diff options
| -rw-r--r-- | config.py | 2 | ||||
| -rwxr-xr-x | cronjob.py | 3 | ||||
| -rw-r--r-- | install.sh | 11 | ||||
| -rw-r--r-- | lib_autopeer.py | 3 |
4 files changed, 14 insertions, 5 deletions
@@ -9,5 +9,5 @@ DB = sqlite3.connect('file:/opt/autopeer/db/sqlite3.db?mode=rw', uri=True, autoc try: MY_PRIVKEY = open('/etc/wireguard/privkey', 'r').read().strip() -except: +except: # open will fail due to perms as user MY_PRIVKEY = None @@ -5,12 +5,15 @@ from lib_autopeer import * import os + curs = DB.execute('SELECT name, asn FROM peers') while row := curs.fetchone(): name, asn = row print(f'Processing {asn}-{name}...') birdcfg = open(f'/etc/bird/peers/as{asn}{name}.conf', 'w') + old_umask = os.umask(0o077) wgcfg = open(f'/etc/wireguard/wg{asn%10000:04}{name}.conf', 'w') + os.umask(old_umask) print(_bird_config(name, _get_peer_info(name, asn), _get_my_info(asn)), file=birdcfg) print(_wg_config(name, _get_peer_info(name, asn), _get_my_info(asn)), file=wgcfg) birdcfg.close() @@ -1,11 +1,11 @@ ssh-keygen -f /opt/autopeer/id_autopeer -echo "You need to add your new SSH key (/opt/autopeer/id_autopeer) to dn42 git to clone the repo:" +echo "You need to add your new SSH key (/opt/autopeer/id_autopeer) to dn42 gitea to clone the repo:" cat /opt/autopeer/id_autopeer.pub echo read -p "Press enter once you've done that..." -apt install git +apt install git wireguard-tools ln -s /opt/autopeer/sshd_config /etc/ssh/sshd_config.d/autopeer.conf addgroup autopeer adduser --disabled-password --comment '' new @@ -16,6 +16,11 @@ echo '*/5 * * * * root /opt/autopeer/cronjob.py' >>/etc/cron.d/autopeer mkdir /opt/autopeer/db echo 'CREATE TABLE peers (name, asn, ipll, endpoint, port, pubkey, creator_ip, creator_name, creator_date, primary key (name, asn));' | python -m sqlite3 /opt/autopeer/db/sqlite3.db -chgrp -R users /opt/autopeer/db/ +chgrp -R autopeer /opt/autopeer/db/ chmod 770 /opt/autopeer/db/ chmod 660 /opt/autopeer/db/sqlite3.db + +umask 0077 +wg genkey >/etc/wireguard/privkey +umask 0022 +wg pubkey </etc/wireguard/privkey >/etc/wireguard/pubkey diff --git a/lib_autopeer.py b/lib_autopeer.py index 84f9a74..cf3b66e 100644 --- a/lib_autopeer.py +++ b/lib_autopeer.py @@ -17,7 +17,8 @@ def _get_peer_info(name, asn): def _get_my_info(asn): return Peerdata( asn=MY_ASN, - port=((int(asn) % 10000) + 20000), + # TODO: better port logic + port=((int(asn) % 100000)), ipll=MY_IPLL, endpoint=MY_ENDPOINT, pubkey=MY_PUBKEY, |