feat(wireguard): bringing wireguard to UI

config/luci.conf

@@ -19,10 +19,10 @@ CONFIG_PACKAGE_luci-proto-ppp=y
 CONFIG_PACKAGE_luci-theme-bootstrap=y
 CONFIG_PACKAGE_rpcd-mod-luci=y
 CONFIG_PACKAGE_luci-app-adblock=y
-CONFIG_PACKAGE_luci-app-mwan3=y
-CONFIG_PACKAGE_luci-app-wireguard=y
+CONFIG_PACKAGE_luci-app-mwan3=
+CONFIG_PACKAGE_luci-app-wireguard=m
 CONFIG_PACKAGE_luci-proto-3g=y
-CONFIG_PACKAGE_luci-proto-wireguard=y
+CONFIG_PACKAGE_luci-proto-wireguard=m
 CONFIG_PACKAGE_luci-mod-dashboard=y
 CONFIG_PACKAGE_luci-app-banip=y
 

packages/ns-api/Makefile

@@ -21,7 +21,7 @@ define Package/ns-api
 	CATEGORY:=NethSecurity
 	TITLE:=NethSecurity REST API
 	URL:=https://github.com/NethServer/nethsecurity-controller/
-	DEPENDS:=+python3-nethsec +python3-openssl +python3-urllib +python3-idna +python3-requests +sshpass
+	DEPENDS:=+python3-nethsec +python3-openssl +python3-urllib +python3-idna +python3-requests +sshpass +wireguard-tools
 	PKGARCH:=all
 endef
 
@@ -180,6 +180,7 @@ define Package/ns-api/install
 	$(INSTALL_BIN) ./files/post-commit/configure-netifyd.py $(1)/usr/libexec/ns-api/post-commit
 	$(INSTALL_BIN) ./files/post-commit/reload-ipsets.py $(1)/usr/libexec/ns-api/post-commit
 	$(INSTALL_BIN) ./files/post-commit/restart-cron.py $(1)/usr/libexec/ns-api/post-commit
+	$(INSTALL_BIN) ./files/post-commit/restart-wireguard.py $(1)/usr/libexec/ns-api/post-commit
 	$(INSTALL_BIN) ./files/pre-commit/clean-network.py $(1)/usr/libexec/ns-api/pre-commit
 	$(INSTALL_BIN) ./files/remove-pppoe-keepalive $(1)/usr/share/ns-api
 	$(INSTALL_DIR) $(1)/etc/uci-defaults

packages/ns-api/files/ns.devices

@@ -6,11 +6,12 @@
 #
 
 import json
-import sys
-import subprocess
 import re
+import subprocess
+import sys
+
 from euci import EUci
-from nethsec import utils, firewall
+from nethsec import firewall, utils
 
 
 def get_all_by_type_as_list(uci, config, utype):
@@ -32,7 +33,7 @@ def list_devices():
 
     # interfaces without device (e.g. bond interfaces)
     ifaces_without_device = list(
-        filter(lambda iface: not iface.get('device'), ifaces_from_config))
+        filter(lambda iface: not iface.get('device') and iface.get('proto', '') != 'wireguard', ifaces_from_config))
 
     physical_devices = get_physical_devices()
 
@@ -128,8 +129,20 @@ def list_devices():
                     ipaddr, netmask)
         else:
             # it's a device, associate its interface
-            iface = get_interface(
-                deviceOrIface.get('name'), ifaces_from_config)
+
+            # check if wireguard interface
+            if deviceOrIface.get('name', '').startswith('wg'):
+                found = False
+                for configured_iface in ifaces_from_config:
+                    if configured_iface.get('proto') == 'wireguard' and configured_iface.get('.name') == deviceOrIface.get('name'):
+                        iface = configured_iface
+                        found = True
+                        break
+                if not found:
+                    # a wireguard device pending deletion has been found
+                    continue
+            else:
+                iface = get_interface(deviceOrIface.get('name'), ifaces_from_config)
 
             if iface:
                 # convert ip4 addresses to CIDR notation
@@ -186,9 +199,12 @@ def list_devices():
 
     devices_to_show = list(filter(lambda device:
                                   # do not show devices used by bridges or bonds
-                                  not get_name(device) in devices_used_by_logical_ifaces and
+                                  get_name(device) not in devices_used_by_logical_ifaces and
                                   # do not show duplicated pppoe devices
-                                  not (device.get('name') and device.get('name').startswith('pppoe-')), all_devices))
+                                  not (device.get('name') and device.get('name').startswith('pppoe-')) and 
+                                  # discard wireguard devices without interface (pending deletion)
+                                  not (device.get('name', '').startswith('wg') and not device.get('iface'))
+                                  , all_devices))
 
     # retrieve stats
 
@@ -249,7 +265,7 @@ def list_devices():
                 'name': 'hotspot',
                 'devices': [device.get('name')]
             })
-        elif device.get('openvpn') or device.get('openvpn_rw') or device.get('zone') == 'ipsec':
+        elif device.get('openvpn') or device.get('openvpn_rw') or device.get('zone') == 'ipsec' or device.get('iface', {}).get('proto') == 'wireguard':
             # vpn
             vpn_zone = None