diff --git a/app/Actions/Servers/SyncWireguardRules.php b/app/Actions/Servers/SyncWireguardRules.php new file mode 100644 index 0000000..5f9a2bb --- /dev/null +++ b/app/Actions/Servers/SyncWireguardRules.php @@ -0,0 +1,53 @@ +sshClient(); + $result = $ssh->execute('wg show wg0'); + + if (! $result->isSuccessful()) { + logger()->error('Failed to retrieve WireGuard rules', [ + 'server_id' => $server->id, + 'error' => $result->getErrorOutput(), + ]); + throw new \Exception('Failed to retrieve WireGuard rules'); + } + + $output = $result->getOutput(); + $commands = collect(); + + $server->organisation->servers()->where('id', '!=', $server->id)->each(function ($organisationServer) use (&$commands, $output, $server) { + if (Str::contains($output, $organisationServer->internal_public_key)) { + $commands->push("wg set wg0 peer {$organisationServer->internal_public_key} remove"); + } + $commands->push("wg set wg0 peer {$organisationServer->internal_public_key} allowed-ips {$organisationServer->internal_ip}/32"); + }); + + $result = $ssh->execute($commands->toArray()); + + if (! $result->isSuccessful()) { + logger()->error('Failed to sync WireGuard rules', [ + 'server_id' => $server->id, + 'error' => $result->getErrorOutput(), + ]); + throw new \Exception('Failed to sync WireGuard rules'); + } + + logger()->info('Successfully synced WireGuard rules', [ + 'server_id' => $server->id, + 'commands' => $commands->toArray(), + 'output' => $result->getOutput(), + ]); + } +} diff --git a/database/migrations/2025_03_27_120552_create_servers_table.php b/database/migrations/2025_03_27_120552_create_servers_table.php index a89f249..871b050 100644 --- a/database/migrations/2025_03_27_120552_create_servers_table.php +++ b/database/migrations/2025_03_27_120552_create_servers_table.php @@ -24,6 +24,7 @@ return new class extends Migration $table->string('provider_status'); $table->string('internal_ip'); $table->integer('internal_ip_ending'); + $table->text('internal_public_key')->nullable(); $table->string('status'); $table->string('region'); $table->string('os'); diff --git a/provision.sh b/provision.sh index 2b5b975..9a8422b 100644 --- a/provision.sh +++ b/provision.sh @@ -100,7 +100,6 @@ ip link add dev wg0 type wireguard ip address add dev wg0 192.168.2.[!internal_ip_ending!]/24 wg set wg0 listen-port 51820 private-key /root/.wg/privatekey ip link set up dev wg0 -# wg set wg0 peer allowed-ips 192.168.2.3/32 #<- this is the ip for the peer being added # Setup Keystone Home Directory Permissions chown -R keystone:keystone /home/keystone @@ -167,6 +166,7 @@ APT::Periodic::AutocleanInterval "7"; APT::Periodic::Unattended-Upgrade "1"; EOF +INTERNAL_PUBLIC_KEY="$(cat /root/.wg/publickey)" # Callback that the server is installed -curl --insecure --data "server_id=[!server_id!]" [!callback!] \ No newline at end of file +curl --insecure --data "server_id=[!server_id!]&internal_public_key=$INTERNAL_PUBLIC_KEY" [!callback!] \ No newline at end of file diff --git a/routes/web.php b/routes/web.php index 7abd4d6..199c523 100644 --- a/routes/web.php +++ b/routes/web.php @@ -1,5 +1,6 @@ validate([ 'server_id' => ['required', 'integer', 'exists:servers,id'], + 'internal_public_key' => ['required', 'string'], ]); $server = Server::find($validated['server_id']); @@ -97,8 +99,13 @@ Route::post('/provision-callback', function (Request $request) { $server->update([ 'status' => ServerStatus::ACTIVE, + 'internal_public_key' => $validated['internal_public_key'], ]); + $server->organisation->servers()->each(function ($s) { + app(SyncWireguardRules::class)->onQueue()->execute($s); + }); + return response('OK', 200); })->name('provision.callback');