Ensure Wireguard subnets are /30

The introduction of ipgen meant that IPv4 address pairs for a given service were not guaranteed to be adjacent, which means they aren't a /30, which broke networking. While deterministic IP generation is a great property, it's more important for the tool to figure out what's unused and use that. Move error to its own file, seems idiomatic.
conorsch · Aug 29, 2021 · 783f78a · 783f78a
1 parent 90b9f00
commit 783f78a
Show file tree

Hide file tree

Showing 16 changed files with 238 additions and 113 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Innisfree changelog
 
+## 0.2.11
+
+* Ensure Wireguard subnets are /30
+* Bugfix: clean config dirs on destroy
+* Bugfix: ssh command handles --name flag
+
 ## 0.2.10
 
 * Support multiple tunnels on same host

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "innisfree"
-version = "0.2.11-alpha.0"
+version = "0.2.11-beta.2"
 authors = ["Conor Schaefer <[email protected]>"]
 edition = "2018"
 description = "Exposes local services on public IPv4 address, via cloud server."
@@ -17,8 +17,9 @@ custom_error = "~1.9"
 env_logger = "~0.9"
 futures = "0.3"
 home = "~0.5"
-ipgen = "~1"
+ipnet = "~2"
 log = "~0.4"
+pnet = "~0.28"
 rand = "~0.8"
 reqwest = { version = "~0.11", features = ["json", "rustls"] }
 serde = { version = "1.0", features = ["derive"] }

diff --git a/TODO.md b/TODO.md
@@ -62,7 +62,10 @@
 * [x] Use std::net::IpAddr
 * [x] Use std::net::SocketAddr
 * [x] Support multiple tunnels on same host
+* [x] Make IP address pairs adjacent /30
 * [x] Make default name simply "innisfree", not "innisfree-innisfree"
 * [x] Clean up service config dirs
 * [ ] Add all SSH keys on DO account by default
 * [x] Update cli output for ssh to recommend name flag
+* [ ] Make IP address pairs deterministic (via ipgen)
+* [ ] Create wg interfaces early
diff --git a/files/wg0.conf.j2 b/files/wg0.conf.j2
@@ -2,7 +2,7 @@
 [Interface]
 # Interface: {{ wg.interface.name }}
 PrivateKey = {{ wg.interface.keypair.private }}
-# Hardcode /30 subnet, for two hosts
+# We use a /30 to ensure only adajacent pairs of IPs are used.
 Address = {{ wg.interface.address }}/30
 #DNS = 1.1.1.1, 1.0.0.1
 {% if wg.interface.listenport -%}

diff --git a/src/cloudinit.rs b/src/cloudinit.rs
@@ -5,7 +5,8 @@ use std::net::IpAddr;
 extern crate serde;
 use serde::{Deserialize, Serialize};
 
-use crate::config::{InnisfreeError, ServicePort};
+use crate::config::ServicePort;
+use crate::error::InnisfreeError;
 use crate::ssh::SshKeypair;
 use crate::wg::WireguardManager;
 

diff --git a/src/config.rs b/src/config.rs
@@ -1,7 +1,4 @@
-extern crate custom_error;
 extern crate home;
-extern crate ipgen;
-use custom_error::custom_error;
 
 use serde::Serialize;
 
@@ -78,21 +75,6 @@ pub fn clean_name(name: &str) -> String {
     result
 }
 
-// Using custom_error mostly for read/write errors
-// Note the use of braces rather than parentheses.
-custom_error! {pub InnisfreeError
-    Io{source: std::io::Error} = "input/output error",
-    // CommandFailure{source: std::process::ExitStatus} = "command failed",
-    SshCommandFailure = "SSH command failed",
-    ServerNotFound = "Server does not exist",
-    CommandFailure{msg: String} = "Local command failed: {}",
-    NetworkError{source: reqwest::Error} = "Network error, check connection",
-    PlatformError = "Platform error, only Linux is supported",
-    Template{source: tera::Error} = "Template generation failed",
-    IpGenError{source: ipgen::Error} = "Failed to generate IP address",
-    Unknown = "unknown error",
-}
-
 #[cfg(test)]
 mod tests {
     use super::*;

diff --git a/src/doctor.rs b/src/doctor.rs
@@ -1,4 +1,4 @@
-use crate::config::InnisfreeError;
+use crate::error::InnisfreeError;
 
 const OS_RELEASE: &str = "/etc/os-release";
 

diff --git a/src/error.rs b/src/error.rs
@@ -0,0 +1,18 @@
+extern crate custom_error;
+use custom_error::custom_error;
+
+// Using custom_error mostly for read/write errors
+// Note the use of braces rather than parentheses.
+custom_error! {pub InnisfreeError
+    Io{source: std::io::Error} = "input/output error",
+    // CommandFailure{source: std::process::ExitStatus} = "command failed",
+    SshCommandFailure = "SSH command failed",
+    ServerNotFound = "Server does not exist",
+    CommandFailure{msg: String} = "Local command failed: {}",
+    NetworkError{source: reqwest::Error} = "Network error, check connection",
+    PlatformError = "Platform error, only Linux is supported",
+    Template{source: tera::Error} = "Template generation failed",
+    IpNetAssignment{source: ipnet::AddrParseError} = "Failed to find unclaimed IP address",
+    IpAddrAssignment{source: std::net::AddrParseError} = "Failed to find unclaimed IP address",
+    Unknown = "unknown error",
+}