threefoldtech
diff --git a/‎go.mod‎
Lines changed: 1 addition & 1 deletion b/‎go.mod‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎pkg/gridtypes/zos/network_light.go‎
Lines changed: 22 additions & 0 deletions b/‎pkg/gridtypes/zos/network_light.go‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎pkg/netlight/network.go‎
Lines changed: 144 additions & 4 deletions b/‎pkg/netlight/network.go‎
Lines changed: 144 additions & 4 deletions
@@ -104,7 +104,7 @@ require (
 	github.com/gtank/ristretto255 v0.1.2 // indirect
 	github.com/hanwen/go-fuse/v2 v2.3.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
-	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-retryablehttp v0.7.7
 	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/holiman/uint256 v1.2.3 // indirect
 
@@ -29,6 +29,28 @@ type NetworkLight struct {
 	// if no mycelium configuration is provided, vms can't
 	// get mycelium IPs.
 	Mycelium Mycelium `json:"mycelium,omitempty"`
+
+	// wg config
+	// IP range of the network, must be an IPv4 /16
+	// for example a 10.1.0.0/16
+	NetworkIPRange gridtypes.IPNet `json:"ip_range"`
+
+	// The private wg key of this node (this peer) which is installing this
+	// network workload right now.
+	// This has to be filled in by the user (and not generated for example)
+	// because other peers need to be installed as well (with this peer public key)
+	// hence it's easier to configure everything one time at the user side and then
+	// apply everything on all nodes at once
+	WGPrivateKey string `json:"wireguard_private_key"`
+
+	// WGListenPort is the wireguard listen port on this node. this has
+	// to be filled in by the user for same reason as private key (other nodes need to know about it)
+	// To find a free port you have to ask the node first by a call over RMB about which ports are possible
+	// to use.
+	WGListenPort uint16 `json:"wireguard_listen_port"`
+
+	// Peers is a list of other peers in this network
+	Peers []Peer `json:"peers"`
 }
 
 // Valid checks if the network resource is valid.
 
@@ -9,6 +9,7 @@ import (
 	"os"
 	"path/filepath"
 	"slices"
+	"strings"
 	"time"
 
 	"github.com/blang/semver"
@@ -20,13 +21,15 @@ import (
 	localPkg "github.com/threefoldtech/zosbase/pkg"
 	"github.com/threefoldtech/zosbase/pkg/cache"
 	"github.com/threefoldtech/zosbase/pkg/gridtypes/zos"
+	"github.com/threefoldtech/zosbase/pkg/netbase/wireguard"
 	"github.com/threefoldtech/zosbase/pkg/netlight/bridge"
 	"github.com/threefoldtech/zosbase/pkg/netlight/ifaceutil"
 	"github.com/threefoldtech/zosbase/pkg/netlight/ipam"
 	"github.com/threefoldtech/zosbase/pkg/netlight/namespace"
 	"github.com/threefoldtech/zosbase/pkg/netlight/options"
 	"github.com/threefoldtech/zosbase/pkg/netlight/public"
 	"github.com/threefoldtech/zosbase/pkg/netlight/resource"
+	"github.com/threefoldtech/zosbase/pkg/set"
 	"github.com/threefoldtech/zosbase/pkg/versioned"
 	"github.com/vishvananda/netlink"
 )
@@ -50,6 +53,7 @@ var NetworkSchemaLatestVersion = semver.MustParse("0.1.0")
 type networker struct {
 	ipamLease  string
 	networkDir string
+	portSet    *set.UIntSet
 }
 
 var _ localPkg.NetworkerLight = (*networker)(nil)
@@ -63,13 +67,19 @@ func NewNetworker() (localPkg.NetworkerLight, error) {
 	ipamLease := filepath.Join(vd, ipamLeaseDir)
 	runtimeDir := filepath.Join(vd, networkDir)
 
-	return &networker{
+	n := networker{
 		ipamLease:  ipamLease,
 		networkDir: runtimeDir,
-	}, nil
+		portSet:    set.NewInt(),
+	}
+
+	if err := n.syncWGPorts(); err != nil {
+		return nil, err
+	}
+	return &n, nil
 }
 
-func (n *networker) Create(name string, privateNet net.IPNet, seed []byte) error {
+func (n *networker) Create(name string, net zos.NetworkLight, seed []byte) error {
 	b, err := bridge.Get(NDMZBridge)
 	if err != nil {
 		return err
@@ -79,7 +89,68 @@ func (n *networker) Create(name string, privateNet net.IPNet, seed []byte) error
 		return err
 	}
 
