From 8160c1a7f745ca0bd1cdd5fc6d0c43b58ff9e80a Mon Sep 17 00:00:00 2001 From: Nikolaos Karaolidis Date: Sat, 29 Mar 2025 12:04:18 +0000 Subject: [PATCH] chore: refactor Signed-off-by: Nikolaos Karaolidis --- src/main.rs | 85 ++------------------------ src/utils/iptables/mod.rs | 85 ++++++++++++++++++++++++++ src/utils/mod.rs | 1 + Containerfile => support/Containerfile | 0 manifest.yaml => support/manifest.yaml | 0 5 files changed, 91 insertions(+), 80 deletions(-) create mode 100644 src/utils/iptables/mod.rs create mode 100644 src/utils/mod.rs rename Containerfile => support/Containerfile (100%) rename manifest.yaml => support/manifest.yaml (100%) diff --git a/src/main.rs b/src/main.rs index 8214638..dca8457 100644 --- a/src/main.rs +++ b/src/main.rs @@ -5,6 +5,7 @@ mod config; mod models; mod routes; mod state; +mod utils; use axum::serve; use base64::{Engine, prelude::BASE64_STANDARD}; @@ -14,7 +15,7 @@ use log4rs::config::Deserializers; use mktemp::Temp; use models::interface::Interface; use std::{error::Error, fs::File, io::Write, net::SocketAddr}; -use tokio::{net::TcpListener, process::Command}; +use tokio::net::TcpListener; use config::{Args, Config}; use state::State; @@ -44,9 +45,9 @@ async fn init(state: &State) -> Result<(), Box> { .await .expect("Failed to run migrations"); - let interface_name = &state.config.wireguard.interface; let interface = { - let maybe_interface = Interface::select_by_name(&state.pg_pool, interface_name).await?; + let maybe_interface = + Interface::select_by_name(&state.pg_pool, &state.config.wireguard.interface).await?; if let Some(interface) = maybe_interface { interface @@ -67,83 +68,7 @@ async fn init(state: &State) -> Result<(), Box> { .as_bytes(), )?; - if !Command::new("ip") - .args(["link", "add", "dev", interface_name, "type", "wireguard"]) - .status() - .await? - .success() - { - return Err("Failed to create WireGuard interface".into()); - } - - if !Command::new("ip") - .args([ - "address", - "add", - &interface.address.to_string(), - "dev", - interface_name, - ]) - .status() - .await? - .success() - { - return Err("Failed to assign IP address".into()); - } - - if !Command::new("wg") - .args([ - "set", - interface_name, - "listen-port", - &interface.port.to_string(), - "private-key", - private_key_file_path - .to_str() - .ok_or("Invalid private key file path")?, - ]) - .status() - .await? - .success() - { - return Err("Failed to set WireGuard interface options".into()); - } - - if !Command::new("ip") - .args(["link", "set", "up", "dev", interface_name]) - .status() - .await? - .success() - { - return Err("Failed to set WireGuard interface up".into()); - } - - if !Command::new("iptables") - .args([ - "-t", - "nat", - "-A", - "POSTROUTING", - "-o", - "eth0", - "-j", - "MASQUERADE", - ]) - .status() - .await? - .success() - { - return Err("Failed to set iptables NAT rule".into()); - } - - if !Command::new("iptables") - .args(["-P", "FORWARD", "DROP"]) - .status() - .await? - .success() - { - return Err("Failed to set FORWARD policy to DROP".into()); - } + utils::iptables::init(&interface, &private_key_file_path).await?; Ok(()) } diff --git a/src/utils/iptables/mod.rs b/src/utils/iptables/mod.rs new file mode 100644 index 0000000..ae81ad4 --- /dev/null +++ b/src/utils/iptables/mod.rs @@ -0,0 +1,85 @@ +use std::{error::Error, path::PathBuf}; + +use tokio::process::Command; + +use crate::models::interface::Interface; + +pub async fn init( + interface: &Interface, + private_key_file_path: &PathBuf, +) -> Result<(), Box> { + if !Command::new("ip") + .args(["link", "add", "dev", &interface.name, "type", "wireguard"]) + .status() + .await? + .success() + { + return Err("Failed to create WireGuard interface".into()); + } + if !Command::new("ip") + .args([ + "address", + "add", + &interface.address.to_string(), + "dev", + &interface.name, + ]) + .status() + .await? + .success() + { + return Err("Failed to assign IP address".into()); + } + if !Command::new("wg") + .args([ + "set", + &interface.name, + "listen-port", + &interface.port.to_string(), + "private-key", + private_key_file_path + .to_str() + .ok_or("Invalid private key file path")?, + ]) + .status() + .await? + .success() + { + return Err("Failed to set WireGuard interface options".into()); + } + if !Command::new("ip") + .args(["link", "set", "up", "dev", &interface.name]) + .status() + .await? + .success() + { + return Err("Failed to set WireGuard interface up".into()); + } + if !Command::new("iptables") + .args([ + "-t", + "nat", + "-A", + "POSTROUTING", + "-o", + "eth0", + "-j", + "MASQUERADE", + ]) + .status() + .await? + .success() + { + return Err("Failed to set iptables NAT rule".into()); + } + Ok( + if !Command::new("iptables") + .args(["-P", "FORWARD", "DROP"]) + .status() + .await? + .success() + { + return Err("Failed to set FORWARD policy to DROP".into()); + }, + ) +} diff --git a/src/utils/mod.rs b/src/utils/mod.rs new file mode 100644 index 0000000..b03d8da --- /dev/null +++ b/src/utils/mod.rs @@ -0,0 +1 @@ +pub mod iptables; diff --git a/Containerfile b/support/Containerfile similarity index 100% rename from Containerfile rename to support/Containerfile diff --git a/manifest.yaml b/support/manifest.yaml similarity index 100% rename from manifest.yaml rename to support/manifest.yaml