Timotej Lazar
a8abf580f9
vpn: assign an IPv6 subnet instead of a single address
...
We are limited by the size of IPv4 pool (/18), so why not give
everyone an IPv4-internetful of IPv6 addresses.
2023-12-12 19:26:55 +01:00
Timotej Lazar
85714f83b9
Warn about deleting key for active connection
2023-12-10 13:21:52 +01:00
Timotej Lazar
bb68978b22
Clean up save_config
2023-12-10 12:32:47 +01:00
Timotej Lazar
ff2246df8c
vpn: configure IPv6 addresses for WG clients
2023-12-08 17:12:37 +01:00
Timotej Lazar
92e552eb76
nat: rename bound variable
2023-12-04 09:47:50 +01:00
Timotej Lazar
32b182856d
Set blueprint paths in main app
...
Make blueprints more self-contained for no apparent reason.
2023-12-04 09:46:37 +01:00
Timotej Lazar
abc7a0728b
Generate ipsets for network groups
...
Like office and server.
2023-10-03 13:36:58 +02:00
Timotej Lazar
c09410f731
Show allowed characters when creating new WG key
2023-10-03 11:38:07 +02:00
Timotej Lazar
ea6ca9b55d
Tweak HTML templates
2023-09-15 14:57:42 +02:00
Timotej Lazar
d2b08bf891
Simplify
2023-09-15 14:26:11 +02:00
Timotej Lazar
d704202e6e
Parametrize wg.conf template
2023-09-15 14:24:22 +02:00
Timotej Lazar
f5af9eeb59
Rename a variable
2023-09-15 13:58:21 +02:00
Timotej Lazar
e5f86e72c2
Get OIDC end_session_endpoint from server metadata
2023-09-14 10:09:45 +02:00
Timotej Lazar
02059e5043
Copy OIDC settings to app.config on init
...
So we avoid locking the settings file at runtime.
2023-09-13 13:21:23 +02:00
Timotej Lazar
0dc2563b31
Rename route for SSO authorization
2023-09-11 15:37:58 +02:00
Timotej Lazar
ea6aa37131
Fix OIDC id_token parsing
...
Unbreak it, actually.
2023-09-11 15:10:19 +02:00
Timotej Lazar
719bcf7c55
Improve LDAP lookup of user groups
2023-09-07 15:02:08 +02:00
Timotej Lazar
9dc0fbb4fe
Switch to OIDC authentication
2023-09-07 11:46:57 +02:00
Timotej Lazar
5add39a8a7
Add form for editing ipsets
2023-07-24 16:43:57 +02:00
Timotej Lazar
a5df435931
Consolidate error handling
...
Do or do not; there is no try. With some exceptions.
2023-07-12 14:19:18 +02:00
Timotej Lazar
8c824fe9e6
Improve admin settings page
...
The improvements are mostly cosmetic^Wquestionable.
2023-07-07 13:23:51 +02:00
Timotej Lazar
dd607dbddd
Add a nicer response for TimeoutError
2023-07-07 10:15:02 +02:00
Timotej Lazar
6b72316076
Add node status page
2023-07-07 10:13:55 +02:00
Timotej Lazar
4ef3efbc68
Handle exceptions when sending mail
2023-07-07 09:04:17 +02:00
Timotej Lazar
5262c64244
Add form for editing NAT addresses
2023-07-07 08:20:35 +02:00
Timotej Lazar
8b8c675759
Rename networks.json to ipsets.json
...
Getting ready for some changes.
2023-07-06 16:28:15 +02:00
Timotej Lazar
1ff6c9d0d3
Tweak templates for editing and managing rules
2023-07-04 12:18:01 +02:00
Timotej Lazar
5e65755ec0
Add error reporting over email and improve logging
2023-07-03 16:01:14 +02:00
Timotej Lazar
b55ae4d305
Use a script on firewall nodes to update config
...
So we can get some feedback to firewall master.
2023-06-28 14:17:39 +02:00
Timotej Lazar
4fb2d2c732
Add version number to config tarballs
...
Preparing to rework the updater script.
2023-06-26 18:26:35 +02:00
Timotej Lazar
fb1c328893
Normalize line endings from textareas
...
Every day for us something new.
2023-06-26 11:49:26 +02:00
Timotej Lazar
5ba9c03e23
Don’t print empty element lists in nftables
...
Because nft chokes on them.
2023-06-26 10:15:03 +02:00
Timotej Lazar
e84cb26dc7
Fix up Flask settings
...
DEBUG is apparently strongly discouraged. Use --debug instead.
2023-05-29 13:37:16 +02:00
Timotej Lazar
6780f074c7
Support IPv6 sets
...
Also some unrelated cleanups in system.save_config.
2023-05-29 13:00:39 +02:00
Timotej Lazar
765d4a3ce7
Add support for managing forwarding rules
2023-05-29 12:24:21 +02:00
Timotej Lazar
52a5b7cd11
Use iif/oif instead of iifname/oifname in nftables rules
...
Following the change in ansible scripts.
2023-05-23 11:31:13 +02:00
Timotej Lazar
22cec64bef
Simplify database locking
...
Use a single lock for everything to ensure we don’t go inconsistent.
One exception is the firewall nodes table which is only accessed when
pushing updated config.
2023-05-19 09:30:28 +02:00
Timotej Lazar
93458c4782
Allow custom timeout for db locking
2023-05-19 09:03:15 +02:00
Timotej Lazar
9272b3f8e3
Improve landing page slightly
2023-05-19 09:00:01 +02:00
Timotej Lazar
aeae0f8a29
Rework NAT settings again
2023-05-19 08:31:49 +02:00
Timotej Lazar
968a2736d2
Rework NAT settings
...
Support static NAT for L2 server networks. Also some other minor
tweaks.
2023-05-11 10:37:54 +02:00
Timotej Lazar
9476a28674
Rename “comment”→“name” in wg key config
2023-04-24 09:54:23 +02:00
Timotej Lazar
2793385693
Rename some bound variables
2023-04-07 22:51:38 +02:00
Timotej Lazar
771389bbdf
Create new config on change
2023-04-07 14:20:59 +02:00
Timotej Lazar
931cd3f8c1
Store generated configs in $HOME
...
And move app to ~/app.
2023-04-07 14:20:54 +02:00
Timotej Lazar
0afcd33a99
Store settings in $HOME
2023-04-07 13:32:26 +02:00
Timotej Lazar
f8c9341315
wg-fri.conf: keep standard AllowedIPs even when allowing all traffic
...
So it is easier to change later if needed.
2023-04-06 10:19:35 +02:00
Timotej Lazar
bba8193e14
Fix locking
...
Or maybe break it further.
2023-04-06 10:04:30 +02:00
Timotej Lazar
a791e2bcdd
Do not allocate wireguard server IP to clients
...
It’s possible to avoid assigning any IP to the server but let’s not.
2023-02-06 17:02:07 +01:00
Timotej Lazar
42b16c8ac5
Fix whitespace in wireguard config template
2023-02-06 16:58:59 +01:00