network: wireguard WIP

cockpit-project · Jul 18, 2023 · 28f1f11 · 28f1f11
1 parent 64f7eb1
commit 28f1f11
Show file tree

Hide file tree

Showing 8 changed files with 491 additions and 5 deletions.
diff --git a/pkg/networkmanager/dialogs-common.jsx b/pkg/networkmanager/dialogs-common.jsx
@@ -35,11 +35,14 @@ import { IpSettingsDialog } from './ip-settings.jsx';
 import { TeamDialog, getGhostSettings as getTeamGhostSettings } from './team.jsx';
 import { TeamPortDialog } from './teamport.jsx';
 import { VlanDialog, getGhostSettings as getVlanGhostSettings } from './vlan.jsx';
+import { WireGuardDialog, getWireGuardGhostSettings } from './wireguard.jsx';
 import { MtuDialog } from './mtu.jsx';
 import { MacDialog } from './mac.jsx';
 import { ModalError } from 'cockpit-components-inline-notification.jsx';
 import { ModelContext } from './model-context.jsx';
 import { useDialogs } from "dialogs.jsx";
+import { install_dialog } from "cockpit-components-install-dialog.jsx";
+import { read_os_release } from "os-release.js";
 
 import {
     apply_group_member,
@@ -141,7 +144,7 @@ export const Name = ({ idPrefix, iface, setIface }) => {
     );
 };
 
-export const NetworkModal = ({ dialogError, help, idPrefix, title, onSubmit, children, isFormHorizontal }) => {
+export const NetworkModal = ({ dialogError, help, idPrefix, title, onSubmit, children, isFormHorizontal, submitDisabled = false }) => {
     const Dialogs = useDialogs();
 
     return (
@@ -152,7 +155,7 @@ export const NetworkModal = ({ dialogError, help, idPrefix, title, onSubmit, chi
             title={title}
             footer={
                 <>
-                    <Button variant='primary' id={idPrefix + "-save"} onClick={onSubmit}>
+                    <Button variant='primary' id={idPrefix + "-save"} onClick={onSubmit} isDisabled={submitDisabled}>
                         {_("Save")}
                     </Button>
                     <Button variant='link' id={idPrefix + "-cancel"} onClick={Dialogs.close}>
@@ -198,10 +201,25 @@ export const NetworkAction = ({ buttonText, iface, connectionSettings, type }) =
         if (type == 'vlan') settings = getVlanGhostSettings();
         if (type == 'team') settings = getTeamGhostSettings({ newIfaceName });
         if (type == 'bridge') settings = getBridgeGhostSettings({ newIfaceName });
+        if (type == 'wg') settings = getWireGuardGhostSettings({ newIfaceName });
     }
 
     const properties = { connection: con, dev, settings };
 
+    async function resolveDeps(type) {
+        if (type === 'wg') {
+            try {
+                await cockpit.script("command -v wg");
+            } catch {
+                const os_release = await read_os_release();
+
+                // RHEL/CentOS 8 does not have wireguard-tools
+                if (os_release.PLATFORM_ID !== "platform:el8")
+                    await install_dialog("wireguard-tools");
+            }
+        }
+    }
+
     function show() {
         let dlg = null;
         if (type == 'bond')
@@ -212,6 +230,8 @@ export const NetworkAction = ({ buttonText, iface, connectionSettings, type }) =
             dlg = <TeamDialog {...properties} />;
         else if (type == 'bridge')
             dlg = <BridgeDialog {...properties} />;
+        else if (type == 'wg')
+            dlg = <WireGuardDialog {...properties} />;
         else if (type == 'mtu')
             dlg = <MtuDialog {...properties} />;
         else if (type == 'mac')
@@ -224,8 +244,13 @@ export const NetworkAction = ({ buttonText, iface, connectionSettings, type }) =
             dlg = <IpSettingsDialog topic="ipv4" {...properties} />;
         else if (type == 'ipv6')
             dlg = <IpSettingsDialog topic="ipv6" {...properties} />;
+
         if (dlg)
-            Dialogs.show(dlg);
+            resolveDeps(type).then(() => {
+                Dialogs.show(dlg);
+            }).catch((e) => {
+                console.error(e);
+            });
     }
 
     return (

diff --git a/pkg/networkmanager/interfaces.js b/pkg/networkmanager/interfaces.js
@@ -585,6 +585,18 @@ export function NetworkManagerModel() {
             };
         }
 
+        if (settings.wireguard) {
+            result.wireguard = {
+                listen_port: get("wireguard", "listen-port", 0),
+                peers: get("wireguard", "peers", []).map(peer => ({
+                    publicKey: peer['public-key'].v,
+                    endpoint: peer.endpoint?.v ?? "", // enpoint of a peer is optional
+                    allowedIps: peer['allowed-ips'].v
+                })),
+                private_key: get("wireguard", "private-key")
+            };
+        }
+
         return result;
     }
 
@@ -699,6 +711,33 @@ export function NetworkManagerModel() {
         } else
             delete result["802-3-ethernet"];
 
+        if (settings.wireguard) {
+            set("wireguard", "private-key", "s", settings.wireguard.private_key);
+            set("wireguard", "listen-port", "u", settings.wireguard.listen_port);
+            set("wireguard", "peers", "aa{sv}", settings.wireguard.peers.map(peer => {
+                return {
+                    "public-key": {
+                        t: "s",
+                        v: peer.publicKey
+                    },
+                    ...peer.endpoint
+                        ? {
+                            endpoint: {
+                                t: "s",
+                                v: peer.endpoint
+                            }
+                        }
+                        : {},
+                    "allowed-ips": {
+                        t: "as",
+                        v: peer.allowedIps
+                    }
+                };
+            }));
+        } else {
+            delete result.wireguard;
+        }
+
         return result;
     }
 

diff --git a/pkg/networkmanager/network-interface.jsx b/pkg/networkmanager/network-interface.jsx
@@ -562,6 +562,19 @@ export const NetworkInterfacePage = ({
             return renderSettingsRow(_("VLAN"), rows, configure);
         }
 
+        function renderWireGuardSettingsRow() {
+            const rows = [];
+            const options = settings.wireguard;
+
+            if (!options) {
+                return null;
+            }
+
+            const configure = <NetworkAction type="wg" iface={iface} connectionSettings={settings} />;
+
+            return renderSettingsRow(_("WireGuard"), rows, configure);
+        }
+
         return [
             render_group(),
             renderAutoconnectRow(),
@@ -573,7 +586,8 @@ export const NetworkInterfacePage = ({
             renderBridgePortSettingsRow(),
             renderBondSettingsRow(),
             renderTeamSettingsRow(),
-            renderTeamPortSettingsRow()
+            renderTeamPortSettingsRow(),
+            renderWireGuardSettingsRow(),
         ];
     }
 

diff --git a/pkg/networkmanager/network-main.jsx b/pkg/networkmanager/network-main.jsx
@@ -138,6 +138,7 @@ export const NetworkPage = ({ privileged, operationInProgress, usage_monitor, pl
 
     const actions = privileged && (
         <>
+            <NetworkAction buttonText={_("Add VPN")} type='wg' />
             <NetworkAction buttonText={_("Add bond")} type='bond' />
             <NetworkAction buttonText={_("Add team")} type='team' />
             <NetworkAction buttonText={_("Add bridge")} type='bridge' />