feat(config): read Wireguard config from secret
- defaults to `/run/secrets/wg0.conf` - can be changed with variable `WIREGUARD_CONF_SECRETFILE`
This commit is contained in:
Quentin McGaw
@@ -93,6 +93,7 @@ ENV VPN_SERVICE_PROVIDER=pia \
|
|||||||
OPENVPN_PROCESS_USER=root \
|
OPENVPN_PROCESS_USER=root \
|
||||||
OPENVPN_CUSTOM_CONFIG= \
|
OPENVPN_CUSTOM_CONFIG= \
|
||||||
# Wireguard
|
# Wireguard
|
||||||
|
WIREGUARD_CONF_SECRETFILE=/run/secrets/wg0.conf \
|
||||||
WIREGUARD_PRIVATE_KEY= \
|
WIREGUARD_PRIVATE_KEY= \
|
||||||
WIREGUARD_PRESHARED_KEY= \
|
WIREGUARD_PRESHARED_KEY= \
|
||||||
WIREGUARD_PUBLIC_KEY= \
|
WIREGUARD_PUBLIC_KEY= \
|
||||||
|
|||||||
@@ -11,11 +11,6 @@ import (
|
|||||||
"gopkg.in/ini.v1"
|
"gopkg.in/ini.v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
|
||||||
regexINISectionNotExist = regexp.MustCompile(`^section ".+" does not exist$`)
|
|
||||||
regexINIKeyNotExist = regexp.MustCompile(`key ".*" not exists$`)
|
|
||||||
)
|
|
||||||
|
|
||||||
func (s *Source) readWireguard() (wireguard settings.Wireguard, err error) {
|
func (s *Source) readWireguard() (wireguard settings.Wireguard, err error) {
|
||||||
fileStringPtr, err := ReadFromFile(s.wireguardConfigPath)
|
fileStringPtr, err := ReadFromFile(s.wireguardConfigPath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -27,6 +22,15 @@ func (s *Source) readWireguard() (wireguard settings.Wireguard, err error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
rawData := []byte(*fileStringPtr)
|
rawData := []byte(*fileStringPtr)
|
||||||
|
return ParseWireguardConf(rawData)
|
||||||
|
}
|
||||||
|
|
||||||
|
var (
|
||||||
|
regexINISectionNotExist = regexp.MustCompile(`^section ".+" does not exist$`)
|
||||||
|
regexINIKeyNotExist = regexp.MustCompile(`key ".*" not exists$`)
|
||||||
|
)
|
||||||
|
|
||||||
|
func ParseWireguardConf(rawData []byte) (wireguard settings.Wireguard, err error) {
|
||||||
iniFile, err := ini.Load(rawData)
|
iniFile, err := ini.Load(rawData)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return wireguard, fmt.Errorf("loading ini from reader: %w", err)
|
return wireguard, fmt.Errorf("loading ini from reader: %w", err)
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
package secrets
|
package secrets
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
"github.com/qdm12/gluetun/internal/configuration/settings"
|
"github.com/qdm12/gluetun/internal/configuration/settings"
|
||||||
@@ -36,5 +37,10 @@ func (s *Source) Read() (settings settings.Settings, err error) {
|
|||||||
return settings, err
|
return settings, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
settings.VPN.Wireguard, err = s.readWireguard()
|
||||||
|
if err != nil {
|
||||||
|
return settings, fmt.Errorf("reading Wireguard: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
return settings, nil
|
return settings, nil
|
||||||
}
|
}
|
||||||
|
|||||||
21
internal/configuration/sources/secrets/wireguard.go
Normal file
21
internal/configuration/sources/secrets/wireguard.go
Normal file
@@ -0,0 +1,21 @@
|
|||||||
|
package secrets
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
"github.com/qdm12/gluetun/internal/configuration/settings"
|
||||||
|
"github.com/qdm12/gluetun/internal/configuration/sources/files"
|
||||||
|
)
|
||||||
|
|
||||||
|
func (s *Source) readWireguard() (settings settings.Wireguard, err error) {
|
||||||
|
wireguardConf, err := s.readSecretFileAsStringPtr(
|
||||||
|
"WIREGUARD_CONF_SECRETFILE",
|
||||||
|
"/run/secrets/wg0.conf",
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
return settings, fmt.Errorf("reading Wireguard conf secret file: %w", err)
|
||||||
|
} else if wireguardConf != nil {
|
||||||
|
return files.ParseWireguardConf([]byte(*wireguardConf))
|
||||||
|
}
|
||||||
|
return settings, nil
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user