chore: refactor

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>

src/main.rs

@@ -5,6 +5,7 @@ mod config;
 mod models;
 mod routes;
 mod state;
+mod utils;
 
 use axum::serve;
 use base64::{Engine, prelude::BASE64_STANDARD};
@@ -14,7 +15,7 @@ use log4rs::config::Deserializers;
 use mktemp::Temp;
 use models::interface::Interface;
 use std::{error::Error, fs::File, io::Write, net::SocketAddr};
-use tokio::{net::TcpListener, process::Command};
+use tokio::net::TcpListener;
 
 use config::{Args, Config};
 use state::State;
@@ -44,9 +45,9 @@ async fn init(state: &State) -> Result<(), Box<dyn Error + Send + Sync>> {
         .await
         .expect("Failed to run migrations");
 
-    let interface_name = &state.config.wireguard.interface;
     let interface = {
-        let maybe_interface = Interface::select_by_name(&state.pg_pool, interface_name).await?;
+        let maybe_interface =
+            Interface::select_by_name(&state.pg_pool, &state.config.wireguard.interface).await?;
 
         if let Some(interface) = maybe_interface {
             interface
@@ -67,83 +68,7 @@ async fn init(state: &State) -> Result<(), Box<dyn Error + Send + Sync>> {
                 .as_bytes(),
         )?;
 
-    if !Command::new("ip")
+    utils::iptables::init(&interface, &private_key_file_path).await?;
-        .args(["link", "add", "dev", interface_name, "type", "wireguard"])
-        .status()
-        .await?
-        .success()
-    {
-        return Err("Failed to create WireGuard interface".into());
-    }
-
-    if !Command::new("ip")
-        .args([
-            "address",
-            "add",
-            &interface.address.to_string(),
-            "dev",
-            interface_name,
-        ])
-        .status()
-        .await?
-        .success()
-    {
-        return Err("Failed to assign IP address".into());
-    }
-
-    if !Command::new("wg")
-        .args([
-            "set",
-            interface_name,
-            "listen-port",
-            &interface.port.to_string(),
-            "private-key",
-            private_key_file_path
-                .to_str()
-                .ok_or("Invalid private key file path")?,
-        ])
-        .status()
-        .await?
-        .success()
-    {
-        return Err("Failed to set WireGuard interface options".into());
-    }
-
-    if !Command::new("ip")
-        .args(["link", "set", "up", "dev", interface_name])
-        .status()
-        .await?
-        .success()
-    {
-        return Err("Failed to set WireGuard interface up".into());
-    }
-
-    if !Command::new("iptables")
-        .args([
-            "-t",
-            "nat",
-            "-A",
-            "POSTROUTING",
-            "-o",
-            "eth0",
-            "-j",
-            "MASQUERADE",
-        ])
-        .status()
-        .await?
-        .success()
-    {
-        return Err("Failed to set iptables NAT rule".into());
-    }
-
-    if !Command::new("iptables")
-        .args(["-P", "FORWARD", "DROP"])
-        .status()
-        .await?
-        .success()
-    {
-        return Err("Failed to set FORWARD policy to DROP".into());
-    }
 
     Ok(())
 }

src/utils/iptables/mod.rs

@@ -0,0 +1,85 @@
+use std::{error::Error, path::PathBuf};
+
+use tokio::process::Command;
+
+use crate::models::interface::Interface;
+
+pub async fn init(
+    interface: &Interface,
+    private_key_file_path: &PathBuf,
+) -> Result<(), Box<dyn Error + Send + Sync>> {
+    if !Command::new("ip")
+        .args(["link", "add", "dev", &interface.name, "type", "wireguard"])
+        .status()
+        .await?
+        .success()
+    {
+        return Err("Failed to create WireGuard interface".into());
+    }
+    if !Command::new("ip")
+        .args([
+            "address",
+            "add",
+            &interface.address.to_string(),
+            "dev",
+            &interface.name,
+        ])
+        .status()
+        .await?
+        .success()
+    {
+        return Err("Failed to assign IP address".into());
+    }
+    if !Command::new("wg")
+        .args([
+            "set",
+            &interface.name,
+            "listen-port",
+            &interface.port.to_string(),
+            "private-key",
+            private_key_file_path
+                .to_str()
+                .ok_or("Invalid private key file path")?,
+        ])
+        .status()
+        .await?
+        .success()
+    {
+        return Err("Failed to set WireGuard interface options".into());
+    }
+    if !Command::new("ip")
+        .args(["link", "set", "up", "dev", &interface.name])
+        .status()
+        .await?
+        .success()
+    {
+        return Err("Failed to set WireGuard interface up".into());
+    }
+    if !Command::new("iptables")
+        .args([
+            "-t",
+            "nat",
+            "-A",
+            "POSTROUTING",
+            "-o",
+            "eth0",
+            "-j",
+            "MASQUERADE",
+        ])
+        .status()
+        .await?
+        .success()
+    {
+        return Err("Failed to set iptables NAT rule".into());
+    }
+    Ok(
+        if !Command::new("iptables")
+            .args(["-P", "FORWARD", "DROP"])
+            .status()
+            .await?
+            .success()
+        {
+            return Err("Failed to set FORWARD policy to DROP".into());
+        },
+    )
+}

src/utils/mod.rs

@@ -0,0 +1 @@
+pub mod iptables;