wireguard_conf/models/interface.rs
1use derive_builder::Builder;
2use either::Either;
3use ipnet::IpNet;
4use itertools::Itertools as _;
5
6use std::fmt;
7use std::net::Ipv4Addr;
8use std::{convert::Infallible, net::IpAddr};
9
10#[cfg(feature = "serde")]
11#[cfg_attr(docsrs, doc(cfg(feature = "serde")))]
12use serde::{de, Deserialize, Deserializer, Serialize, Serializer};
13
14use crate::prelude::*;
15
16/// Controls the routing table to which routes are added.
17#[derive(PartialEq, Eq, Clone, Debug, Default)]
18pub enum Table {
19 /// Routing table
20 RoutingTable(usize),
21
22 /// Disables the creation of routes altogether
23 Off,
24
25 /// Adds routes to the default table and enables special handling of default routes.
26 #[default]
27 Auto,
28}
29
30impl fmt::Display for Table {
31 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
32 match self {
33 Table::RoutingTable(n) => write!(f, "{n}"),
34 Table::Off => write!(f, "off"),
35 Table::Auto => write!(f, "auto"),
36 }
37 }
38}
39
40#[cfg(feature = "serde")]
41impl Serialize for Table {
42 fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
43 where
44 S: Serializer,
45 {
46 match self {
47 Table::RoutingTable(n) => serializer.serialize_u64(*n as u64),
48 Table::Off => serializer.serialize_str("off"),
49 Table::Auto => serializer.serialize_str("auto"),
50 }
51 }
52}
53
54#[cfg(feature = "serde")]
55impl<'de> Deserialize<'de> for Table {
56 fn deserialize<D>(deserializer: D) -> Result<Table, D::Error>
57 where
58 D: Deserializer<'de>,
59 {
60 struct TableVisitor;
61 impl de::Visitor<'_> for TableVisitor {
62 type Value = Table;
63
64 fn expecting(&self, formatter: &mut fmt::Formatter) -> fmt::Result {
65 formatter.write_str("an routing table value (number, off or auto)")
66 }
67
68 fn visit_str<E>(self, value: &str) -> Result<Self::Value, E>
69 where
70 E: de::Error,
71 {
72 match value {
73 "off" => Ok(Table::Off),
74 "auto" => Ok(Table::Auto),
75 _ => Err(E::invalid_value(de::Unexpected::Str(value), &self)),
76 }
77 }
78
79 fn visit_u64<E>(self, value: u64) -> Result<Self::Value, E>
80 where
81 E: de::Error,
82 {
83 Ok(Table::RoutingTable(
84 usize::try_from(value).map_err(E::custom)?,
85 ))
86 }
87 }
88
89 deserializer.deserialize_any(TableVisitor)
90 }
91}
92
93/// Struct, that represents complete configuration (contains both `[Interface]` and `[Peer]`
94/// sections).
95///
96/// Use [`InterfaceBuilder`] to create interface.
97///
98/// [Wireguard docs](https://github.com/pirate/wireguard-docs#interface)
99#[must_use]
100#[derive(Clone, Debug, PartialEq, Builder)]
101#[cfg_attr(feature = "serde", derive(Deserialize, Serialize))]
102#[builder(build_fn(private, name = "fallible_build", error = "Infallible"))]
103pub struct Interface {
104 /// Interface's address.
105 ///
106 /// `/32` and `/128` IP networks will be generated as regular ips (f.e. `1.2.3.4/32` -> `1.2.3.4`)
107 ///
108 /// You can also use [`InterfaceBuilder::add_network()`] to add a single network and
109 /// [`InterfaceBuilder::add_address()`] to add a single address.
110 ///
111 /// [Wireguard docs](https://github.com/pirate/wireguard-docs#address)
112 #[builder(
113 setter(into),
114 default = "vec![IpNet::new_assert(Ipv4Addr::UNSPECIFIED.into(), 0)]"
115 )]
116 pub address: Vec<IpNet>,
117
118 /// Port to listen for incoming VPN connections.
119 ///
120 /// [Wireguard conf](https://github.com/pirate/wireguard-docs#listenport)
121 #[builder(setter(strip_option), default)]
122 pub listen_port: Option<u16>,
123
124 /// Node's private key.
125 ///
126 /// [Wireguard conf](https://github.com/pirate/wireguard-docs#privatekey)
127 #[builder(default = "PrivateKey::random()")]
128 pub private_key: PrivateKey,
129
130 /// The DNS servers to announce to VPN clients via DHCP.
131 ///
132 /// [Wireguard docs](https://github.com/pirate/wireguard-docs#dns-2)
133 #[builder(setter(into, strip_option), default)]
134 pub dns: Vec<String>,
135
136 /// Endpoint.
137 ///
138 /// - `[Interface]` section will have `# Name = <endpoint>` comment at the top.
139 /// - Exported [`Peer`] (via [`Interface::to_peer`]) will have this endpoint.
