Change init vpn command behavior (#1169)

t-aleksander · web-flow · commit 22ae8235b323 · 2025-05-23T11:18:55.000+02:00
* change init vpn command

* comment

* revert to save method

* formatting

* grammar
diff --git a/src/config.rs b/src/config.rs
@@ -188,6 +188,8 @@ pub struct InitVpnLocationArgs {
     pub dns: Option<String>,
     #[arg(long)]
     pub allowed_ips: Vec<IpNetwork>,
+    #[arg(long)]
+    pub id: Option<i64>,
 }
 
 impl DefGuardConfig {
diff --git a/src/lib.rs b/src/lib.rs
@@ -736,36 +736,90 @@ pub async fn init_dev_env(config: &DefGuardConfig) {
 
 /// Create a new VPN location.
 /// Meant to be used to automate setting up a new defguard instance.
-/// Does not handle assigning device IPs, since no device should exist at this point.
+/// If the network ID has been specified, it will be assumed that the user wants to update the existing network or create a new one with a predefined ID.
+/// This is mainly used for deployment purposes where the network ID must be known beforehand.
+///
+/// If there is no ID specified, the function will only create the network if no other network exists.
+/// In other words, multiple networks can be created, but only if the ID is predefined for each network.
 pub async fn init_vpn_location(
     pool: &PgPool,
     args: &InitVpnLocationArgs,
 ) -> Result<String, anyhow::Error> {
-    // check if a VPN location exists already
-    let networks = WireguardNetwork::all(pool).await?;
-    if !networks.is_empty() {
-        return Err(anyhow!(
-            "Failed to initialize first VPN location. A location already exists."
-        ));
+    // The ID is predefined
+    let network = if let Some(location_id) = args.id {
+        let mut transaction = pool.begin().await?;
+        // If the network already exists, update it, assuming that's the user's intent.
+        let network = if let Some(mut network) =
+            WireguardNetwork::find_by_id(&mut *transaction, location_id).await?
+        {
+            network.name = args.name.clone();
+            network.address = vec![args.address];
+            network.port = args.port;
+            network.endpoint = args.endpoint.clone();
+            network.dns = args.dns.clone();
+            network.allowed_ips = args.allowed_ips.clone();
+            network.save(&mut *transaction).await?;
+            network.sync_allowed_devices(&mut transaction, None).await?;
+            network
+        }
+        // Otherwise create it with the predefined ID
+        else {
+            let network = WireguardNetwork::new(
+                args.name.clone(),
+                vec![args.address],
+                args.port,
+                args.endpoint.clone(),
+                args.dns.clone(),
+                args.allowed_ips.clone(),
+                false,
+                DEFAULT_KEEPALIVE_INTERVAL,
+                DEFAULT_DISCONNECT_THRESHOLD,
+                false,
+                false,
+            )?
+            .save(&mut *transaction)
+            .await?;
+            if network.id != location_id {
+                return Err(anyhow!(
+                    "Failed to initialize VPN location. The ID of the newly created network ({}) does not match \
+                    the predefined ID ({location_id}). The predefined ID must be the next available ID.",
+                    network.id
+                ));
+            }
+            network.add_all_allowed_devices(&mut transaction).await?;
+            network
+        };
+        transaction.commit().await?;
+        network
+    }
+    // No predefined ID, add the network if no other networks are present
+    else {
+        // check if a VPN location exists already
+        let networks = WireguardNetwork::all(pool).await?;
+        if !networks.is_empty() {
+            return Err(anyhow!(
+                "Failed to initialize first VPN location. Location already exists."
+            ));
+        };
+
+        // create a new network
+        WireguardNetwork::new(
+            args.name.clone(),
+            vec![args.address],
+            args.port,
+            args.endpoint.clone(),
+            args.dns.clone(),
+            args.allowed_ips.clone(),
+            false,
+            DEFAULT_KEEPALIVE_INTERVAL,
+            DEFAULT_DISCONNECT_THRESHOLD,
+            false,
+            false,
+        )?
+        .save(pool)
+        .await?
     };
 
-    // create a new network
-    let network = WireguardNetwork::new(
-        args.name.clone(),
-        vec![args.address],
-        args.port,
-        args.endpoint.clone(),
-        args.dns.clone(),
-        args.allowed_ips.clone(),
-        false,
-        DEFAULT_KEEPALIVE_INTERVAL,
-        DEFAULT_DISCONNECT_THRESHOLD,
-        false,
-        false,
-    )?
-    .save(pool)
-    .await?;
-
     // generate gateway token
     let token = Claims::new(
         ClaimsType::Gateway,

Original file line number	Diff line number	Diff line change
`@@ -188,6 +188,8 @@ pub struct InitVpnLocationArgs {`
`188`	`188`	`pub dns: Option<String>,`
`189`	`189`	`#[arg(long)]`
`190`	`190`	`pub allowed_ips: Vec<IpNetwork>,`
	`191`	`+ #[arg(long)]`
	`192`	`+ pub id: Option<i64>,`
`191`	`193`	`}`
`192`	`194`
`193`	`195`	`impl DefGuardConfig {`