Corrections in README, scaffold for Ansible inventory dump
parent
841f3a16e3
commit
0f2b035d1b
21
README.md
21
README.md
|
@ -1,7 +1,7 @@
|
|||
|
||||
# wireguard-negotiator
|
||||
|
||||
A not-very-secure manual WireGuard negotiator
|
||||
Not-very-secure manual WireGuard negotiator
|
||||
|
||||
## Purpose
|
||||
|
||||
|
@ -9,10 +9,10 @@ A not-very-secure manual WireGuard negotiator
|
|||
|
||||
In summary:
|
||||
|
||||
* Manage "client" keys
|
||||
* Set up "client" keys
|
||||
* Exchange keys over HTTP(S)
|
||||
* Exchange IP addressing
|
||||
* Manually gate new peers
|
||||
* Manually gate new "clients"
|
||||
* Sets up network interface on the "client"
|
||||
* Generate Ansible INI inventory
|
||||
|
||||
|
@ -21,7 +21,8 @@ The primary scenario this tool is going to be used for is to manage machines usi
|
|||
## Limitations
|
||||
|
||||
* Linux-only
|
||||
* Manages existing config files only
|
||||
* Relies on the `wg` and `systemctl` commands
|
||||
* Server manages existing config files only
|
||||
* Removing peers is a manual process
|
||||
|
||||
# Usage
|
||||
|
@ -34,7 +35,13 @@ The "server" manages a WireGuard interface, ~~treating a WireGuard configuration
|
|||
wireguard-negotiator server --endpoint wireguard-endpoint:port
|
||||
```
|
||||
|
||||
The "server" also exposes the HTTP server with the following endpoints:
|
||||
It can generate an Ansible inventory on the same system. This reads off the same WireGuard configuration file as a database.
|
||||
|
||||
```
|
||||
wireguard-negotiator ansible-inventory --group test > inventory
|
||||
```
|
||||
|
||||
The "server" exposes the HTTP server with the following endpoints:
|
||||
|
||||
### `POST /request`
|
||||
|
||||
|
@ -65,9 +72,9 @@ Content-Type: application/json
|
|||
The "client" sets up a WireGuard interface, and relies on network backends to do so. *It should not be run more than once*. The following network backends are supported:
|
||||
|
||||
- (Not implemented) `none`: Creates an interface and WireGuard configuration file
|
||||
- `networkd`: Creates a `systemd.netdev` file in `/etc/systemd/network`
|
||||
- `networkd`: Creates a `systemd.netdev` and `systemd.network` file in `/etc/systemd/network`
|
||||
|
||||
It does so by performing `POST /request` to the "server".
|
||||
It obtains peer and interface configuration by performing `POST /request` to the "server".
|
||||
|
||||
```
|
||||
wireguard-negotiator request --server https://url-of-server
|
||||
|
|
|
@ -0,0 +1,40 @@
|
|||
package cmd
|
||||
|
||||
import (
|
||||
"log"
|
||||
|
||||
"github.com/urfave/cli/v2"
|
||||
)
|
||||
|
||||
var CmdAnsibleInventory = &cli.Command{
|
||||
Name: "ansible-inventory",
|
||||
Usage: "Dump WireGuard configuration as Ansible inventory",
|
||||
Flags: []cli.Flag{
|
||||
&cli.StringFlag{
|
||||
Name: "interface",
|
||||
Aliases: []string{"i"},
|
||||
Value: "wg0",
|
||||
Usage: "Read default configuration path for the interface",
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "config",
|
||||
Aliases: []string{"c"},
|
||||
Value: "",
|
||||
DefaultText: "/etc/wireguard/<interface>.conf",
|
||||
Usage: "Path to the existing WireGuard configuration file",
|
||||
},
|
||||
},
|
||||
Action: runAnsibleInventory,
|
||||
}
|
||||
|
||||
func runAnsibleInventory(ctx *cli.Context) error {
|
||||
inter := ctx.String("interface")
|
||||
config := ctx.String("config")
|
||||
if !ctx.IsSet("config") {
|
||||
config = "/etc/wireguard/" + inter + ".conf"
|
||||
}
|
||||
|
||||
log.Println(config)
|
||||
|
||||
return nil
|
||||
}
|
Loading…
Reference in New Issue