--- rpms/smeserver-wireguard/contribs10/smeserver-wireguard-1.0-bz11721-init.patch 2021/10/28 02:50:14 1.4 +++ rpms/smeserver-wireguard/contribs10/smeserver-wireguard-1.0-bz11721-init.patch 2021/10/28 03:29:13 1.5 @@ -108,3 +108,79 @@ diff -Nur --no-dereference smeserver-wir +diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface +--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface 2021-06-28 04:41:57.000000000 -0400 ++++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface 2021-10-27 17:41:12.223000000 -0400 +@@ -4,7 +4,6 @@ + PrivateKey = {${'wg-quick@wg0'}{private}} + + # this should be added to masq with correct interfaces +-#eth0 should be rempalced by external interface if available or internal +-#PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE +-#PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE ++PostUp = iptables -I FORWARD -i %i -j ACCEPT; iptables -I FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {$outernet = ($SystemMode eq "serveronly") ? $InternalInterface{Name} : $ExternalInterface{Name}; return $InternalInterface{Name} } -j MASQUERADE ++PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {$outernet = ($SystemMode eq "serveronly") ? $InternalInterface{Name} : $ExternalInterface{Name}; return $InternalInterface{Name} } -j MASQUERADE + +diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers +--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers 2021-06-28 04:46:01.000000000 -0400 ++++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers 2021-10-27 17:41:12.429000000 -0400 +@@ -1,33 +1,36 @@ + { +-$OUT = ""; ++use esmith::AccountsDB; + +-return; +-my $wg = esmith::ConfigDB->open_ro('/etc/e-smith/db/wireguard') or return "#no peers"; +-# for each user ++my $wg = esmith::ConfigDB->open_ro('/home/e-smith/db/wireguard'); + my $accounts = esmith::AccountsDB->open_ro; +-for my $user ( $accounts->get_all_by_prop(type => 'wg0') ) { ++ ++# for each user ++my @users = ( $accounts->users ); ++push(@users, $accounts->get('admin')); ++for my $user ( @users ) { + my $username = $user->key; ++ my $count = 0; + for my $cnx ( $wg->get_all_by_prop(user => $username) ) { ++ $count++; + my $public = $cnx->prop('public'); +- my $ip = $cnx->prop('ip'); ++ my $ip = $cnx->key; + my $info = $cnx->prop('info'); ++ my $status = $cnx->prop('status') || "enabled"; ++ if ( $status eq "disabled" ) { ++ $OUT .= "\n# $username : $info DISABLED (PublicKey = $public ; AllowedIPs = $ip)\n"; ++ next; ++ } + +-# wireguard +-#private;public;ips;info#private;public;ips;info +-#private and public is base64 : +/= could be in it +-#ips can be v4 or v6 with subnet ./:, +-#info could have letters, digit and space +-# to separate multiple # +- +- $OUT .= " ++ $OUT .= " + [Peer] + # $username : $info + PublicKey = $public + AllowedIPs = $ip\n"; +- } + ++ ++ } ++ $OUT .= "# no entry for user $username\n" if $count <1; + } + + + } +- +diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers +--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers 2021-06-08 03:56:43.000000000 -0400 ++++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers 1969-12-31 19:00:00.000000000 -0500 +@@ -1,3 +0,0 @@ +- +-#TODO +-