PolyculeConnect/polycule-network
4
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Add docker

Browse source
This commit is contained in:
chapeau 2024-07-04 14:43:27 +02:00
parent edbb5fc644
commit 68eede42b2
9 changed files with 104 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.dockerignore Normal file
View file

@ -0,0 +1,2 @@
config
wg-pn.conf

32
config.toml
View file

@ -1,32 +0,0 @@
local = "net1"
[network.net1]
local_range = "192.168.1.0/30"
local_translated_range = "192.168.51.0/30"
private_key = "priv"
public_key = "pub"
listen_port = 51820
wireguard_address = "172.16.0.1/24"
endpoint = "1.2.3.4:51820"
[network.net2]
local_range = "192.168.1.0/30"
local_translated_range = "192.168.64.0/30"
private_key = "priv2"
public_key = "pub2"
listen_port = 51820
wireguard_address = "172.16.0.2/24"
endpoint = "1.2.3.5:51820"
[network.net3]
local_range = "192.168.1.0/30"
local_translated_range = "192.168.128.0/30"
untranslated_networks = "10.255.0.0/24"
private_key = "priv3"
public_key = "pub3"
listen_port = 51820
wireguard_address = "172.16.0.3/24"

15
config/config.toml Normal file
View file

@ -0,0 +1,15 @@
[network.net1]
local_range = "172.20.1.0/24"
local_translated_range = "172.21.1.0/24"
public_key = "N2LlL0Ievsjv/ea/VDpJcivYL6hfYxdcD3W54kmjaEU="
wireguard_address = "10.0.0.1/24"
endpoint = "172.20.0.11:51820"
[network.net2]
local_range = "172.20.2.0/24"
local_translated_range = "172.22.1.0/24"
public_key = "cisk8cRCQZaOxn6VaFVnpCYsamBp9iVLvhs4DtmnjS4="
wireguard_address = "10.0.0.2/24"
endpoint = "172.20.0.12:51820"

51
docker-compose.yml Normal file
View file

@ -0,0 +1,51 @@
services:
polyculenetwork1:
build:
context: .
dockerfile: ./docker/Dockerfile
container_name: polyculenetwork1
volumes:
- "./config/config.toml:/config.toml"
environment:
- LOCAL_NETWORK=net1
- PRIVATE_KEY=YLxXnAcelMMkanrdSHuci9ZSJyKQpRn7PdJK96IllV4=
- LISTEN_PORT=51820
cap_add:
- NET_ADMIN
networks:
net1:
ipv4_address: 172.20.1.11
internet:
ipv4_address: 172.20.0.11
polyculenetwork2:
build:
context: .
dockerfile: ./docker/Dockerfile
container_name: polyculenetwork2
volumes:
- "./config/config.toml:/config.toml"
environment:
- LOCAL_NETWORK=net2
- PRIVATE_KEY=OCllQNCxX5DxcJSEsjkvsWCry1FOnWe+aCupwEByFmk=
cap_add:
- NET_ADMIN
networks:
net2:
ipv4_address: 172.20.2.12
internet:
ipv4_address: 172.20.0.12
networks:
net1:
ipam:
config:
- subnet: 172.20.1.0/24
net2:
ipam:
config:
- subnet: 172.20.2.0/24
internet:
ipam:
config:
- subnet: 172.20.0.0/24

8
docker/Dockerfile Normal file
View file

@ -0,0 +1,8 @@
FROM python:3.11-alpine
ENV PYTHONUNBUFFERED=1
RUN pip install poetry
RUN apk add nftables wireguard-tools
WORKDIR /code
COPY . /code/
RUN poetry install
CMD docker/entrypoint.sh

5
docker/entrypoint.sh Executable file
View file

@ -0,0 +1,5 @@
#!/bin/sh
poetry run python load.py
wg-quick up ./wg-pn.conf
sleep infinity

