|
|
@@ -8,7 +8,7 @@ import sys
|
|
|
import tempfile
|
|
|
import textwrap
|
|
|
from email.mime.multipart import MIMEMultipart
|
|
|
-from email.mime.application import MIMEApplication
|
|
|
+from email.mime.application import MIMEApplication
|
|
|
from email.mime.text import MIMEText
|
|
|
|
|
|
class Email:
|
|
|
@@ -36,15 +36,17 @@ class Config:
|
|
|
self.smtp_server = config['smtp']['server']
|
|
|
self.smtp_from = config['smtp']['from']
|
|
|
self.wg_service = config['wireguard-service']['name']
|
|
|
+ self.pubkey = config['wireguard-service']['pubkey']
|
|
|
+ self.endpoint = config['wireguard-service']['endpoint']
|
|
|
|
|
|
def _run_cmd(cmd):
|
|
|
print("$ %s" % (cmd))
|
|
|
subprocess.run(cmd, shell=True, check=True)
|
|
|
|
|
|
-def check_env (member_id):
|
|
|
- """
|
|
|
- Checks if wireguard is correctly installed, the script is run as
|
|
|
- root and the member id is correct.
|
|
|
+def check_env ():
|
|
|
+ """
|
|
|
+ Checks if wireguard is correctly installed, the script is run as
|
|
|
+ root and the member id is correct.
|
|
|
"""
|
|
|
wgInstalled = os.system("wg")
|
|
|
if os.geteuid() != 0:
|
|
|
@@ -56,14 +58,17 @@ def check_env (member_id):
|
|
|
print("Il faudrait installer wireguard-tools et wireguard-dkms avant\
|
|
|
d'utiliser ce script")
|
|
|
raise Exception("Install wg")
|
|
|
+ member_email = input("EMail du nouveau membre: ")
|
|
|
+ member_id = int(input("Numéro d'adhérant du nouveau membre: "))
|
|
|
if member_id < 2 or member_id > 253:
|
|
|
print("On est parti du principe que les IDs des membres commencent à 1.")
|
|
|
print("Ah, aussi, pour le moment, on est aussi partis du principe que ça \
|
|
|
s'arrête à 253.")
|
|
|
- print("Si on a plus de 253 membres, premièrement, FÉLICITATIONS venant\
|
|
|
+ print("Si on a plus de 253 membres, premièrement, FÉLICITATIONS venant \
|
|
|
du Félix du passé. Par contre, il faut repenser l'adressage des \
|
|
|
IPs du VPN maintenant :( Ranson du succès j'immagine.")
|
|
|
raise Exception("Wrong member_id")
|
|
|
+ return (member_email, member_id)
|
|
|
|
|
|
def gen_wg_keys (temp_dir):
|
|
|
"""
|
|
|
@@ -91,21 +96,36 @@ def update_wg_config (member_id, config_file, pubkey_path, psk_path):
|
|
|
"""
|
|
|
Generate the wireguard peer entry for this new member.
|
|
|
"""
|
|
|
- wg_new_peer = '''
|
|
|
+ wg_new_peer = textwrap.dedent('''
|
|
|
[Peer]
|
|
|
- PublicKey = %PUBKEY%
|
|
|
+ PublicKey = %PUBKEY%
|
|
|
PresharedKey = %PSK%
|
|
|
AllowedIPs = 10.0.0.{1}/24, fd00::{1}/64
|
|
|
- '''.format(member_id)
|
|
|
+ ''').format(member_id)
|
|
|
with open(config_file, "a") as wg_conf_file:
|
|
|
wg_conf_file.write(wg_config)
|
|
|
_run_cmd('sed -i "s/%PUBKEY%/$(cat %s)/" "%s"' % (pubkey_path, config_file))
|
|
|
_run_cmd('sed -i "s/%PSK%/$(cat %s)/" "%s"' % (psk_path, config_file))
|
|
|
|
|
|
+def generate_wg_quick_client_config(peer_priv_key, member_id,
|
|
|
+ server_pub_key, psk, server_endpoint):
|
|
|
+ template = textwrap.dedent('''
|
|
|
+ [Interface]
|
|
|
+ PrivateKey = {0}
|
|
|
+ Address = 10.0.0.{1}/24, fd00::{1}/64
|
|
|
+ SaveConfig = false
|
|
|
+ DNS = 80.67.169.12, 80.67.169.40, 2001:910:800::12, 2001:910:800::40
|
|
|
+
|
|
|
+ [Peer]
|
|
|
+ PublicKey = {2}
|
|
|
+ PresharedKey = {3}
|
|
|
+ AllowedIPs = 0.0.0.0/0, ::/0
|
|
|
+ Endpoint = {4}
|
|
|
+ ''').format(peer_priv_key, member_id, server_pub_key, psk, server_endpoint)
|
|
|
|
|
|
def send_mail(email, wgconfig_path):
|
|
|
"""
|
|
|
- Send the private key by email.
|
|
|
+ Send the private key by email.
