| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 |
- def sanitize_string str
- return str.dump[1...-1]
- end
- def ansible_encrypt to_encrypt
- res = `echo -n #{to_encrypt} | ansible-vault encrypt_string --vault-password-file=#{$vault_file}`
- if res =~ /(!vault \|[A-Za-z_;.0-9\n\s$]*)$/
- return $1
- else
- raise 'Failed to encrypt'
- end
- end
- class WireGuard
- def self.generate_psk
- return `wg genpsk`.strip
- end
- def self.generate_privkey
- return `wg genkey`.strip
- end
- def self.get_pubkey privkey
- raise 'Private key must be a string' unless privkey.is_a? String
- return `echo -n #{privkey} | wg pubkey`.strip
- end
- end
- def print_template args
- puts " - name: <insert name>"
- puts " autostart: true"
- puts " listen_port: <insert port>"
- puts " privkey: #{args[:privkey]}"
- puts " addresses:"
- puts " - local: <insert address>"
- puts " remote: <insert address>"
- puts " table: false"
- puts " peers:"
- puts " - endpoint: <insert endpoint>"
- puts " pubkey: #{args[:pubkey]}"
- puts " psk: #{args[:psk]}"
- puts " allowed_ips:"
- puts " - 0.0.0.0/0"
- puts " - \"::/0\""
- end
- if ARGV[0]
- $vault_file = ARGV[0].dup.strip.freeze
- else
- raise "No vault file given"
- end
- puts "Vault file is #{sanitize_string $vault_file}."
- psk = WireGuard.generate_psk
- privkey1 = WireGuard.generate_privkey
- pubkey1 = WireGuard.get_pubkey privkey1
- encrypted_privkey1 = ansible_encrypt privkey1
- privkey2 = WireGuard.generate_privkey
- pubkey2 = WireGuard.get_pubkey privkey2
- encrypted_privkey2 = ansible_encrypt privkey2
- puts "---> Peer 1:"
- print_template psk:, privkey: encrypted_privkey1, pubkey: pubkey2
- puts "---> Peer 2:"
- print_template psk:, privkey: encrypted_privkey2, pubkey: pubkey1
|