-	_, err = resource.Create(name, b, ip, NDMZGwIP, &privateNet, seed)
+	storedNR, err := n.networkOf(zos.NetID(name))
+	if err != nil && !os.IsNotExist(err) {
+		return errors.Wrap(err, "failed to load previous network setup")
+	}
+
+	if err == nil {
+		if err := n.releasePort(storedNR.WGListenPort); err != nil {
+			return err
+		}
+	}
+
+	if err := n.reservePort(net.WGListenPort); err != nil {
+		return err
+	}
+
+	// _, err = resource.Create(name, b, ip, NDMZGwIP, &privateNet, seed)
+	netr, err := resource.Create(name, b, ip, NDMZGwIP, &net.Subnet.IPNet, seed, net)
+	// netr, err := resource.Create(name, b, ip, NDMZGwIP, &net.Subnet.IPNet, net.Mycelium.Key, net.NetworkIPRange.IPNet, net)
+	if err != nil {
+		return err
+	}
+
+	cleanup := func() {
+		log.Error().Msg("clean up network resource")
+		if err := resource.Delete(name); err != nil {
+			log.Error().Err(err).Msg("error during deletion of network resource after failed deployment")
+		}
+		if err := n.releasePort(net.WGListenPort); err != nil {
+			log.Error().Err(err).Msg("release wireguard port failed")
+		}
+	}
+
+	defer func() {
+		if err != nil {
+			cleanup()
+		}
+	}()
+
+	wgName, err := netr.WGName()
+	if err != nil {
+		return errors.Wrap(err, "failed to get wg interface name for network resource")
+	}
+
+	exists, err := netr.HasWireguard()
+	if err != nil {
+		return errors.Wrap(err, "failed to check if network resource has wireguard setup")
+	}
+
+	if !exists {
+		var wg *wireguard.Wireguard
+		wg, err = wireguard.New(wgName)
+		if err != nil {
+			return errors.Wrapf(err, "failed to create wg interface for network resource '%s'", name)
+		}
+		if err = netr.SetWireguard(wg); err != nil {
+			return errors.Wrap(err, "failed to setup wireguard interface for network resource")
+		}
+	}
+
+	if err = netr.ConfigureWG(net.WGPrivateKey); err != nil {
+		return errors.Wrap(err, "failed to configure network resource")
+	}
 	return err
 }
 
@@ -462,3 +533,72 @@ func createNDMZBridge(name string, gw string) (*netlink.Bridge, error) {
 
 	return link.(*netlink.Bridge), nil
 }
+
+func (n *networker) WireguardPorts() ([]uint, error) {
+	return n.portSet.List()
+}
+
+func (n *networker) syncWGPorts() error {
+	names, err := namespace.List("n-")
+	if err != nil {
+		return err
+	}
+
+	readPort := func(name string) (int, error) {
+		netNS, err := namespace.GetByName(name)
+		if err != nil {
+			return 0, err
+		}
+		defer netNS.Close()
+
+		ifaceName := strings.Replace(name, "n-", "w-", 1)
+
+		var port int
+		err = netNS.Do(func(_ ns.NetNS) error {
+			link, err := wireguard.GetByName(ifaceName)
+			if err != nil {
+				return err
+			}
+			d, err := link.Device()
+			if err != nil {
+				return err
+			}
+
+			port = d.ListenPort
+			return nil
+		})
+		if err != nil {
+			return 0, err
+		}
+
+		return port, nil
+	}
+
+	for _, name := range names {
+		port, err := readPort(name)
+		if err != nil {
+			log.Error().Err(err).Str("namespace", name).Msgf("failed to read port for network namespace")
+			continue
+		}
+		// skip error cause we don't care if there are some duplicate at this point
+		_ = n.portSet.Add(uint(port))
+	}
+
+	return nil
+}
+
+func (n *networker) reservePort(port uint16) error {
+	log.Debug().Uint16("port", port).Msg("reserve wireguard port")
+	err := n.portSet.Add(uint(port))
+	if err != nil {
+		return errors.Wrap(err, "wireguard listen port already in use, pick another one")
+	}
+
+	return nil
+}
+
+func (n *networker) releasePort(port uint16) error {
+	log.Debug().Uint16("port", port).Msg("release wireguard port")
+	n.portSet.Remove(uint(port))
+	return nil
+}