Browse Source

Initial project scaffold

master
Ambrose Chua 1 year ago
parent
commit
12b22792d3
  1. 1
      .gitignore
  2. 23
      README.md
  3. 17
      cmd/approve.go
  4. 17
      cmd/list.go
  5. 52
      cmd/request.go
  6. 49
      cmd/server.go
  7. 5
      go.mod
  8. 13
      go.sum
  9. 29
      lib/client.go
  10. 41
      main.go

1
.gitignore

@ -0,0 +1 @@
wireguard-negotiator

23
README.md

@ -1,2 +1,25 @@
# wireguard-negotiator
A not-very-secure manual WireGuard negotiator
## Purpose
`wireguard-negotiator` is built for scenarios where a simple mechanism to exchange and manually accept WireGuard keys is needed. This makes it slightly easier to provision a group of Linux WireGuard peers that peer with a "server".
In summary:
* Manage "client" keys
* Exchange keys over HTTP(S)
* Manually gate new peers
* Generate Ansible INI inventory
## Limitations
* Linux-only
* Manages existing config files only
* Removing peers is a manual process
# Usage
> TODO

17
cmd/approve.go

@ -0,0 +1,17 @@
package cmd
import (
//"github.com/serverwentdown/wireguard-negotiator/lib"
"github.com/urfave/cli/v2"
)
var CmdApprove = &cli.Command{
Name: "approve",
Usage: "Approve pending negotiations",
Action: runApprove,
}
func runApprove(ctx *cli.Context) error {
//client := lib.NewClient(ctx.String("server"), ctx.Bool("insecure"))
return nil
}

17
cmd/list.go

@ -0,0 +1,17 @@
package cmd
import (
//"github.com/serverwentdown/wireguard-negotiator/lib"
"github.com/urfave/cli/v2"
)
var CmdList = &cli.Command{
Name: "list",
Usage: "List all pending negotiations",
Action: runList,
}
func runList(ctx *cli.Context) error {
//client := lib.NewClient(ctx.String("server"), ctx.Bool("insecure"))
return nil
}

52
cmd/request.go

@ -0,0 +1,52 @@
package cmd
import (
"log"
"github.com/serverwentdown/wireguard-negotiator/lib"
"github.com/urfave/cli/v2"
)
var CmdRequest = &cli.Command{
Name: "request",
Usage: "Set up local WireGuard",
Action: runRequest,
Flags: []cli.Flag{
&cli.StringFlag{
Name: "interface",
Aliases: []string{"i"},
Value: "wg0",
Usage: "Name for new WireGuard interface",
},
&cli.StringFlag{
Name: "config",
Aliases: []string{"c"},
Value: "",
DefaultText: "/etc/wireguard/<interface>.conf",
Usage: "Path to the WireGuard configuration file",
},
&cli.StringFlag{
Name: "type",
Value: "none",
Usage: "Select network interface backend. Currently only none and networkd are implemented",
},
},
}
func runRequest(ctx *cli.Context) error {
inter := ctx.String("interface")
config := ctx.String("config")
if !ctx.IsSet("config") {
config = "/etc/wireguard/" + inter + ".conf"
}
netBackend := ctx.String("type")
client := lib.NewClient(ctx.String("server"), ctx.Bool("insecure"))
log.Println(inter)
log.Println(config)
log.Println(netBackend)
log.Println(client)
return nil
}

49
cmd/server.go

@ -0,0 +1,49 @@
package cmd
import (
"log"
"github.com/urfave/cli/v2"
)
var CmdServer = &cli.Command{
Name: "server",
Usage: "Start the wireguard-negotiator server",
Flags: []cli.Flag{
&cli.StringFlag{
Name: "interface",
Aliases: []string{"i"},
Value: "wg0",
Usage: "An existing WireGuard interface to manage",
},
&cli.StringFlag{
Name: "config",
Aliases: []string{"c"},
Value: "",
DefaultText: "/etc/wireguard/<interface>.conf",
Usage: "Path to the WireGuard configuration file",
},
&cli.StringFlag{
Name: "listen",
Aliases: []string{"l"},
Value: ":8080",
Usage: "Listen on this address",
},
},
Action: runServer,
}
func runServer(ctx *cli.Context) error {
inter := ctx.String("interface")
config := ctx.String("config")
if !ctx.IsSet("config") {
config = "/etc/wireguard/" + inter + ".conf"
}
listen := ctx.String("listen")
log.Println(inter)
log.Println(config)
log.Println(listen)
return nil
}

5
go.mod

@ -0,0 +1,5 @@
module github.com/serverwentdown/wireguard-negotiator
go 1.13
require github.com/urfave/cli/v2 v2.0.0

13
go.sum

@ -0,0 +1,13 @@
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo=
github.com/urfave/cli/v2 v2.0.0 h1:+HU9SCbu8GnEUFtIBfuUNXN39ofWViIEJIp6SURMpCg=
github.com/urfave/cli/v2 v2.0.0/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

29
lib/client.go

@ -0,0 +1,29 @@
package lib
import (
"crypto/tls"
"net/http"
)
type Client struct {
ServerURL string
httpClient *http.Client
}
func NewClient(serverURL string, insecure bool) *Client {
httpClient := &http.Client{}
if insecure {
httpClient.Transport = &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
}
return &Client{
ServerURL: serverURL,
// We don't need to set a connection timeout
httpClient: &http.Client{},
}
}
func (c *Client) Create() {
}

41
main.go

@ -0,0 +1,41 @@
// wireguard-negotiator is a tool to exchange WireGuard keys over HTTP(S).
package main // import "github.com/serverwentdown/wireguard-negotiator"
import (
"log"
"os"
"github.com/serverwentdown/wireguard-negotiator/cmd"
"github.com/urfave/cli/v2"
)
func main() {
app := &cli.App{
Name: "wireguard-negotiator",
Usage: "Exchange WireGuard keys over HTTP(S)",
Flags: []cli.Flag{
&cli.StringFlag{
Name: "server",
Aliases: []string{"s"},
Usage: "wireguard-negotiator server URL",
EnvVars: []string{"WGN_SERVER_URL"},
},
&cli.BoolFlag{
Name: "insecure",
Usage: "Disable TLS verification",
EnvVars: []string{"WGN_SERVER_INSECURE"},
},
},
Commands: []*cli.Command{
cmd.CmdServer,
cmd.CmdList,
cmd.CmdApprove,
cmd.CmdRequest,
},
}
err := app.Run(os.Args)
if err != nil {
log.Fatal(err)
}
}
Loading…
Cancel
Save