From 12b22792d3c4314e7286968d7272ab89d1be9ea5 Mon Sep 17 00:00:00 2001 From: Ambrose Chua Date: Thu, 19 Dec 2019 11:48:52 +0000 Subject: [PATCH] Initial project scaffold --- .gitignore | 1 + README.md | 23 ++++++++++++++++++++++ cmd/approve.go | 17 +++++++++++++++++ cmd/list.go | 17 +++++++++++++++++ cmd/request.go | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++ cmd/server.go | 49 +++++++++++++++++++++++++++++++++++++++++++++++ go.mod | 5 +++++ go.sum | 13 +++++++++++++ lib/client.go | 29 ++++++++++++++++++++++++++++ main.go | 41 +++++++++++++++++++++++++++++++++++++++ 10 files changed, 247 insertions(+) create mode 100644 .gitignore create mode 100644 cmd/approve.go create mode 100644 cmd/list.go create mode 100644 cmd/request.go create mode 100644 cmd/server.go create mode 100644 go.mod create mode 100644 go.sum create mode 100644 lib/client.go create mode 100644 main.go diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8bd4cc4 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +wireguard-negotiator diff --git a/README.md b/README.md index 78c441d..e5608b4 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,25 @@ + # wireguard-negotiator + A not-very-secure manual WireGuard negotiator + +## Purpose + +`wireguard-negotiator` is built for scenarios where a simple mechanism to exchange and manually accept WireGuard keys is needed. This makes it slightly easier to provision a group of Linux WireGuard peers that peer with a "server". + +In summary: + +* Manage "client" keys +* Exchange keys over HTTP(S) +* Manually gate new peers +* Generate Ansible INI inventory + +## Limitations + +* Linux-only +* Manages existing config files only +* Removing peers is a manual process + +# Usage + +> TODO diff --git a/cmd/approve.go b/cmd/approve.go new file mode 100644 index 0000000..87f50d9 --- /dev/null +++ b/cmd/approve.go @@ -0,0 +1,17 @@ +package cmd + +import ( + //"github.com/serverwentdown/wireguard-negotiator/lib" + "github.com/urfave/cli/v2" +) + +var CmdApprove = &cli.Command{ + Name: "approve", + Usage: "Approve pending negotiations", + Action: runApprove, +} + +func runApprove(ctx *cli.Context) error { + //client := lib.NewClient(ctx.String("server"), ctx.Bool("insecure")) + return nil +} diff --git a/cmd/list.go b/cmd/list.go new file mode 100644 index 0000000..1ebe8f6 --- /dev/null +++ b/cmd/list.go @@ -0,0 +1,17 @@ +package cmd + +import ( + //"github.com/serverwentdown/wireguard-negotiator/lib" + "github.com/urfave/cli/v2" +) + +var CmdList = &cli.Command{ + Name: "list", + Usage: "List all pending negotiations", + Action: runList, +} + +func runList(ctx *cli.Context) error { + //client := lib.NewClient(ctx.String("server"), ctx.Bool("insecure")) + return nil +} diff --git a/cmd/request.go b/cmd/request.go new file mode 100644 index 0000000..ae2998a --- /dev/null +++ b/cmd/request.go @@ -0,0 +1,52 @@ +package cmd + +import ( + "log" + + "github.com/serverwentdown/wireguard-negotiator/lib" + "github.com/urfave/cli/v2" +) + +var CmdRequest = &cli.Command{ + Name: "request", + Usage: "Set up local WireGuard", + Action: runRequest, + Flags: []cli.Flag{ + &cli.StringFlag{ + Name: "interface", + Aliases: []string{"i"}, + Value: "wg0", + Usage: "Name for new WireGuard interface", + }, + &cli.StringFlag{ + Name: "config", + Aliases: []string{"c"}, + Value: "", + DefaultText: "/etc/wireguard/.conf", + Usage: "Path to the WireGuard configuration file", + }, + &cli.StringFlag{ + Name: "type", + Value: "none", + Usage: "Select network interface backend. Currently only none and networkd are implemented", + }, + }, +} + +func runRequest(ctx *cli.Context) error { + inter := ctx.String("interface") + config := ctx.String("config") + if !ctx.IsSet("config") { + config = "/etc/wireguard/" + inter + ".conf" + } + netBackend := ctx.String("type") + + client := lib.NewClient(ctx.String("server"), ctx.Bool("insecure")) + + log.Println(inter) + log.Println(config) + log.Println(netBackend) + log.Println(client) + + return nil +} diff --git a/cmd/server.go b/cmd/server.go new file mode 100644 index 0000000..83dd117 --- /dev/null +++ b/cmd/server.go @@ -0,0 +1,49 @@ +package cmd + +import ( + "log" + + "github.com/urfave/cli/v2" +) + +var CmdServer = &cli.Command{ + Name: "server", + Usage: "Start the wireguard-negotiator server", + Flags: []cli.Flag{ + &cli.StringFlag{ + Name: "interface", + Aliases: []string{"i"}, + Value: "wg0", + Usage: "An existing WireGuard interface to manage", + }, + &cli.StringFlag{ + Name: "config", + Aliases: []string{"c"}, + Value: "", + DefaultText: "/etc/wireguard/.conf", + Usage: "Path to the WireGuard configuration file", + }, + &cli.StringFlag{ + Name: "listen", + Aliases: []string{"l"}, + Value: ":8080", + Usage: "Listen on this address", + }, + }, + Action: runServer, +} + +func runServer(ctx *cli.Context) error { + inter := ctx.String("interface") + config := ctx.String("config") + if !ctx.IsSet("config") { + config = "/etc/wireguard/" + inter + ".conf" + } + listen := ctx.String("listen") + + log.Println(inter) + log.Println(config) + log.Println(listen) + + return nil +} diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..96655b5 --- /dev/null +++ b/go.mod @@ -0,0 +1,5 @@ +module github.com/serverwentdown/wireguard-negotiator + +go 1.13 + +require github.com/urfave/cli/v2 v2.0.0 diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..0b808dd --- /dev/null +++ b/go.sum @@ -0,0 +1,13 @@ +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY= +github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= +github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo= +github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= +github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo= +github.com/urfave/cli/v2 v2.0.0 h1:+HU9SCbu8GnEUFtIBfuUNXN39ofWViIEJIp6SURMpCg= +github.com/urfave/cli/v2 v2.0.0/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/lib/client.go b/lib/client.go new file mode 100644 index 0000000..0fb0144 --- /dev/null +++ b/lib/client.go @@ -0,0 +1,29 @@ +package lib + +import ( + "crypto/tls" + "net/http" +) + +type Client struct { + ServerURL string + httpClient *http.Client +} + +func NewClient(serverURL string, insecure bool) *Client { + httpClient := &http.Client{} + if insecure { + httpClient.Transport = &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + } + } + return &Client{ + ServerURL: serverURL, + // We don't need to set a connection timeout + httpClient: &http.Client{}, + } +} + +func (c *Client) Create() { + +} diff --git a/main.go b/main.go new file mode 100644 index 0000000..b6cd3f9 --- /dev/null +++ b/main.go @@ -0,0 +1,41 @@ +// wireguard-negotiator is a tool to exchange WireGuard keys over HTTP(S). +package main // import "github.com/serverwentdown/wireguard-negotiator" + +import ( + "log" + "os" + + "github.com/serverwentdown/wireguard-negotiator/cmd" + "github.com/urfave/cli/v2" +) + +func main() { + app := &cli.App{ + Name: "wireguard-negotiator", + Usage: "Exchange WireGuard keys over HTTP(S)", + Flags: []cli.Flag{ + &cli.StringFlag{ + Name: "server", + Aliases: []string{"s"}, + Usage: "wireguard-negotiator server URL", + EnvVars: []string{"WGN_SERVER_URL"}, + }, + &cli.BoolFlag{ + Name: "insecure", + Usage: "Disable TLS verification", + EnvVars: []string{"WGN_SERVER_INSECURE"}, + }, + }, + Commands: []*cli.Command{ + cmd.CmdServer, + cmd.CmdList, + cmd.CmdApprove, + cmd.CmdRequest, + }, + } + + err := app.Run(os.Args) + if err != nil { + log.Fatal(err) + } +}