Initial project scaffold
parent
908b4c440f
commit
12b22792d3
|
@ -0,0 +1 @@
|
||||||
|
wireguard-negotiator
|
23
README.md
23
README.md
|
@ -1,2 +1,25 @@
|
||||||
|
|
||||||
# wireguard-negotiator
|
# wireguard-negotiator
|
||||||
|
|
||||||
A not-very-secure manual WireGuard negotiator
|
A not-very-secure manual WireGuard negotiator
|
||||||
|
|
||||||
|
## Purpose
|
||||||
|
|
||||||
|
`wireguard-negotiator` is built for scenarios where a simple mechanism to exchange and manually accept WireGuard keys is needed. This makes it slightly easier to provision a group of Linux WireGuard peers that peer with a "server".
|
||||||
|
|
||||||
|
In summary:
|
||||||
|
|
||||||
|
* Manage "client" keys
|
||||||
|
* Exchange keys over HTTP(S)
|
||||||
|
* Manually gate new peers
|
||||||
|
* Generate Ansible INI inventory
|
||||||
|
|
||||||
|
## Limitations
|
||||||
|
|
||||||
|
* Linux-only
|
||||||
|
* Manages existing config files only
|
||||||
|
* Removing peers is a manual process
|
||||||
|
|
||||||
|
# Usage
|
||||||
|
|
||||||
|
> TODO
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
package cmd
|
||||||
|
|
||||||
|
import (
|
||||||
|
//"github.com/serverwentdown/wireguard-negotiator/lib"
|
||||||
|
"github.com/urfave/cli/v2"
|
||||||
|
)
|
||||||
|
|
||||||
|
var CmdApprove = &cli.Command{
|
||||||
|
Name: "approve",
|
||||||
|
Usage: "Approve pending negotiations",
|
||||||
|
Action: runApprove,
|
||||||
|
}
|
||||||
|
|
||||||
|
func runApprove(ctx *cli.Context) error {
|
||||||
|
//client := lib.NewClient(ctx.String("server"), ctx.Bool("insecure"))
|
||||||
|
return nil
|
||||||
|
}
|
|
@ -0,0 +1,17 @@
|
||||||
|
package cmd
|
||||||
|
|
||||||
|
import (
|
||||||
|
//"github.com/serverwentdown/wireguard-negotiator/lib"
|
||||||
|
"github.com/urfave/cli/v2"
|
||||||
|
)
|
||||||
|
|
||||||
|
var CmdList = &cli.Command{
|
||||||
|
Name: "list",
|
||||||
|
Usage: "List all pending negotiations",
|
||||||
|
Action: runList,
|
||||||
|
}
|
||||||
|
|
||||||
|
func runList(ctx *cli.Context) error {
|
||||||
|
//client := lib.NewClient(ctx.String("server"), ctx.Bool("insecure"))
|
||||||
|
return nil
|
||||||
|
}
|
|
@ -0,0 +1,52 @@
|
||||||
|
package cmd
|
||||||
|
|
||||||
|
import (
|
||||||
|
"log"
|
||||||
|
|
||||||
|
"github.com/serverwentdown/wireguard-negotiator/lib"
|
||||||
|
"github.com/urfave/cli/v2"
|
||||||
|
)
|
||||||
|
|
||||||
|
var CmdRequest = &cli.Command{
|
||||||
|
Name: "request",
|
||||||
|
Usage: "Set up local WireGuard",
|
||||||
|
Action: runRequest,
|
||||||
|
Flags: []cli.Flag{
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: "interface",
|
||||||
|
Aliases: []string{"i"},
|
||||||
|
Value: "wg0",
|
||||||
|
Usage: "Name for new WireGuard interface",
|
||||||
|
},
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: "config",
|
||||||
|
Aliases: []string{"c"},
|
||||||
|
Value: "",
|
||||||
|
DefaultText: "/etc/wireguard/<interface>.conf",
|
||||||
|
Usage: "Path to the WireGuard configuration file",
|
||||||
|
},
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: "type",
|
||||||
|
Value: "none",
|
||||||
|
Usage: "Select network interface backend. Currently only none and networkd are implemented",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
func runRequest(ctx *cli.Context) error {
|
||||||
|
inter := ctx.String("interface")
|
||||||
|
config := ctx.String("config")
|
||||||
|
if !ctx.IsSet("config") {
|
||||||
|
config = "/etc/wireguard/" + inter + ".conf"
|
||||||
|
}
|
||||||
|
netBackend := ctx.String("type")
|
||||||
|
|
||||||
|
client := lib.NewClient(ctx.String("server"), ctx.Bool("insecure"))
|
||||||
|
|
||||||
|
log.Println(inter)
|
||||||
|
log.Println(config)
|
||||||
|
log.Println(netBackend)
|
||||||
|
log.Println(client)
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
|
@ -0,0 +1,49 @@
|
||||||
|
package cmd
|
||||||
|
|
||||||
|
import (
|
||||||
|
"log"
|
||||||
|
|
||||||
|
"github.com/urfave/cli/v2"
|
||||||
|
)
|
||||||
|
|
||||||
|
var CmdServer = &cli.Command{
|
||||||
|
Name: "server",
|
||||||
|
Usage: "Start the wireguard-negotiator server",
|
||||||
|
Flags: []cli.Flag{
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: "interface",
|
||||||
|
