wireguard: Replace nmcli use with libnm

Signed-off-by: James Valleroy <jvalleroy@mailbox.org> Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
2026-01-21 07:55:00 +00:00 · 2019-09-22 07:37:41 -04:00 · 2019-09-22 07:37:41 -04:00 · 0bef87579f
commit 0bef87579f
parent eaa71f056a
2 changed files with 40 additions and 35 deletions
--- a/actions/wireguard
+++ b/actions/wireguard
@ -195,8 +195,12 @@ def _find_next_interface():
    return new_interface_name


-def _get_connection_settings(name, interface, client_ip):
+def _get_connection_settings(name, interface, endpoint, client_ip, public_key,
+                             pre_shared_key):
    """Return settings for Network Manager connection."""
+    with PRIVATE_KEY_PATH.open() as private_key_file:
+        private_key = private_key_file.read().strip()
+
    return {
        'common': {
            'name': name,
@ -212,24 +216,15 @@ def _get_connection_settings(name, interface, client_ip):
            'dns': '',
            'second_dns': '',
        },
+        'wireguard': {
+            'private_key': private_key,
+            'peer_endpoint': endpoint,
+            'peer_public_key': public_key,
+            'preshared_key': pre_shared_key,
+        },
    }


-def _create_connection(name, interface, client_ip):
-    """Create a NetworkManager connection."""
-    settings = _get_connection_settings(name, interface, client_ip)
-    network.add_connection(settings)
-
-    subprocess.run(['nmcli', 'con', 'modify', name,
-                    'connection.autoconnect', 'TRUE'], check=True)
-
-    with PRIVATE_KEY_PATH.open() as private_key_file:
-        private_key = private_key_file.read().strip()
-
-    subprocess.run(['nmcli', 'con', 'modify', name,
-                    'wireguard.private-key', private_key], check=True)
-
-
 def subcommand_add_server(arguments):
    """Add a server."""
    new_interface_name = _find_next_interface()
@ -239,16 +234,13 @@ def subcommand_add_server(arguments):
        check=True)

    connection_name = 'WireGuard-' + new_interface_name
-    _create_connection(connection_name, new_interface_name,
-                       arguments.client_ip)
-
-    # XXX: Peer is lost after connection is activated.
-    args = ['wg', 'set', new_interface_name, 'peer', arguments.public_key]
-    if arguments.pre_shared_key:
-        args += ['preshared-key', arguments.pre_shared_key]
-
-    args += ['endpoint', arguments.endpoint]
-    subprocess.run(args, check=True)
+    settings = _get_connection_settings(connection_name,
+                                        new_interface_name,
+                                        arguments.endpoint,
+                                        arguments.client_ip,
+                                        arguments.public_key,
+                                        arguments.pre_shared_key)
+    network.add_connection(settings)


 def subcommand_modify_server(arguments):
@ -263,19 +255,14 @@ def subcommand_modify_server(arguments):
                interface_to_modify = interface['interface_name']

    if interface_to_modify:
-        args = ['wg', 'set', interface_to_modify, 'peer', arguments.public_key]
-        if arguments.pre_shared_key:
-            args += ['preshared-key', arguments.pre_shared_key]
-
-        args += ['endpoint', arguments.endpoint]
-        subprocess.run(args, check=True)
-
        connection = network.get_connection_by_interface_name(
            interface_to_modify)
-
        settings = _get_connection_settings('WireGuard-' + interface_to_modify,
                                            interface_to_modify,
-                                            arguments.client_ip)
+                                            arguments.endpoint,
+                                            arguments.client_ip,
+                                            arguments.public_key,
+                                            arguments.pre_shared_key)

        if connection:
            network.edit_connection(connection, settings)
--- a/plinth/network.py
+++ b/plinth/network.py
@ -468,6 +468,21 @@ def _update_wireless_settings(connection, wireless):
    return connection


+def _update_wireguard_settings(connection, wireguard):
+    """Create/edit WireGuard settings for network manager connections."""
+    settings = nm.SettingWireGuard.new()
+    connection.add_setting(settings)
+
+    settings.set_property(nm.SETTING_WIREGUARD_PRIVATE_KEY,
+                          wireguard['private_key'])
+    # XXX: not working
+    peer = nm.WireGuardPeer.new()
+    peer.set_endpoint(wireguard['peer_endpoint'], False)
+    peer.set_public_key(wireguard['peer_public_key'], False)
+    peer.set_preshared_key(wireguard['preshared_key'], False)
+    settings.append_peer(peer)
+
+
 def _update_settings(connection, connection_uuid, settings):
    """Create/edit wifi settings for network manager connections."""
    connection = _update_common_settings(connection, connection_uuid,
@ -484,6 +499,9 @@ def _update_settings(connection, connection_uuid, settings):
    if 'wireless' in settings and settings['wireless']:
        _update_wireless_settings(connection, settings['wireless'])

+    if 'wireguard' in settings and settings['wireguard']:
+        _update_wireguard_settings(connection, settings['wireguard'])
+
    return connection