From 6096b7ad4b8278084a8d8a9c8274eb6daefbd255 Mon Sep 17 00:00:00 2001 From: Quentin McGaw Date: Thu, 21 Mar 2024 08:17:21 +0000 Subject: [PATCH] feat(config): read Wireguard config from secret - defaults to `/run/secrets/wg0.conf` - can be changed with variable `WIREGUARD_CONF_SECRETFILE` --- Dockerfile | 1 + .../configuration/sources/files/wireguard.go | 14 ++++++++----- .../configuration/sources/secrets/reader.go | 6 ++++++ .../sources/secrets/wireguard.go | 21 +++++++++++++++++++ 4 files changed, 37 insertions(+), 5 deletions(-) create mode 100644 internal/configuration/sources/secrets/wireguard.go diff --git a/Dockerfile b/Dockerfile index 8ae29b8a..a17912a7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -93,6 +93,7 @@ ENV VPN_SERVICE_PROVIDER=pia \ OPENVPN_PROCESS_USER=root \ OPENVPN_CUSTOM_CONFIG= \ # Wireguard + WIREGUARD_CONF_SECRETFILE=/run/secrets/wg0.conf \ WIREGUARD_PRIVATE_KEY= \ WIREGUARD_PRESHARED_KEY= \ WIREGUARD_PUBLIC_KEY= \ diff --git a/internal/configuration/sources/files/wireguard.go b/internal/configuration/sources/files/wireguard.go index 84b09ebb..69b59e11 100644 --- a/internal/configuration/sources/files/wireguard.go +++ b/internal/configuration/sources/files/wireguard.go @@ -11,11 +11,6 @@ import ( "gopkg.in/ini.v1" ) -var ( - regexINISectionNotExist = regexp.MustCompile(`^section ".+" does not exist$`) - regexINIKeyNotExist = regexp.MustCompile(`key ".*" not exists$`) -) - func (s *Source) readWireguard() (wireguard settings.Wireguard, err error) { fileStringPtr, err := ReadFromFile(s.wireguardConfigPath) if err != nil { @@ -27,6 +22,15 @@ func (s *Source) readWireguard() (wireguard settings.Wireguard, err error) { } rawData := []byte(*fileStringPtr) + return ParseWireguardConf(rawData) +} + +var ( + regexINISectionNotExist = regexp.MustCompile(`^section ".+" does not exist$`) + regexINIKeyNotExist = regexp.MustCompile(`key ".*" not exists$`) +) + +func ParseWireguardConf(rawData []byte) (wireguard settings.Wireguard, err error) { iniFile, err := ini.Load(rawData) if err != nil { return wireguard, fmt.Errorf("loading ini from reader: %w", err) diff --git a/internal/configuration/sources/secrets/reader.go b/internal/configuration/sources/secrets/reader.go index 10825aff..057744b5 100644 --- a/internal/configuration/sources/secrets/reader.go +++ b/internal/configuration/sources/secrets/reader.go @@ -1,6 +1,7 @@ package secrets import ( + "fmt" "os" "github.com/qdm12/gluetun/internal/configuration/settings" @@ -36,5 +37,10 @@ func (s *Source) Read() (settings settings.Settings, err error) { return settings, err } + settings.VPN.Wireguard, err = s.readWireguard() + if err != nil { + return settings, fmt.Errorf("reading Wireguard: %w", err) + } + return settings, nil } diff --git a/internal/configuration/sources/secrets/wireguard.go b/internal/configuration/sources/secrets/wireguard.go new file mode 100644 index 00000000..0b9a0f8b --- /dev/null +++ b/internal/configuration/sources/secrets/wireguard.go @@ -0,0 +1,21 @@ +package secrets + +import ( + "fmt" + + "github.com/qdm12/gluetun/internal/configuration/settings" + "github.com/qdm12/gluetun/internal/configuration/sources/files" +) + +func (s *Source) readWireguard() (settings settings.Wireguard, err error) { + wireguardConf, err := s.readSecretFileAsStringPtr( + "WIREGUARD_CONF_SECRETFILE", + "/run/secrets/wg0.conf", + ) + if err != nil { + return settings, fmt.Errorf("reading Wireguard conf secret file: %w", err) + } else if wireguardConf != nil { + return files.ParseWireguardConf([]byte(*wireguardConf)) + } + return settings, nil +}