140 ///
141 /// [Wireguard Docs for `# Name`](https://github.com/pirate/wireguard-docs?tab=readme-ov-file#-name-1);
142 /// [Wireguard Docs for endpoint](https://github.com/pirate/wireguard-docs?tab=readme-ov-file#endpoint)
143 #[builder(setter(into, strip_option), default)]
144 pub endpoint: Option<String>,
145
146 /// Routing table to use for the WireGuard routes.
147 ///
148 /// See [`Table`] for special values.
149 ///
150 /// [Wireguard docs](https://github.com/pirate/wireguard-docs?tab=readme-ov-file#table)
151 #[builder(setter(strip_option), default)]
152 pub table: Option<Table>,
153
154 /// Maximum Transmission Unit (MTU, aka packet/frame size) to use when connecting to the peer.
155 ///
156 /// [Wireguard docs](https://github.com/pirate/wireguard-docs?tab=readme-ov-file#mtu)
157 #[builder(setter(strip_option), default)]
158 pub mtu: Option<usize>,
159
160 /// AmneziaWG obfuscation values.
161 ///
162 /// [AmneziaWG Docs](https://github.com/amnezia-vpn/amneziawg-linux-kernel-module?tab=readme-ov-file#configuration)
163 #[cfg(feature = "amneziawg")]
164 #[cfg_attr(docsrs, doc(cfg(feature = "amneziawg")))]
165 #[builder(setter(strip_option), default)]
166 pub amnezia_settings: Option<AmneziaSettings>,
167
168 /// Commands, that will be executed before the interface is brought up
169 ///
170 /// [Wireguard docs](https://github.com/pirate/wireguard-docs#preup)
171 #[builder(setter(into), default)]
172 pub pre_up: Vec<String>,
173
174 /// Commands, that will be executed before the interface is brought down
175 ///
176 /// [Wireguard docs](https://github.com/pirate/wireguard-docs#predown)
177 #[builder(setter(into), default)]
178 pub pre_down: Vec<String>,
179
180 /// Commands, that will be executed after the interface is brought up
181 ///
182 /// [Wireguard docs](https://github.com/pirate/wireguard-docs#postup)
183 #[builder(setter(into), default)]
184 pub post_up: Vec<String>,
185
186 /// Commands, that will be executed after the interface is brought down
187 ///
188 /// [Wireguard docs](https://github.com/pirate/wireguard-docs#postdown)
189 #[builder(setter(into), default)]
190 pub post_down: Vec<String>,
191
192 /// Peers.
193 ///
194 /// Create them using [`PeerBuilder`] or [`Interface::to_peer`] method.
195 ///
196 /// [Wireguard docs](https://github.com/pirate/wireguard-docs#peer)
197 #[builder(setter(into), default)]
198 pub peers: Vec<Peer>,
199}
200
201impl Interface {
202 /// Get [`Peer`] from interface.
203 ///
204 /// # Examples
205 ///
206 /// ```
207 /// # use wireguard_conf::prelude::*;
208 /// // Create server node
209 /// let mut server = InterfaceBuilder::new()
210 /// // <snip>
211 /// .build();
212 ///
213 /// // Create client node, and add server to client's peers
214 /// let client = InterfaceBuilder::new()
215 /// // <snip>
216 /// .peers([server.to_peer()]) // convert `Interface` to `Peer` using `.to_peer()` method.
217 /// .build();
218 ///
219 /// // Add client to server's peers
220 /// server.peers.push(client.to_peer());
221 ///
222 /// println!("Server config:\n{server}");
223 /// println!("Client config:\n{client}");
224 /// ```
225 pub fn to_peer(&self) -> Peer {
226 Peer {
227 endpoint: self.endpoint.clone(),
228 allowed_ips: self.address.clone(),
229 key: Either::Left(self.private_key.clone()),
230 preshared_key: None,
231 persistent_keepalive: 0,
232
233 #[cfg(feature = "amneziawg")]
234 amnezia_settings: self.amnezia_settings.clone(),
235 }
236 }
237}
238
239impl Interface {
240 /// Create new `InterfaceBuilder`. Alias for `InterfaceBuilder::new()`.
241 ///
242 /// ```rust
243 /// # use wireguard_conf::prelude::*;
244 /// # use wireguard_conf::as_ipnet;
245 /// #
246 /// let interface = Interface::builder()
247 /// .address([as_ipnet!("10.0.0.1/24")])
248 /// // <snip>
249 /// .build();
250 /// ```
251 #[must_use]
252 pub fn builder() -> InterfaceBuilder {
253 InterfaceBuilder::default()
254 }
255}
256
257impl InterfaceBuilder {
258 /// Create new `InterfaceBuilder`.
259 ///
260 /// ```rust
261 /// # use wireguard_conf::prelude::*;
262 /// # use wireguard_conf::as_ipnet;
263 /// #
264 /// let interface = InterfaceBuilder::new()
265 /// .address([as_ipnet!("10.0.0.1/24")])
266 /// // <snip>
267 /// .build();
268 /// ```
269 #[must_use]
270 pub fn new() -> Self {
271 Self::default()
272 }
273
274 /// Adds IP Network to `Address = ...` field.
275 ///
276 /// `value` is [`Into<IpNet>`], which means that it can be either [`ipnet::IpNet`] or [`std::net::IpAddr`].
