polycule-network/load.py

# PolyculeNetwork
# Copyright (C) 2024 PolyculeConnect
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import os
from ipaddress import IPv4Address, IPv4Network
import tomllib
import jinja2

import dns
from config import Config

def load_firewall(config, run):
    run("nft -f templates/rules.nft")

    run(f"nft add element ip filter local_range {{ {config.networks[config.local_network].local_range} }}")
    run(f"nft add element ip filter local_translated_range {{ {config.networks[config.local_network].local_translated_range} }}")
    for net in config.remote_networks:
        run(f"nft add element ip filter remote_range {{ {net} }}")

    for (loc, trans) in config.networks[config.local_network].translation_dict:
        run(f"nft add element ip filter ip_map_snat {{ {loc} : {trans} }}")
        run(f"nft add element ip filter ip_map_dnat {{ {trans} : {loc} }}")


def load_wireguard(config, run):
    with open("templates/wg-pn.conf.j2", "r") as f:
        env = jinja2.Environment()
        template = env.from_string(f.read())

    with open("wg-pn.conf", "w") as f:
        f.write(template.render(
            private_key=config.private_key,
            listen_port=config.wg_listen_port,
            wireguard_address=config.local_wireguard_address,
            peers=peers
        ))


def main():
    dry_run = False
    if dry_run:
        run = print
    else:
        run = os.system

    config = Config("/config/config.toml")
    load_firewall(config, run)
    load_wireguard(config, run)

    run("wg-quick up ./wg-pn.conf")
    dns.run(config, port=5353)

if __name__ == "__main__":
    main()
Add license 2024-05-03 17:07:09 +00:00			`# PolyculeNetwork`
			`# Copyright (C) 2024 PolyculeConnect`
			`#`
			`# This program is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation, either version 3 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program. If not, see <http://www.gnu.org/licenses/>.`

first commit 2024-05-02 09:31:34 +00:00			`import os`
Add DNS support 2024-07-30 07:50:47 +00:00			`from ipaddress import IPv4Address, IPv4Network`
first commit 2024-05-02 09:31:34 +00:00			`import tomllib`
			`import jinja2`

refactor 2024-08-01 20:16:29 +00:00			`import dns`
			`from config import Config`
first commit 2024-05-02 09:31:34 +00:00
refactor 2024-08-01 20:16:29 +00:00			`def load_firewall(config, run):`
Add docker 2024-07-04 12:43:27 +00:00			`run("nft -f templates/rules.nft")`
Add license 2024-05-03 17:07:09 +00:00
refactor 2024-08-01 20:16:29 +00:00			`run(f"nft add element ip filter local_range {{ {config.networks[config.local_network].local_range} }}")`
			`run(f"nft add element ip filter local_translated_range {{ {config.networks[config.local_network].local_translated_range} }}")`
			`for net in config.remote_networks:`
Add docker 2024-07-04 12:43:27 +00:00			`run(f"nft add element ip filter remote_range {{ {net} }}")`
first commit 2024-05-02 09:31:34 +00:00
refactor 2024-08-01 20:16:29 +00:00			`for (loc, trans) in config.networks[config.local_network].translation_dict:`
Add docker 2024-07-04 12:43:27 +00:00			`run(f"nft add element ip filter ip_map_snat {{ {loc} : {trans} }}")`
			`run(f"nft add element ip filter ip_map_dnat {{ {trans} : {loc} }}")`
first commit 2024-05-02 09:31:34 +00:00

refactor 2024-08-01 20:16:29 +00:00			`def load_wireguard(config, run):`
Add license 2024-05-03 17:07:09 +00:00			`with open("templates/wg-pn.conf.j2", "r") as f:`
			`env = jinja2.Environment()`
			`template = env.from_string(f.read())`
first commit 2024-05-02 09:31:34 +00:00
Add license 2024-05-03 17:07:09 +00:00			`with open("wg-pn.conf", "w") as f:`
			`f.write(template.render(`
refactor 2024-08-01 20:16:29 +00:00			`private_key=config.private_key,`
			`listen_port=config.wg_listen_port,`
			`wireguard_address=config.local_wireguard_address,`
Add license 2024-05-03 17:07:09 +00:00			`peers=peers`
			`))`
first commit 2024-05-02 09:31:34 +00:00
Add dns support 2024-07-05 13:59:47 +00:00
refactor 2024-08-01 20:16:29 +00:00			`def main():`
			`dry_run = False`
			`if dry_run:`
			`run = print`
			`else:`
			`run = os.system`

			`config = Config("/config/config.toml")`
			`load_firewall(config, run)`
			`load_wireguard(config, run)`

			`run("wg-quick up ./wg-pn.conf")`
			`dns.run(config, port=5353)`

			`if __name__ == "__main__":`
			`main()`