gitea-mirror/rosenpass
1
0
Fork 0
mirror of https://github.com/rosenpass/rosenpass.git synced 2025-12-05 20:40:02 -08:00
Code Issues Packages Projects Releases Wiki Activity

chore(rp): Simplify peer configuration code

Browse Source
This commit is contained in:
Karolin Varner
2025-08-02 18:56:20 +02:00
parent bae336d633
commit 2d6550da0f
1 changed files with 19 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
rp/src/exchange.rs
View File

@@ -462,15 +462,20 @@ pub async fn exchange(options: ExchangeOptions) -> Result<()> {
let broker_store_ptr = srv.register_broker(Box::new(NativeUnixBroker::new()))?; let broker_store_ptr = srv.register_broker(Box::new(NativeUnixBroker::new()))?;
fn cfg_err_map(e: NativeUnixBrokerConfigBaseBuilderError) -> anyhow::Error {
anyhow::Error::msg(format!("NativeUnixBrokerConfigBaseBuilderError: {:?}", e))
}
// Configure everything per peer. // Configure everything per peer.
for peer in options.peers { for peer in options.peers {
let wgpk = peer.public_keys_dir.join("wgpk"); // TODO: Some of this is sync but should be async
let pqpk = peer.public_keys_dir.join("pqpk"); let wgpk = peer
.public_keys_dir
.join("wgpk")
.apply(tokio::fs::read_to_string)
.await?;
let pqpk = peer.public_keys_dir.join("pqpk").apply(SPk::load)?;
let psk = peer.public_keys_dir.join("psk"); let psk = peer.public_keys_dir.join("psk");
let psk = psk
.exists()
.then(|| SymKey::load_b64::<WG_B64_LEN, _>(psk))
.transpose()?;
let mut extra_params: Vec<String> = Vec::with_capacity(6); let mut extra_params: Vec<String> = Vec::with_capacity(6);
if let Some(endpoint) = peer.endpoint { if let Some(endpoint) = peer.endpoint {
@@ -490,11 +495,11 @@ pub async fn exchange(options: ExchangeOptions) -> Result<()> {
} }
let peer_cfg = NativeUnixBrokerConfigBaseBuilder::default() let peer_cfg = NativeUnixBrokerConfigBaseBuilder::default()
.peer_id_b64(&std::fs::read_to_string(wgpk)?)? .peer_id_b64(&wgpk)?
.interface(device.name().to_owned()) .interface(device.name().to_owned())
.extra_params_ser(&extra_params)? .extra_params_ser(&extra_params)?
.build() .build()
.map_err(cfg_err_map)?; .with_context(|| format!("Could not configure broker to supply keys from Rosenpass to WireGuard for peer {wgpk}."))?;
let broker_peer = Some(BrokerPeer::new( let broker_peer = Some(BrokerPeer::new(
broker_store_ptr.clone(), broker_store_ptr.clone(),
@@ -502,13 +507,8 @@ pub async fn exchange(options: ExchangeOptions) -> Result<()> {
)); ));
srv.add_peer( srv.add_peer(
if psk.exists() { psk,
Some(SymKey::load_b64::<WG_B64_LEN, _>(psk)) pqpk,
} else {
None
}
.transpose()?,
SPk::load(&pqpk)?,
None, None,
broker_peer, broker_peer,
peer.endpoint.map(|x| x.to_string()), peer.endpoint.map(|x| x.to_string()),
@@ -519,14 +519,11 @@ pub async fn exchange(options: ExchangeOptions) -> Result<()> {
// Configure routes, equivalent to `ip route replace <allowed_ips> dev <dev>` and set up // Configure routes, equivalent to `ip route replace <allowed_ips> dev <dev>` and set up
// the cleanup as `ip route del <allowed_ips>`. // the cleanup as `ip route del <allowed_ips>`.
if let Some(allowed_ips) = peer.allowed_ips { if let Some(allowed_ips) = peer.allowed_ips {
std::process::Command::new("ip") Command::new("ip")
.arg("route") .args(["route", "replace", &allowed_ips, "dev", device.name()])
.arg("replace")
.arg(allowed_ips.clone())
.arg("dev")
.arg(options.dev.clone().unwrap_or("rosenpass0".to_string()))
.status() .status()
.expect("failed to configure route"); .await
.with_context(|| format!("Could not configure routes for peer {wgpk}"))?;
} }
} }