Initial project scaffold

1 year ago · 12b22792d3
10 changed files with 247 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+wireguard-negotiator
--- a/README.md
+++ b/README.md
@ -1,2 +1,25 @@
+
 # wireguard-negotiator
+
 A not-very-secure manual WireGuard negotiator
+
+## Purpose
+
+`wireguard-negotiator` is built for scenarios where a simple mechanism to exchange and manually accept WireGuard keys is needed. This makes it slightly easier to provision a group of Linux WireGuard peers that peer with a "server".
+
+In summary:
+
+* Manage "client" keys
+* Exchange keys over HTTP(S)
+* Manually gate new peers
+* Generate Ansible INI inventory
+
+## Limitations
+
+* Linux-only
+* Manages existing config files only
+* Removing peers is a manual process
+
+# Usage
+
+> TODO
--- a/cmd/approve.go
+++ b/cmd/approve.go
@ -0,0 +1,17 @@
+package cmd
+
+import (
+	//"github.com/serverwentdown/wireguard-negotiator/lib"
+	"github.com/urfave/cli/v2"
+)
+
+var CmdApprove = &cli.Command{
+	Name:   "approve",
+	Usage:  "Approve pending negotiations",
+	Action: runApprove,
+}
+
+func runApprove(ctx *cli.Context) error {
+	//client := lib.NewClient(ctx.String("server"), ctx.Bool("insecure"))
+	return nil
+}
--- a/cmd/list.go
+++ b/cmd/list.go
@ -0,0 +1,17 @@
+package cmd
+
+import (
+	//"github.com/serverwentdown/wireguard-negotiator/lib"
+	"github.com/urfave/cli/v2"
+)
+
+var CmdList = &cli.Command{
+	Name:   "list",
+	Usage:  "List all pending negotiations",
+	Action: runList,
+}
+
+func runList(ctx *cli.Context) error {
+	//client := lib.NewClient(ctx.String("server"), ctx.Bool("insecure"))
+	return nil
+}
--- a/cmd/request.go
+++ b/cmd/request.go
@ -0,0 +1,52 @@
+package cmd
+
+import (
+	"log"
+
+	"github.com/serverwentdown/wireguard-negotiator/lib"
+	"github.com/urfave/cli/v2"
+)
+
+var CmdRequest = &cli.Command{
+	Name:   "request",
+	Usage:  "Set up local WireGuard",
+	Action: runRequest,
+	Flags: []cli.Flag{
+		&cli.StringFlag{
+			Name:    "interface",
+			Aliases: []string{"i"},
+			Value:   "wg0",
+			Usage:   "Name for new WireGuard interface",
+		},
+		&cli.StringFlag{
+			Name:        "config",
+			Aliases:     []string{"c"},
+			Value:       "",
+			DefaultText: "/etc/wireguard/<interface>.conf",
+			Usage:       "Path to the WireGuard configuration file",
+		},
+		&cli.StringFlag{
+			Name:  "type",
+			Value: "none",
+			Usage: "Select network interface backend. Currently only none and networkd are implemented",
+		},
+	},
+}
+
+func runRequest(ctx *cli.Context) error {
+	inter := ctx.String("interface")
+	config := ctx.String("config")
+	if !ctx.IsSet("config") {
+		config = "/etc/wireguard/" + inter + ".conf"
+	}
+	netBackend := ctx.String("type")
+
+	client := lib.NewClient(ctx.String("server"), ctx.Bool("insecure"))
+
+	log.Println(inter)
+	log.Println(config)
+	log.Println(netBackend)
+	log.Println(client)
+
+	return nil
+}
--- a/cmd/server.go
+++ b/cmd/server.go
@ -0,0 +1,49 @@
+package cmd
+
+import (
+	"log"
+
+	"github.com/urfave/cli/v2"
+)
+
+var CmdServer = &cli.Command{
+	Name:  "server",
+	Usage: "Start the wireguard-negotiator server",
+	Flags: []cli.Flag{
+		&cli.StringFlag{
+			Name:    "interface",
+			Aliases: []string{"i"},
+			Value:   "wg0",
+			Usage:   "An existing WireGuard interface to manage",
+		},
+		&cli.StringFlag{
+			Name:        "config",
+			Aliases:     []string{"c"},
+			Value:       "",
+			DefaultText: "/etc/wireguard/<interface>.conf",
+			Usage:       "Path to the WireGuard configuration file",
+		},
+		&cli.StringFlag{
+			Name:    "listen",
+			Aliases: []string{"l"},
+			Value:   ":8080",
+			Usage:   "Listen on this address",
+		},
+	},
+	Action: runServer,
+}
+
+func runServer(ctx *cli.Context) error {
+	inter := ctx.String("interface")
+	config := ctx.String("config")
+	if !ctx.IsSet("config") {
+		config = "/etc/wireguard/" + inter + ".conf"
+	}
+	listen := ctx.String("listen")
+
+	log.Println(inter)
+	log.Println(config)
+	log.Println(listen)
+
+	return nil
+}
--- a/go.mod
+++ b/go.mod
@ -0,0 +1,5 @@
+module github.com/serverwentdown/wireguard-negotiator
+
+go 1.13
+
+require github.com/urfave/cli/v2 v2.0.0
--- a/go.sum
+++ b/go.sum
@ -0,0 +1,13 @@
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
+github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo=
+github.com/urfave/cli/v2 v2.0.0 h1:+HU9SCbu8GnEUFtIBfuUNXN39ofWViIEJIp6SURMpCg=
+github.com/urfave/cli/v2 v2.0.0/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
--- a/lib/client.go
+++ b/lib/client.go
@ -0,0 +1,29 @@
+package lib
+
+import (
+	"crypto/tls"
+	"net/http"
+)
+
+type Client struct {
+	ServerURL  string
+	httpClient *http.Client
+}
+
+func NewClient(serverURL string, insecure bool) *Client {
+	httpClient := &http.Client{}
+	if insecure {
+		httpClient.Transport = &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		}
+	}
+	return &Client{
+		ServerURL: serverURL,
+		// We don't need to set a connection timeout
+		httpClient: &http.Client{},
+	}
+}
+
+func (c *Client) Create() {
+
+}
--- a/main.go
+++ b/main.go
@ -0,0 +1,41 @@
+// wireguard-negotiator is a tool to exchange WireGuard keys over HTTP(S).
+package main // import "github.com/serverwentdown/wireguard-negotiator"
+
+import (
+	"log"
+	"os"
+
+	"github.com/serverwentdown/wireguard-negotiator/cmd"
+	"github.com/urfave/cli/v2"
+)
+
+func main() {
+	app := &cli.App{
+		Name:  "wireguard-negotiator",
+		Usage: "Exchange WireGuard keys over HTTP(S)",
+		Flags: []cli.Flag{
+			&cli.StringFlag{
+				Name:    "server",
+				Aliases: []string{"s"},
+				Usage:   "wireguard-negotiator server URL",
+				EnvVars: []string{"WGN_SERVER_URL"},
+			},
+			&cli.BoolFlag{
+				Name:    "insecure",
+				Usage:   "Disable TLS verification",
+				EnvVars: []string{"WGN_SERVER_INSECURE"},
+			},
+		},
+		Commands: []*cli.Command{
+			cmd.CmdServer,
+			cmd.CmdList,
+			cmd.CmdApprove,
+			cmd.CmdRequest,
+		},
+	}
+
+	err := app.Run(os.Args)
+	if err != nil {
+		log.Fatal(err)
+	}
+}