Skip to content

Commit

Permalink
feat(config): read Wireguard config from secret
Browse files Browse the repository at this point in the history
- defaults to `/run/secrets/wg0.conf`
- can be changed with variable `WIREGUARD_CONF_SECRETFILE`
  • Loading branch information
qdm12 committed Mar 21, 2024
1 parent 9cb4c74 commit 6096b7a
Show file tree
Hide file tree
Showing 4 changed files with 37 additions and 5 deletions.
1 change: 1 addition & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ ENV VPN_SERVICE_PROVIDER=pia \
OPENVPN_PROCESS_USER=root \
OPENVPN_CUSTOM_CONFIG= \
# Wireguard
WIREGUARD_CONF_SECRETFILE=/run/secrets/wg0.conf \
WIREGUARD_PRIVATE_KEY= \
WIREGUARD_PRESHARED_KEY= \
WIREGUARD_PUBLIC_KEY= \
Expand Down
14 changes: 9 additions & 5 deletions internal/configuration/sources/files/wireguard.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,6 @@ import (
"gopkg.in/ini.v1"
)

var (
regexINISectionNotExist = regexp.MustCompile(`^section ".+" does not exist$`)
regexINIKeyNotExist = regexp.MustCompile(`key ".*" not exists$`)
)

func (s *Source) readWireguard() (wireguard settings.Wireguard, err error) {
fileStringPtr, err := ReadFromFile(s.wireguardConfigPath)
if err != nil {
Expand All @@ -27,6 +22,15 @@ func (s *Source) readWireguard() (wireguard settings.Wireguard, err error) {
}

rawData := []byte(*fileStringPtr)
return ParseWireguardConf(rawData)
}

var (
regexINISectionNotExist = regexp.MustCompile(`^section ".+" does not exist$`)
regexINIKeyNotExist = regexp.MustCompile(`key ".*" not exists$`)
)

func ParseWireguardConf(rawData []byte) (wireguard settings.Wireguard, err error) {
iniFile, err := ini.Load(rawData)
if err != nil {
return wireguard, fmt.Errorf("loading ini from reader: %w", err)
Expand Down
6 changes: 6 additions & 0 deletions internal/configuration/sources/secrets/reader.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package secrets

import (
"fmt"
"os"

"github.com/qdm12/gluetun/internal/configuration/settings"
Expand Down Expand Up @@ -36,5 +37,10 @@ func (s *Source) Read() (settings settings.Settings, err error) {
return settings, err
}

settings.VPN.Wireguard, err = s.readWireguard()
if err != nil {
return settings, fmt.Errorf("reading Wireguard: %w", err)
}

return settings, nil
}
21 changes: 21 additions & 0 deletions internal/configuration/sources/secrets/wireguard.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
package secrets

import (
"fmt"

"github.com/qdm12/gluetun/internal/configuration/settings"
"github.com/qdm12/gluetun/internal/configuration/sources/files"
)

func (s *Source) readWireguard() (settings settings.Wireguard, err error) {
wireguardConf, err := s.readSecretFileAsStringPtr(
"WIREGUARD_CONF_SECRETFILE",
"/run/secrets/wg0.conf",
)
if err != nil {
return settings, fmt.Errorf("reading Wireguard conf secret file: %w", err)
} else if wireguardConf != nil {
return files.ParseWireguardConf([]byte(*wireguardConf))
}
return settings, nil
}

0 comments on commit 6096b7a

Please sign in to comment.