Commit graph

53 commits

Author SHA1 Message Date
Timotej Lazar ff2246df8c vpn: configure IPv6 addresses for WG clients 2023-12-08 17:12:37 +01:00
Timotej Lazar 92e552eb76 nat: rename bound variable 2023-12-04 09:47:50 +01:00
Timotej Lazar 32b182856d Set blueprint paths in main app
Make blueprints more self-contained for no apparent reason.
2023-12-04 09:46:37 +01:00
Timotej Lazar abc7a0728b Generate ipsets for network groups
Like office and server.
2023-10-03 13:36:58 +02:00
Timotej Lazar c09410f731 Show allowed characters when creating new WG key 2023-10-03 11:38:07 +02:00
Timotej Lazar ea6ca9b55d Tweak HTML templates 2023-09-15 14:57:42 +02:00
Timotej Lazar d2b08bf891 Simplify 2023-09-15 14:26:11 +02:00
Timotej Lazar d704202e6e Parametrize wg.conf template 2023-09-15 14:24:22 +02:00
Timotej Lazar f5af9eeb59 Rename a variable 2023-09-15 13:58:21 +02:00
Timotej Lazar c64489c163 Require latest authlib 2023-09-15 13:44:51 +02:00
Timotej Lazar e5f86e72c2 Get OIDC end_session_endpoint from server metadata 2023-09-14 10:09:45 +02:00
Timotej Lazar 02059e5043 Copy OIDC settings to app.config on init
So we avoid locking the settings file at runtime.
2023-09-13 13:21:23 +02:00
Timotej Lazar 0dc2563b31 Rename route for SSO authorization 2023-09-11 15:37:58 +02:00
Timotej Lazar ea6aa37131 Fix OIDC id_token parsing
Unbreak it, actually.
2023-09-11 15:10:19 +02:00
Timotej Lazar 719bcf7c55 Improve LDAP lookup of user groups 2023-09-07 15:02:08 +02:00
Timotej Lazar 9dc0fbb4fe Switch to OIDC authentication 2023-09-07 11:46:57 +02:00
Timotej Lazar 5add39a8a7 Add form for editing ipsets 2023-07-24 16:43:57 +02:00
Timotej Lazar a5df435931 Consolidate error handling
Do or do not; there is no try. With some exceptions.
2023-07-12 14:19:18 +02:00
Timotej Lazar 8c824fe9e6 Improve admin settings page
The improvements are mostly cosmetic^Wquestionable.
2023-07-07 13:23:51 +02:00
Timotej Lazar dd607dbddd Add a nicer response for TimeoutError 2023-07-07 10:15:02 +02:00
Timotej Lazar 6b72316076 Add node status page 2023-07-07 10:13:55 +02:00
Timotej Lazar 4ef3efbc68 Handle exceptions when sending mail 2023-07-07 09:04:17 +02:00
Timotej Lazar 5262c64244 Add form for editing NAT addresses 2023-07-07 08:20:35 +02:00
Timotej Lazar 8b8c675759 Rename networks.json to ipsets.json
Getting ready for some changes.
2023-07-06 16:28:15 +02:00
Timotej Lazar 1ff6c9d0d3 Tweak templates for editing and managing rules 2023-07-04 12:18:01 +02:00
Timotej Lazar 5e65755ec0 Add error reporting over email and improve logging 2023-07-03 16:01:14 +02:00
Timotej Lazar b55ae4d305 Use a script on firewall nodes to update config
So we can get some feedback to firewall master.
2023-06-28 14:17:39 +02:00
Timotej Lazar 4fb2d2c732 Add version number to config tarballs
Preparing to rework the updater script.
2023-06-26 18:26:35 +02:00
Timotej Lazar fb1c328893 Normalize line endings from textareas
Every day for us something new.
2023-06-26 11:49:26 +02:00
Timotej Lazar 5ba9c03e23 Don’t print empty element lists in nftables
Because nft chokes on them.
2023-06-26 10:15:03 +02:00
Timotej Lazar e84cb26dc7 Fix up Flask settings
DEBUG is apparently strongly discouraged. Use --debug instead.
2023-05-29 13:37:16 +02:00
Timotej Lazar 6780f074c7 Support IPv6 sets
Also some unrelated cleanups in system.save_config.
2023-05-29 13:00:39 +02:00
Timotej Lazar 765d4a3ce7 Add support for managing forwarding rules 2023-05-29 12:24:21 +02:00
Timotej Lazar 52a5b7cd11 Use iif/oif instead of iifname/oifname in nftables rules
Following the change in ansible scripts.
2023-05-23 11:31:13 +02:00
Timotej Lazar 22cec64bef Simplify database locking
Use a single lock for everything to ensure we don’t go inconsistent.
One exception is the firewall nodes table which is only accessed when
pushing updated config.
2023-05-19 09:30:28 +02:00
Timotej Lazar 93458c4782 Allow custom timeout for db locking 2023-05-19 09:03:15 +02:00
Timotej Lazar 9272b3f8e3 Improve landing page slightly 2023-05-19 09:00:01 +02:00
Timotej Lazar aeae0f8a29 Rework NAT settings again 2023-05-19 08:31:49 +02:00
Timotej Lazar 968a2736d2 Rework NAT settings
Support static NAT for L2 server networks. Also some other minor
tweaks.
2023-05-11 10:37:54 +02:00
Timotej Lazar 9476a28674 Rename “comment”→“name” in wg key config 2023-04-24 09:54:23 +02:00
Timotej Lazar 2793385693 Rename some bound variables 2023-04-07 22:51:38 +02:00
Timotej Lazar 771389bbdf Create new config on change 2023-04-07 14:20:59 +02:00
Timotej Lazar 931cd3f8c1 Store generated configs in $HOME
And move app to ~/app.
2023-04-07 14:20:54 +02:00
Timotej Lazar 0afcd33a99 Store settings in $HOME 2023-04-07 13:32:26 +02:00
Timotej Lazar f8c9341315 wg-fri.conf: keep standard AllowedIPs even when allowing all traffic
So it is easier to change later if needed.
2023-04-06 10:19:35 +02:00
Timotej Lazar bba8193e14 Fix locking
Or maybe break it further.
2023-04-06 10:04:30 +02:00
Timotej Lazar a791e2bcdd Do not allocate wireguard server IP to clients
It’s possible to avoid assigning any IP to the server but let’s not.
2023-02-06 17:02:07 +01:00
Timotej Lazar 42b16c8ac5 Fix whitespace in wireguard config template 2023-02-06 16:58:59 +01:00
Timotej Lazar 539c6ef739 Clean up imports 2023-01-26 16:28:36 +01:00
Timotej Lazar 3cf207047e Remove unimplemented DNAT settings
For now.
2023-01-26 16:28:32 +01:00