From 0f2b035d1baaf2ff632ddb6392426c792a6b4a7e Mon Sep 17 00:00:00 2001
From: Ambrose Chua <ambrose@chua.family>
Date: Sun, 22 Dec 2019 09:26:53 +0000
Subject: [PATCH] Corrections in README, scaffold for Ansible inventory dump

---
 README.md               | 21 ++++++++++++++-------
 cmd/ansibleinventory.go | 40 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+), 7 deletions(-)
 create mode 100644 cmd/ansibleinventory.go

diff --git a/README.md b/README.md
index b97cd42..e63a0db 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 
 # wireguard-negotiator
 
-A not-very-secure manual WireGuard negotiator
+Not-very-secure manual WireGuard negotiator
 
 ## Purpose
 
@@ -9,10 +9,10 @@ A not-very-secure manual WireGuard negotiator
 
 In summary:
 
-* Manage "client" keys
+* Set up "client" keys
 * Exchange keys over HTTP(S)
 * Exchange IP addressing
-* Manually gate new peers
+* Manually gate new "clients"
 * Sets up network interface on the "client"
 * Generate Ansible INI inventory
 
@@ -21,7 +21,8 @@ The primary scenario this tool is going to be used for is to manage machines usi
 ## Limitations
 
 * Linux-only
-* Manages existing config files only
+* Relies on the `wg` and `systemctl` commands
+* Server manages existing config files only
 * Removing peers is a manual process
 
 # Usage
@@ -34,7 +35,13 @@ The "server" manages a WireGuard interface, ~~treating a WireGuard configuration
 wireguard-negotiator server --endpoint wireguard-endpoint:port
 ```
 
-The "server" also exposes the HTTP server with the following endpoints:
+It can generate an Ansible inventory on the same system. This reads off the same WireGuard configuration file as a database.
+
+```
+wireguard-negotiator ansible-inventory --group test > inventory
+```
+
+The "server" exposes the HTTP server with the following endpoints:
 
 ### `POST /request`
 
@@ -65,9 +72,9 @@ Content-Type: application/json
 The "client" sets up a WireGuard interface, and relies on network backends to do so. *It should not be run more than once*. The following network backends are supported:
 
 - (Not implemented) `none`: Creates an interface and WireGuard configuration file
-- `networkd`: Creates a `systemd.netdev` file in `/etc/systemd/network`
+- `networkd`: Creates a `systemd.netdev` and `systemd.network` file in `/etc/systemd/network`
 
-It does so by performing `POST /request` to the "server".
+It obtains peer and interface configuration by performing `POST /request` to the "server".
 
 ```
 wireguard-negotiator request --server https://url-of-server
diff --git a/cmd/ansibleinventory.go b/cmd/ansibleinventory.go
new file mode 100644
index 0000000..413be3e
--- /dev/null
+++ b/cmd/ansibleinventory.go
@@ -0,0 +1,40 @@
+package cmd
+
+import (
+	"log"
+
+	"github.com/urfave/cli/v2"
+)
+
+var CmdAnsibleInventory = &cli.Command{
+	Name:  "ansible-inventory",
+	Usage: "Dump WireGuard configuration as Ansible inventory",
+	Flags: []cli.Flag{
+		&cli.StringFlag{
+			Name:    "interface",
+			Aliases: []string{"i"},
+			Value:   "wg0",
+			Usage:   "Read default configuration path for the interface",
+		},
+		&cli.StringFlag{
+			Name:        "config",
+			Aliases:     []string{"c"},
+			Value:       "",
+			DefaultText: "/etc/wireguard/<interface>.conf",
+			Usage:       "Path to the existing WireGuard configuration file",
+		},
+	},
+	Action: runAnsibleInventory,
+}
+
+func runAnsibleInventory(ctx *cli.Context) error {
+	inter := ctx.String("interface")
+	config := ctx.String("config")
+	if !ctx.IsSet("config") {
+		config = "/etc/wireguard/" + inter + ".conf"
+	}
+
+	log.Println(config)
+
+	return nil
+}