From eff7413c79c5888a99e53593993c0d0af6ecbb56 Mon Sep 17 00:00:00 2001 From: Alex Leigh Date: Sun, 19 Mar 2023 02:06:17 -0700 Subject: [PATCH] make private key optional Allows private keys to be set in a post-up command and left out of config files. --- README.md | 1 + wgnetns/main.py | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d7bf280..c73b090 100644 --- a/README.md +++ b/README.md @@ -88,6 +88,7 @@ interfaces: address: - 10.10.11.172/32 - fc00:dead:beef:1::172/128 + # can also be set via "wg set wg-site-a $key" private-key: nFkQQjN+... # optional settings listen-port: 51821 diff --git a/wgnetns/main.py b/wgnetns/main.py index fde7a43..9ab829c 100755 --- a/wgnetns/main.py +++ b/wgnetns/main.py @@ -135,7 +135,7 @@ class Peer: class Interface: name: str base_netns: str - private_key: str + private_key: Optional[str] = None public_key: Optional[str] = None address: list[str] = dataclasses.field(default_factory=list) listen_port: int = 0 @@ -166,7 +166,8 @@ class Interface: def _configure_wireguard(self, namespace: Namespace) -> None: wg('set', self.name, 'listen-port', self.listen_port, netns=namespace.name) wg('set', self.name, 'fwmark', self.fwmark, netns=namespace.name) - wg('set', self.name, 'private-key', '/dev/stdin', stdin=self.private_key, netns=namespace.name) + if self.private_key: + wg('set', self.name, 'private-key', '/dev/stdin', stdin=self.private_key, netns=namespace.name) def _assign_addresses(self, namespace: Namespace) -> None: for address in self.address: