methods = site.mesh_vpn.fastd.methods()
end
uci:section('fastd', 'fastd', 'mesh_vpn', {
group = 'gluon-mesh-vpn',
syslog_level = syslog_level,
interface = vpn_core.get_interface(),
mode = 'tap',
mtu = site.mesh_vpn.mtu(),
secure_handshakes = true,
method = methods,
packet_mark = 1,
status_socket = '/var/run/fastd.mesh_vpn.socket',
})
uci:delete('fastd', 'mesh_vpn', 'user')
-- Collect list of groups that have peers with 'preserve' flag
local preserve_groups = {}
local function preserve_group(name)
if not name or preserve_groups[name] then
return
end
preserve_groups[name] = true
local parent = uci:get('fastd', name, 'group')
preserve_group(parent)
end
uci:foreach('fastd', 'peer', function(peer)
if peer.net == 'mesh_vpn' and peer.preserve == '1' then
preserve_group(peer.group)
end
end)
-- Clean up previous configuration
uci:delete_all('fastd', 'peer', function(peer)
return (peer.net == 'mesh_vpn' and peer.preserve ~= '1')
end)
uci:delete_all('fastd', 'peer_group', function(group)
return (group.net == 'mesh_vpn' and not preserve_groups[group['.name']])
end)
local add_groups
local function add_peer(group, name, config)
local uci_name = group .. '_peer_' .. name
if uci:get_bool('fastd', uci_name, 'preserve') then
return
end
uci:section('fastd', 'peer', uci_name, {
enabled = true,
net = 'mesh_vpn',
group = group,
key = config.key,
remote = config.remotes,
})
end
local function add_group(name, config, parent)
uci:section('fastd', 'peer_group', name, {
enabled = true,
net = 'mesh_vpn',
parent = parent,
peer_limit = config.limit,
})
for peername, peerconfig in pairs(config.peers or {}) do
add_peer(name, peername, peerconfig)
end
add_groups(name, config.groups, name)
end
-- declared local above
function add_groups(prefix, groups, parent)
for name, group in pairs(groups or {}) do
add_group(prefix .. '_' .. name, group, parent)
end
end
add_groups('mesh_vpn', site.mesh_vpn.fastd.groups())
uci:save('fastd')