Aliases: []string{"i"},
|
||||||
|
Value: "wg0",
|
||||||
|
Usage: "An existing WireGuard interface to manage",
|
||||||
|
},
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: "config",
|
||||||
|
Aliases: []string{"c"},
|
||||||
|
Value: "",
|
||||||
|
DefaultText: "/etc/wireguard/<interface>.conf",
|
||||||
|
Usage: "Path to the WireGuard configuration file",
|
||||||
|
},
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: "listen",
|
||||||
|
Aliases: []string{"l"},
|
||||||
|
Value: ":8080",
|
||||||
|
Usage: "Listen on this address",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Action: runServer,
|
||||||
|
}
|
||||||
|
|
||||||
|
func runServer(ctx *cli.Context) error {
|
||||||
|
inter := ctx.String("interface")
|
||||||
|
config := ctx.String("config")
|
||||||
|
if !ctx.IsSet("config") {
|
||||||
|
config = "/etc/wireguard/" + inter + ".conf"
|
||||||
|
}
|
||||||
|
listen := ctx.String("listen")
|
||||||
|
|
||||||
|
log.Println(inter)
|
||||||
|
log.Println(config)
|
||||||
|
log.Println(listen)
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
|
@ -0,0 +1,5 @@
|
||||||
|
module github.com/serverwentdown/wireguard-negotiator
|
||||||
|
|
||||||
|
go 1.13
|
||||||
|
|
||||||
|
require github.com/urfave/cli/v2 v2.0.0
|
|
@ -0,0 +1,13 @@
|
||||||
|
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||||
|
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
|
||||||
|
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
|
||||||
|
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||||
|
github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
|
||||||
|
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
|
||||||
|
github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
|
||||||
|
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
|
||||||
|
github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo=
|
||||||
|
github.com/urfave/cli/v2 v2.0.0 h1:+HU9SCbu8GnEUFtIBfuUNXN39ofWViIEJIp6SURMpCg=
|
||||||
|
github.com/urfave/cli/v2 v2.0.0/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ=
|
||||||
|
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||||
|
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
|
@ -0,0 +1,29 @@
|
||||||
|
package lib
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/tls"
|
||||||
|
"net/http"
|
||||||
|
)
|
||||||
|
|
||||||
|
type Client struct {
|
||||||
|
ServerURL string
|
||||||
|
httpClient *http.Client
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewClient(serverURL string, insecure bool) *Client {
|
||||||
|
httpClient := &http.Client{}
|
||||||
|
if insecure {
|
||||||
|
httpClient.Transport = &http.Transport{
|
||||||
|
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return &Client{
|
||||||
|
ServerURL: serverURL,
|
||||||
|
// We don't need to set a connection timeout
|
||||||
|
httpClient: &http.Client{},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Client) Create() {
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,41 @@
|
||||||
|
// wireguard-negotiator is a tool to exchange WireGuard keys over HTTP(S).
|
||||||
|
package main // import "github.com/serverwentdown/wireguard-negotiator"
|
||||||
|
|
||||||
|
import (
|
||||||
|
"log"
|
||||||
|
"os"
|
||||||
|
|
||||||
|
"github.com/serverwentdown/wireguard-negotiator/cmd"
|
||||||
|
"github.com/urfave/cli/v2"
|
||||||
|
)
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
app := &cli.App{
|
||||||
|
Name: "wireguard-negotiator",
|
||||||
|
Usage: "Exchange WireGuard keys over HTTP(S)",
|
||||||
|
Flags: []cli.Flag{
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: "server",
|
||||||
|
Aliases: []string{"s"},
|
||||||
|
Usage: "wireguard-negotiator server URL",
|
||||||
|
EnvVars: []string{"WGN_SERVER_URL"},
|
||||||
|
},
|
||||||
|
&cli.BoolFlag{
|
||||||
|
Name: "insecure",
|
||||||
|
Usage: "Disable TLS verification",
|
||||||
|
EnvVars: []string{"WGN_SERVER_INSECURE"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Commands: []*cli.Command{
|
||||||
|
cmd.CmdServer,
|
||||||
|
cmd.CmdList,
|
||||||
|
cmd.CmdApprove,
|
||||||
|
cmd.CmdRequest,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
err := app.Run(os.Args)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue