harry/keystone
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync public key back to the main server post-provision, once a new server is added sync the internal ips to all others

Browse Source
This commit is contained in:
Harry (hjbdev)
2025-04-07 12:58:22 +01:00
parent e15a80163b
commit 63d506370b
4 changed files with 63 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
app/Actions/Servers/SyncWireguardRules.php Normal file
View File

@@ -0,0 +1,53 @@
<?php
namespace App\Actions\Servers;
use App\Models\Server;
use Illuminate\Support\Str;
use Spatie\QueueableAction\QueueableAction;
class SyncWireguardRules
{
use QueueableAction;
public function execute(
Server $server,
) {
$ssh = $server->sshClient();
$result = $ssh->execute('wg show wg0');
if (! $result->isSuccessful()) {
logger()->error('Failed to retrieve WireGuard rules', [
'server_id' => $server->id,
'error' => $result->getErrorOutput(),
]);
throw new \Exception('Failed to retrieve WireGuard rules');
}
$output = $result->getOutput();
$commands = collect();
$server->organisation->servers()->where('id', '!=', $server->id)->each(function ($organisationServer) use (&$commands, $output, $server) {
if (Str::contains($output, $organisationServer->internal_public_key)) {
$commands->push("wg set wg0 peer {$organisationServer->internal_public_key} remove");
}
$commands->push("wg set wg0 peer {$organisationServer->internal_public_key} allowed-ips {$organisationServer->internal_ip}/32");
});
$result = $ssh->execute($commands->toArray());
if (! $result->isSuccessful()) {
logger()->error('Failed to sync WireGuard rules', [
'server_id' => $server->id,
'error' => $result->getErrorOutput(),
]);
throw new \Exception('Failed to sync WireGuard rules');
}
logger()->info('Successfully synced WireGuard rules', [
'server_id' => $server->id,
'commands' => $commands->toArray(),
'output' => $result->getOutput(),
]);
}
}

1
database/migrations/2025_03_27_120552_create_servers_table.php
View File

@@ -24,6 +24,7 @@ return new class extends Migration
$table->string('provider_status'); $table->string('provider_status');
$table->string('internal_ip'); $table->string('internal_ip');
$table->integer('internal_ip_ending'); $table->integer('internal_ip_ending');
$table->text('internal_public_key')->nullable();
$table->string('status'); $table->string('status');
$table->string('region'); $table->string('region');
$table->string('os'); $table->string('os');

4
provision.sh
View File

@@ -100,7 +100,6 @@ ip link add dev wg0 type wireguard
ip address add dev wg0 192.168.2.[!internal_ip_ending!]/24 ip address add dev wg0 192.168.2.[!internal_ip_ending!]/24
wg set wg0 listen-port 51820 private-key /root/.wg/privatekey wg set wg0 listen-port 51820 private-key /root/.wg/privatekey
ip link set up dev wg0 ip link set up dev wg0
# wg set wg0 peer <PEER_PUBLIC_KEY> allowed-ips 192.168.2.3/32 #<- this is the ip for the peer being added
# Setup Keystone Home Directory Permissions # Setup Keystone Home Directory Permissions
chown -R keystone:keystone /home/keystone chown -R keystone:keystone /home/keystone
@@ -167,6 +166,7 @@ APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1"; APT::Periodic::Unattended-Upgrade "1";
EOF EOF
INTERNAL_PUBLIC_KEY="$(cat /root/.wg/publickey)"
# Callback that the server is installed # Callback that the server is installed
curl --insecure --data "server_id=[!server_id!]" [!callback!] curl --insecure --data "server_id=[!server_id!]&internal_public_key=$INTERNAL_PUBLIC_KEY" [!callback!]

7
routes/web.php
View File

@@ -1,5 +1,6 @@
<?php <?php
use App\Actions\Servers\SyncWireguardRules;
use App\Enums\ServerStatus; use App\Enums\ServerStatus;
use App\Http\Controllers\ApplicationController; use App\Http\Controllers\ApplicationController;
use App\Http\Controllers\EnvironmentController; use App\Http\Controllers\EnvironmentController;
@@ -72,6 +73,7 @@ Route::get('/provision-script', function (Request $request) {
Route::post('/provision-callback', function (Request $request) { Route::post('/provision-callback', function (Request $request) {
$validated = $request->validate([ $validated = $request->validate([
'server_id' => ['required', 'integer', 'exists:servers,id'], 'server_id' => ['required', 'integer', 'exists:servers,id'],
'internal_public_key' => ['required', 'string'],
]); ]);
$server = Server::find($validated['server_id']); $server = Server::find($validated['server_id']);
@@ -97,8 +99,13 @@ Route::post('/provision-callback', function (Request $request) {
$server->update([ $server->update([
'status' => ServerStatus::ACTIVE, 'status' => ServerStatus::ACTIVE,
'internal_public_key' => $validated['internal_public_key'],
]); ]);
$server->organisation->servers()->each(function ($s) {
app(SyncWireguardRules::class)->onQueue()->execute($s);
});
return response('OK', 200); return response('OK', 200);
})->name('provision.callback'); })->name('provision.callback');