Commit graph

76 commits

Author SHA1 Message Date
Timotej Lazar 4fb2d2c732 Add version number to config tarballs
Preparing to rework the updater script.
2023-06-26 18:26:35 +02:00
Timotej Lazar fb1c328893 Normalize line endings from textareas
Every day for us something new.
2023-06-26 11:49:26 +02:00
Timotej Lazar 5ba9c03e23 Don’t print empty element lists in nftables
Because nft chokes on them.
2023-06-26 10:15:03 +02:00
Timotej Lazar e84cb26dc7 Fix up Flask settings
DEBUG is apparently strongly discouraged. Use --debug instead.
2023-05-29 13:37:16 +02:00
Timotej Lazar 6780f074c7 Support IPv6 sets
Also some unrelated cleanups in system.save_config.
2023-05-29 13:00:39 +02:00
Timotej Lazar 765d4a3ce7 Add support for managing forwarding rules 2023-05-29 12:24:21 +02:00
Timotej Lazar 52a5b7cd11 Use iif/oif instead of iifname/oifname in nftables rules
Following the change in ansible scripts.
2023-05-23 11:31:13 +02:00
Timotej Lazar 22cec64bef Simplify database locking
Use a single lock for everything to ensure we don’t go inconsistent.
One exception is the firewall nodes table which is only accessed when
pushing updated config.
2023-05-19 09:30:28 +02:00
Timotej Lazar 93458c4782 Allow custom timeout for db locking 2023-05-19 09:03:15 +02:00
Timotej Lazar 9272b3f8e3 Improve landing page slightly 2023-05-19 09:00:01 +02:00
Timotej Lazar aeae0f8a29 Rework NAT settings again 2023-05-19 08:31:49 +02:00
Timotej Lazar 968a2736d2 Rework NAT settings
Support static NAT for L2 server networks. Also some other minor
tweaks.
2023-05-11 10:37:54 +02:00
Timotej Lazar 9476a28674 Rename “comment”→“name” in wg key config 2023-04-24 09:54:23 +02:00
Timotej Lazar 2793385693 Rename some bound variables 2023-04-07 22:51:38 +02:00
Timotej Lazar 771389bbdf Create new config on change 2023-04-07 14:20:59 +02:00
Timotej Lazar 931cd3f8c1 Store generated configs in $HOME
And move app to ~/app.
2023-04-07 14:20:54 +02:00
Timotej Lazar 0afcd33a99 Store settings in $HOME 2023-04-07 13:32:26 +02:00
Timotej Lazar f8c9341315 wg-fri.conf: keep standard AllowedIPs even when allowing all traffic
So it is easier to change later if needed.
2023-04-06 10:19:35 +02:00
Timotej Lazar bba8193e14 Fix locking
Or maybe break it further.
2023-04-06 10:04:30 +02:00
Timotej Lazar a791e2bcdd Do not allocate wireguard server IP to clients
It’s possible to avoid assigning any IP to the server but let’s not.
2023-02-06 17:02:07 +01:00
Timotej Lazar 42b16c8ac5 Fix whitespace in wireguard config template 2023-02-06 16:58:59 +01:00
Timotej Lazar 539c6ef739 Clean up imports 2023-01-26 16:28:36 +01:00
Timotej Lazar 3cf207047e Remove unimplemented DNAT settings
For now.
2023-01-26 16:28:32 +01:00
Timotej Lazar 388061130e Decrease SSH timeout when pushing config to nodes 2023-01-26 16:15:08 +01:00
Timotej Lazar 0ded9d3823 Initialize settings 2023-01-26 16:11:32 +01:00
Timotej Lazar 113992f95b Make a squash 2023-01-26 10:51:51 +01:00