29
load.py
View file

@ -20,7 +20,7 @@ import tomllib
import jinja2 import jinja2
dry_run = True dry_run = False
if dry_run: if dry_run:
run = print run = print
else: else:
@ -32,27 +32,27 @@ def load_config(path):
return data return data
def load_firewall(): def load_firewall():
data = load_config("config.toml") data = load_config("/config.toml")
run("sudo nft -f templates/rules.nft") run("nft -f templates/rules.nft")
networks = data["network"].keys() networks = data["network"].keys()
local_network = data["local"] local_network = os.environ.get('LOCAL_NETWORK')
remote_networks = list(filter(lambda k: k != local_network, networks)) remote_networks = list(filter(lambda k: k != local_network, networks))
local_range = str(ipaddress.IPv4Network(data["network"][local_network]["local_range"])) local_range = str(ipaddress.IPv4Network(data["network"][local_network]["local_range"]))
local_translated_range = str(ipaddress.IPv4Network(data["network"][local_network]["local_translated_range"])) local_translated_range = str(ipaddress.IPv4Network(data["network"][local_network]["local_translated_range"]))
remote_ranges = [str(ipaddress.IPv4Network(data["network"][net]["local_translated_range"])) for net in remote_networks] remote_ranges = [str(ipaddress.IPv4Network(data["network"][net]["local_translated_range"])) for net in remote_networks]
run(f"sudo nft add element ip filter local_range {{ {local_range} }}") run(f"nft add element ip filter local_range {{ {local_range} }}")
run(f"sudo nft add element ip filter local_translated_range {{ {local_translated_range} }}") run(f"nft add element ip filter local_translated_range {{ {local_translated_range} }}")
for net in remote_ranges: for net in remote_ranges:
run(f"sudo nft add element ip filter remote_range {{ {net} }}") run(f"nft add element ip filter remote_range {{ {net} }}")
for (loc, trans) in zip(ipaddress.IPv4Network(local_range), ipaddress.IPv4Network(local_translated_range)): for (loc, trans) in zip(ipaddress.IPv4Network(local_range), ipaddress.IPv4Network(local_translated_range)):
run(f"sudo nft add element ip filter ip_map_dnat {{ {loc} : {trans} }}") run(f"nft add element ip filter ip_map_snat {{ {loc} : {trans} }}")
run(f"sudo nft add element ip filter ip_map_dnat {{ {trans} : {loc} }}") run(f"nft add element ip filter ip_map_dnat {{ {trans} : {loc} }}")
def load_wireguard(): def load_wireguard():
@ -63,9 +63,9 @@ def load_wireguard():
peers = [] peers = []
data = load_config("config.toml") data = load_config("/config.toml")
networks = data["network"].keys() networks = data["network"].keys()
local_network = data["local"] local_network = os.environ.get('LOCAL_NETWORK')
remote_networks = list(filter(lambda k: k != local_network, networks)) remote_networks = list(filter(lambda k: k != local_network, networks))
for net in remote_networks: for net in remote_networks:
peer = { peer = {
@ -88,10 +88,11 @@ def load_wireguard():
with open("wg-pn.conf", "w") as f: with open("wg-pn.conf", "w") as f:
f.write(template.render( f.write(template.render(
private_key=data["network"][local_network]["private_key"], private_key=os.environ.get('PRIVATE_KEY'),
listen_port=data["network"][local_network]["listen_port"], listen_port=os.environ.get('LISTEN_PORT', "51820"),
wireguard_address=data["network"][local_network]["wireguard_address"], wireguard_address=data["network"][local_network]["wireguard_address"],
peers=peers peers=peers
)) ))
load_firewall() load_firewall()
load_wireguard()

23
poetry.lock generated
View file

@ -1,14 +1,14 @@
# This file is automatically @generated by Poetry 1.8.2 and should not be changed by hand. # This file is automatically @generated by Poetry 1.8.3 and should not be changed by hand.
[[package]] [[package]]
name = "jinja2" name = "jinja2"
version = "3.1.3" version = "3.1.4"
description = "A very fast and expressive template engine." description = "A very fast and expressive template engine."
optional = false optional = false
python-versions = ">=3.7" python-versions = ">=3.7"
files = [ files = [
{file = "Jinja2-3.1.3-py3-none-any.whl", hash = "sha256:7d6d50dd97d52cbc355597bd845fabfbac3f551e1f99619e39a35ce8c370b5fa"}, {file = "jinja2-3.1.4-py3-none-any.whl", hash = "sha256:bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"},
{file = "Jinja2-3.1.3.tar.gz", hash = "sha256:ac8bd6544d4bb2c9792bf3a159e80bba8fda7f07e81bc3aed565432d5925ba90"}, {file = "jinja2-3.1.4.tar.gz", hash = "sha256:4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369"},
] ]
[package.dependencies] [package.dependencies]
@ -86,18 +86,7 @@ files = [
{file = "MarkupSafe-2.1.5.tar.gz", hash = "sha256:d283d37a890ba4c1ae73ffadf8046435c76e7bc2247bbb63c00bd1a709c6544b"}, {file = "MarkupSafe-2.1.5.tar.gz", hash = "sha256:d283d37a890ba4c1ae73ffadf8046435c76e7bc2247bbb63c00bd1a709c6544b"},
] ]
[[package]]
name = "toml"
version = "0.10.2"
description = "Python Library for Tom's Obvious, Minimal Language"
optional = false
python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*"
files = [
{file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"},
{file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"},
]
[metadata] [metadata]
lock-version = "2.0" lock-version = "2.0"
python-versions = "^3.9" python-versions = "^3.11"
content-hash = "da9d08994a725c881cc7a63ecde92b65151defd09f826417f8d27b15d9cd97d7" content-hash = "c3237c8f339183364bdecaf2f59aee1f02a0099374326b5e0b314c04c07d8448"

4
pyproject.toml
View file

@ -7,9 +7,9 @@ readme = "README.md"
package-mode = false package-mode = false
[tool.poetry.dependencies] [tool.poetry.dependencies]
python = "^3.9" python = "^3.11"
Jinja2 = "^3.1.3" Jinja2 = "^3.1.3"
toml = "^0.10.2" # toml = "^0.10.2"
[build-system] [build-system]
requires = ["poetry-core"] requires = ["poetry-core"]