From 0bef87579f2c1940d8534aa1f2f4f13236927097 Mon Sep 17 00:00:00 2001
From: James Valleroy <jvalleroy@mailbox.org>
Date: Sun, 22 Sep 2019 07:37:41 -0400
Subject: [PATCH] wireguard: Replace nmcli use with libnm

Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
---
 actions/wireguard | 57 ++++++++++++++++++-----------------------------
 plinth/network.py | 18 +++++++++++++++
 2 files changed, 40 insertions(+), 35 deletions(-)

diff --git a/actions/wireguard b/actions/wireguard
index 61125d85d..6465da242 100755
--- a/actions/wireguard
+++ b/actions/wireguard
@@ -195,8 +195,12 @@ def _find_next_interface():
     return new_interface_name
 
 
-def _get_connection_settings(name, interface, client_ip):
+def _get_connection_settings(name, interface, endpoint, client_ip, public_key,
+                             pre_shared_key):
     """Return settings for Network Manager connection."""
+    with PRIVATE_KEY_PATH.open() as private_key_file:
+        private_key = private_key_file.read().strip()
+
     return {
         'common': {
             'name': name,
@@ -212,24 +216,15 @@ def _get_connection_settings(name, interface, client_ip):
             'dns': '',
             'second_dns': '',
         },
+        'wireguard': {
+            'private_key': private_key,
+            'peer_endpoint': endpoint,
+            'peer_public_key': public_key,
+            'preshared_key': pre_shared_key,
+        },
     }
 
 
-def _create_connection(name, interface, client_ip):
-    """Create a NetworkManager connection."""
-    settings = _get_connection_settings(name, interface, client_ip)
-    network.add_connection(settings)
-
-    subprocess.run(['nmcli', 'con', 'modify', name,
-                    'connection.autoconnect', 'TRUE'], check=True)
-
-    with PRIVATE_KEY_PATH.open() as private_key_file:
-        private_key = private_key_file.read().strip()
-
-    subprocess.run(['nmcli', 'con', 'modify', name,
-                    'wireguard.private-key', private_key], check=True)
-
-
 def subcommand_add_server(arguments):
     """Add a server."""
     new_interface_name = _find_next_interface()
@@ -239,16 +234,13 @@ def subcommand_add_server(arguments):
         check=True)
 
     connection_name = 'WireGuard-' + new_interface_name
-    _create_connection(connection_name, new_interface_name,
-                       arguments.client_ip)
-
-    # XXX: Peer is lost after connection is activated.
-    args = ['wg', 'set', new_interface_name, 'peer', arguments.public_key]
-    if arguments.pre_shared_key:
-        args += ['preshared-key', arguments.pre_shared_key]
-
-    args += ['endpoint', arguments.endpoint]
-    subprocess.run(args, check=True)
+    settings = _get_connection_settings(connection_name,
+                                        new_interface_name,
+                                        arguments.endpoint,
+                                        arguments.client_ip,
+                                        arguments.public_key,
+                                        arguments.pre_shared_key)
+    network.add_connection(settings)
 
 
 def subcommand_modify_server(arguments):
@@ -263,19 +255,14 @@ def subcommand_modify_server(arguments):
                 interface_to_modify = interface['interface_name']
 
     if interface_to_modify:
-        args = ['wg', 'set', interface_to_modify, 'peer', arguments.public_key]
-        if arguments.pre_shared_key:
-            args += ['preshared-key', arguments.pre_shared_key]
-
-        args += ['endpoint', arguments.endpoint]
-        subprocess.run(args, check=True)
-
         connection = network.get_connection_by_interface_name(
             interface_to_modify)
-
         settings = _get_connection_settings('WireGuard-' + interface_to_modify,
                                             interface_to_modify,
-                                            arguments.client_ip)
+                                            arguments.endpoint,
+                                            arguments.client_ip,
+                                            arguments.public_key,
+                                            arguments.pre_shared_key)
 
         if connection:
             network.edit_connection(connection, settings)
diff --git a/plinth/network.py b/plinth/network.py
index b77d3061e..4a3f62400 100644
--- a/plinth/network.py
+++ b/plinth/network.py
@@ -468,6 +468,21 @@ def _update_wireless_settings(connection, wireless):
     return connection
 
 
+def _update_wireguard_settings(connection, wireguard):
+    """Create/edit WireGuard settings for network manager connections."""
+    settings = nm.SettingWireGuard.new()
+    connection.add_setting(settings)
+
+    settings.set_property(nm.SETTING_WIREGUARD_PRIVATE_KEY,
+                          wireguard['private_key'])
+    # XXX: not working
+    peer = nm.WireGuardPeer.new()
+    peer.set_endpoint(wireguard['peer_endpoint'], False)
+    peer.set_public_key(wireguard['peer_public_key'], False)
+    peer.set_preshared_key(wireguard['preshared_key'], False)
+    settings.append_peer(peer)
+
+
 def _update_settings(connection, connection_uuid, settings):
     """Create/edit wifi settings for network manager connections."""
     connection = _update_common_settings(connection, connection_uuid,
@@ -484,6 +499,9 @@ def _update_settings(connection, connection_uuid, settings):
     if 'wireless' in settings and settings['wireless']:
         _update_wireless_settings(connection, settings['wireless'])
 
+    if 'wireguard' in settings and settings['wireguard']:
+        _update_wireguard_settings(connection, settings['wireguard'])
+
     return connection