277 ///
278 /// # Example
279 ///
280 /// ```rust
281 /// use wireguard_conf::{as_ipnet, prelude::*};
282 ///
283 /// let interface = InterfaceBuilder::new()
284 /// .add_network(as_ipnet!("1.2.3.4/16"))
285 /// .add_network(as_ipnet!("fd00:DEAD:BEEF::1/48"))
286 /// .build();
287 ///
288 /// assert_eq!(
289 /// interface.address,
290 /// vec![
291 /// as_ipnet!("1.2.3.4/16"),
292 /// as_ipnet!("fd00:DEAD:BEEF::1/48")
293 /// ]
294 /// );
295 /// ```
296 pub fn add_network<T: Into<IpNet>>(&mut self, value: T) -> &mut Self {
297 if self.address.is_none() {
298 self.address = Some(Vec::with_capacity(1));
299 }
300
301 self.address
302 .as_mut()
303 .unwrap_or_else(|| unreachable!())
304 .push(value.into());
305 self
306 }
307
308 /// Adds IP address to `Address = ...` field.
309 ///
310 /// `value` is [`Into<IpAddr>`], which means that it can be either [`std::net::Ipv4Addr`] or [`std::net::Ipv6Addr`].
311 ///
312 /// # Example
313 ///
314 /// ```rust
315 /// use wireguard_conf::{as_ipaddr, as_ipnet, prelude::*};
316 ///
317 /// let interface = InterfaceBuilder::new()
318 /// .add_address(as_ipaddr!("1.2.3.4"))
319 /// .add_address(as_ipaddr!("fd00::1"))
320 /// .build();
321 ///
322 /// // /32 and /128 are added automatically
323 /// assert_eq!(
324 /// interface.address,
325 /// vec![
326 /// as_ipnet!("1.2.3.4/32"),
327 /// as_ipnet!("fd00::1/128"),
328 /// ]
329 /// );
330 /// ```
331 pub fn add_address<T: Into<IpAddr>>(&mut self, value: T) -> &mut Self {
332 if self.address.is_none() {
333 self.address = Some(Vec::with_capacity(1));
334 }
335
336 let ip_addr = value.into();
337 let ip_net = if ip_addr.is_ipv4() {
338 IpNet::new_assert(ip_addr, 32) // 1.2.3.4/32
339 } else {
340 IpNet::new_assert(ip_addr, 128) // fd00::1/128
341 };
342
343 self.address
344 .as_mut()
345 .unwrap_or_else(|| unreachable!())
346 .push(ip_net);
347 self
348 }
349
350 /// Builds an `Interface`.
351 pub fn build(&self) -> Interface {
352 self.fallible_build().unwrap_or_else(|_| unreachable!())
353 }
354}
355
356impl fmt::Display for Interface {
357 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
358 writeln!(f, "[Interface]")?;
359 if let Some(endpoint) = &self.endpoint {
360 writeln!(f, "# Name = {endpoint}")?;
361 }
362 writeln!(
363 f,
364 "Address = {}",
365 self.address
366 .iter()
367 .map(ToString::to_string)
368 .map(|addr| {
369 if addr.ends_with("/32") {
370 addr.trim_end_matches("/32").to_owned()
371 } else if addr.ends_with("/128") {
372 addr.trim_end_matches("/128").to_owned()
373 } else {
374 addr
375 }
376 })
377 .join(",")
378 )?;
379 if let Some(listen_port) = self.listen_port {
380 writeln!(f, "ListenPort = {listen_port}")?;
381 }
382 writeln!(f, "PrivateKey = {}", self.private_key)?;
383 if !self.dns.is_empty() {
384 writeln!(f, "DNS = {}", self.dns.join(","))?;
385 }
386 if let Some(table) = &self.table {
387 writeln!(f, "Table = {table}")?;
388 }
389 if let Some(mtu) = &self.mtu {
390 writeln!(f, "MTU = {mtu}")?;
391 }
392
393 if !self.pre_up.is_empty() {
394 writeln!(f)?;
395 for snippet in &self.pre_up {
396 writeln!(f, "PreUp = {snippet}")?;
397 }
398 }
399 if !self.pre_down.is_empty() {
400 writeln!(f)?;
401 for snippet in &self.pre_down {
402 writeln!(f, "PreDown = {snippet}")?;
403 }
404 }
405 if !self.post_up.is_empty() {
406 writeln!(f)?;
407 for snippet in &self.post_up {
408 writeln!(f, "PostUp = {snippet}")?;
409 }
410 }
411 if !self.post_down.is_empty() {
412 writeln!(f)?;
413 for snippet in &self.post_down {
414 writeln!(f, "PostDown = {snippet}")?;
415 }
416 }
417
418 #[cfg(feature = "amneziawg")]
419 if let Some(amnezia_settings) = &self.amnezia_settings {
420 writeln!(f)?;
421 writeln!(f, "{amnezia_settings}")?;
422 }
423
424 for peer in &self.peers {
425 writeln!(f)?;
426 writeln!(f, "{peer}")?;
427 }
428
429 fmt::Result::Ok(())
430 }
431}