Corrections in README, scaffold for Ansible inventory dump
parent
841f3a16e3
commit
0f2b035d1b
21
README.md
21
README.md
|
@ -1,7 +1,7 @@
|
||||||
|
|
||||||
# wireguard-negotiator
|
# wireguard-negotiator
|
||||||
|
|
||||||
A not-very-secure manual WireGuard negotiator
|
Not-very-secure manual WireGuard negotiator
|
||||||
|
|
||||||
## Purpose
|
## Purpose
|
||||||
|
|
||||||
|
@ -9,10 +9,10 @@ A not-very-secure manual WireGuard negotiator
|
||||||
|
|
||||||
In summary:
|
In summary:
|
||||||
|
|
||||||
* Manage "client" keys
|
* Set up "client" keys
|
||||||
* Exchange keys over HTTP(S)
|
* Exchange keys over HTTP(S)
|
||||||
* Exchange IP addressing
|
* Exchange IP addressing
|
||||||
* Manually gate new peers
|
* Manually gate new "clients"
|
||||||
* Sets up network interface on the "client"
|
* Sets up network interface on the "client"
|
||||||
* Generate Ansible INI inventory
|
* Generate Ansible INI inventory
|
||||||
|
|
||||||
|
@ -21,7 +21,8 @@ The primary scenario this tool is going to be used for is to manage machines usi
|
||||||
## Limitations
|
## Limitations
|
||||||
|
|
||||||
* Linux-only
|
* Linux-only
|
||||||
* Manages existing config files only
|
* Relies on the `wg` and `systemctl` commands
|
||||||
|
* Server manages existing config files only
|
||||||
* Removing peers is a manual process
|
* Removing peers is a manual process
|
||||||
|
|
||||||
# Usage
|
# Usage
|
||||||
|
@ -34,7 +35,13 @@ The "server" manages a WireGuard interface, ~~treating a WireGuard configuration
|
||||||
wireguard-negotiator server --endpoint wireguard-endpoint:port
|
wireguard-negotiator server --endpoint wireguard-endpoint:port
|
||||||
```
|
```
|
||||||
|
|
||||||
The "server" also exposes the HTTP server with the following endpoints:
|
It can generate an Ansible inventory on the same system. This reads off the same WireGuard configuration file as a database.
|
||||||
|
|
||||||
|
```
|
||||||
|
wireguard-negotiator ansible-inventory --group test > inventory
|
||||||
|
```
|
||||||
|
|
||||||
|
The "server" exposes the HTTP server with the following endpoints:
|
||||||
|
|
||||||
### `POST /request`
|
### `POST /request`
|
||||||
|
|
||||||
|
@ -65,9 +72,9 @@ Content-Type: application/json
|
||||||
The "client" sets up a WireGuard interface, and relies on network backends to do so. *It should not be run more than once*. The following network backends are supported:
|
The "client" sets up a WireGuard interface, and relies on network backends to do so. *It should not be run more than once*. The following network backends are supported:
|
||||||
|
|
||||||
- (Not implemented) `none`: Creates an interface and WireGuard configuration file
|
- (Not implemented) `none`: Creates an interface and WireGuard configuration file
|
||||||
- `networkd`: Creates a `systemd.netdev` file in `/etc/systemd/network`
|
- `networkd`: Creates a `systemd.netdev` and `systemd.network` file in `/etc/systemd/network`
|
||||||
|
|
||||||
It does so by performing `POST /request` to the "server".
|
It obtains peer and interface configuration by performing `POST /request` to the "server".
|
||||||
|
|
||||||
```
|
```
|
||||||
wireguard-negotiator request --server https://url-of-server
|
wireguard-negotiator request --server https://url-of-server
|
||||||
|
|
|
@ -0,0 +1,40 @@
|
||||||
|
package cmd
|
||||||
|
|
||||||
|
import (
|
||||||
|
"log"
|
||||||
|
|
||||||
|
"github.com/urfave/cli/v2"
|
||||||
|
)
|
||||||
|
|
||||||
|
var CmdAnsibleInventory = &cli.Command{
|
||||||
|
Name: "ansible-inventory",
|
||||||
|
Usage: "Dump WireGuard configuration as Ansible inventory",
|
||||||
|
Flags: []cli.Flag{
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: "interface",
|
||||||
|
Aliases: []string{"i"},
|
||||||
|
Value: "wg0",
|
||||||
|
Usage: "Read default configuration path for the interface",
|
||||||
|
},
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: "config",
|
||||||
|
Aliases: []string{"c"},
|
||||||
|
Value: "",
|
||||||
|
DefaultText: "/etc/wireguard/<interface>.conf",
|
||||||
|
Usage: "Path to the existing WireGuard configuration file",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Action: runAnsibleInventory,
|
||||||
|
}
|
||||||
|
|
||||||
|
func runAnsibleInventory(ctx *cli.Context) error {
|
||||||
|
inter := ctx.String("interface")
|
||||||
|
config := ctx.String("config")
|
||||||
|
if !ctx.IsSet("config") {
|
||||||
|
config = "/etc/wireguard/" + inter + ".conf"
|
||||||
|
}
|
||||||
|
|
||||||
|
log.Println(config)
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
Loading…
Reference in New Issue