|
|
|
|
|
|
email:
|
|
|
- username
|
|
|
@@ -125,7 +145,7 @@ def send_mail(email, wgconfig_path):
|
|
|
blahblah, cf le wiki blahblahblah
|
|
|
''')
|
|
|
msg.attach([MIMEText(body), MIMEText(config)])
|
|
|
- with open(wgconfig_path, "rb") as f:
|
|
|
+ with open(wg_client_path, "rb") as f:
|
|
|
part = MIMEApplication(
|
|
|
f.read(),
|
|
|
Name=os.path.basename(f))
|
|
|
@@ -151,58 +171,38 @@ if __name__ == '__main__':
|
|
|
cp = configparser.ConfigParser()
|
|
|
cp.read('/etc/wireguard/wg-create.ini')
|
|
|
config = Config(cp)
|
|
|
- member_email = input("EMail du nouveau membre: ")
|
|
|
- try:
|
|
|
- member_id = int(input("Numéro d'adhérant du nouveau membre: "))
|
|
|
- except Exception as e:
|
|
|
- print("ERREUR: Le numéro d'adhérant est en théorie un entier entre 1 et 253.")
|
|
|
- sys.exit(1)
|
|
|
- try:
|
|
|
- check_env(member_id)
|
|
|
- except Exception as e:
|
|
|
- print("ERREUR: problème d'environnement: {}".format(e))
|
|
|
- sys.exit(1)
|
|
|
- print("[+] Génération des clés wireguard")
|
|
|
+ (member_email, member_id) = check_env()
|
|
|
with tempfile.TemporaryDirectory() as temp_dir:
|
|
|
+ print("[+] Génération des clés wireguard")
|
|
|
+ (privkey_path, pubkey_path, psk_path) = gen_wg_keys(temp_dir)
|
|
|
print("[+] Modification de la configuration wireguard")
|
|
|
- try:
|
|
|
- (privkey_path, pubkey_path, psk_path) = gen_wg_keys(temp_dir)
|
|
|
- if not is_duplicate_entry_wg_conf(member_id, config_file):
|
|
|
- update_wg_config(member_id, config_file, pubkey_path, psk_path)
|
|
|
- else:
|
|
|
- print("Le membre {} semble déja avoir un compte VPN.".format(member_id))
|
|
|
- print("Veuillez contacter la liste de diffusion technique\
|
|
|
- si son compte necessite une ré-activation.")
|
|
|
- sys.exit(1)
|
|
|
- except Exception as e:
|
|
|
- print("ERREUR: Problème lors de la génération des clés wireguard.")
|
|
|
- print(e)
|
|
|
+ if not is_duplicate_entry_wg_conf(member_id, config_file):
|
|
|
+ update_wg_config(member_id, config_file, pubkey_path, psk_path)
|
|
|
+ else:
|
|
|
+ print("Le membre {} semble déja avoir un compte VPN.".format(member_id))
|
|
|
+ print("Veuillez contacter la liste de diffusion technique\
|
|
|
+ si son compte necessite une ré-activation.")
|
|
|
sys.exit(1)
|
|
|
print("[+] Chargement de la nouvelle interface réseau")
|
|
|
- try:
|
|
|
- _run_cmd("systemctl restart %s" % (config.wg_service))
|
|
|
- except Exception as e:
|
|
|
- print("ERREUR: Problème lors du redémarrage du service.")
|
|
|
- print(e)
|
|
|
+ _run_cmd("systemctl restart %s" % (config.wg_service))
|
|
|
print("[+] Envoi de la clé privée au nouveau membre")
|
|
|
- try:
|
|
|
- if use_email:
|
|
|
- email = Email(config.smtp_user, config.smtp_pass, config.smtp_from,\
|
|
|
- member_email, config.smtp_server)
|
|
|
- send_email(email, privkey_path)
|
|
|
- else:
|
|
|
- print("Mode utilisateur avancé")
|
|
|
- print("=======================")
|
|
|
- print("À vous de vous débrouiller pour donner les clés/config à l'utilisateur")
|
|
|
- print("Clé privée: %s" % (privkey_path))
|
|
|
- print("Clé pré-partagée (psk): %s" % (psk_path))
|
|
|
- print("Clé publique (psk): %s" % (pubkey_path))
|
|
|
- input("Appuyez sur entrée pour continuer (les clés privées seront détruites): ")
|
|
|
- except Exception as e:
|
|
|
- print("ERREUR: erreur lors de l'envoi de l'email.")
|
|
|
- print(e)
|
|
|
- print("Veuillez envoyer tout ce message d'erreur à la liste de diffusion technique")
|
|
|
- sys.exit(1)
|
|
|
+ if use_email:
|
|
|
+ with open(privkey_path, "r") as pkh:
|
|
|
+ peer_privkey = pkh.read()
|
|
|
+ with open(psk_path, "r") as pskh:
|
|
|
+ peer_psk = pskh.read()
|
|
|
+ email = Email(config.smtp_user, config.smtp_pass, config.smtp_from,\
|
|
|
+ member_email, config.smtp_server)
|
|
|
+ send_email(email, generate_wg_quick_client_config(peer_privkey, member_id, config.pubkey,\
|
|
|
+ peer_psk, config.endpoint))
|
|
|
+ else:
|
|
|
+ print("Mode utilisateur avancé")
|
|
|
+ print("=======================")
|
|
|
+ print("À vous de vous débrouiller pour donner les clés/config à l'utilisateur")
|
|
|
+ print("Clé privée: %s" % (privkey_path))
|
|
|
+ print("Clé pré-partagée (psk): %s" % (psk_path))
|
|
|
+ print("Clé publique (psk): %s" % (pubkey_path))
|
|
|
+ input("Appuyez sur entrée pour continuer (les clés privées seront détruites): ")
|
|
|
print("[+] Nettoyage des clés")
|
|
|
_run_cmd("shred -u %s %s %s" % (privkey_path, pubkey_path, psk_path))
|
|
|
print("[+] COMPTE CRÉE AVEC SUCCÈS")
|
