Initial project scaffold
parent
908b4c440f
commit
12b22792d3
|
@ -0,0 +1 @@
|
|||
wireguard-negotiator
|
23
README.md
23
README.md
|
@ -1,2 +1,25 @@
|
|||
|
||||
# wireguard-negotiator
|
||||
|
||||
A not-very-secure manual WireGuard negotiator
|
||||
|
||||
## Purpose
|
||||
|
||||
`wireguard-negotiator` is built for scenarios where a simple mechanism to exchange and manually accept WireGuard keys is needed. This makes it slightly easier to provision a group of Linux WireGuard peers that peer with a "server".
|
||||
|
||||
In summary:
|
||||
|
||||
* Manage "client" keys
|
||||
* Exchange keys over HTTP(S)
|
||||
* Manually gate new peers
|
||||
* Generate Ansible INI inventory
|
||||
|
||||
## Limitations
|
||||
|
||||
* Linux-only
|
||||
* Manages existing config files only
|
||||
* Removing peers is a manual process
|
||||
|
||||
# Usage
|
||||
|
||||
> TODO
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
package cmd
|
||||
|
||||
import (
|
||||
//"github.com/serverwentdown/wireguard-negotiator/lib"
|
||||
"github.com/urfave/cli/v2"
|
||||
)
|
||||
|
||||
var CmdApprove = &cli.Command{
|
||||
Name: "approve",
|
||||
Usage: "Approve pending negotiations",
|
||||
Action: runApprove,
|
||||
}
|
||||
|
||||
func runApprove(ctx *cli.Context) error {
|
||||
//client := lib.NewClient(ctx.String("server"), ctx.Bool("insecure"))
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,17 @@
|
|||
package cmd
|
||||
|
||||
import (
|
||||
//"github.com/serverwentdown/wireguard-negotiator/lib"
|
||||
"github.com/urfave/cli/v2"
|
||||
)
|
||||
|
||||
var CmdList = &cli.Command{
|
||||
Name: "list",
|
||||
Usage: "List all pending negotiations",
|
||||
Action: runList,
|
||||
}
|
||||
|
||||
func runList(ctx *cli.Context) error {
|
||||
//client := lib.NewClient(ctx.String("server"), ctx.Bool("insecure"))
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,52 @@
|
|||
package cmd
|
||||
|
||||
import (
|
||||
"log"
|
||||
|
||||
"github.com/serverwentdown/wireguard-negotiator/lib"
|
||||
"github.com/urfave/cli/v2"
|
||||
)
|
||||
|
||||
var CmdRequest = &cli.Command{
|
||||
Name: "request",
|
||||
Usage: "Set up local WireGuard",
|
||||
Action: runRequest,
|
||||
Flags: []cli.Flag{
|
||||
&cli.StringFlag{
|
||||
Name: "interface",
|
||||
Aliases: []string{"i"},
|
||||
Value: "wg0",
|
||||
Usage: "Name for new WireGuard interface",
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "config",
|
||||
Aliases: []string{"c"},
|
||||
Value: "",
|
||||
DefaultText: "/etc/wireguard/<interface>.conf",
|
||||
Usage: "Path to the WireGuard configuration file",
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "type",
|
||||
Value: "none",
|
||||
Usage: "Select network interface backend. Currently only none and networkd are implemented",
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
func runRequest(ctx *cli.Context) error {
|
||||
inter := ctx.String("interface")
|
||||
config := ctx.String("config")
|
||||
if !ctx.IsSet("config") {
|
||||
config = "/etc/wireguard/" + inter + ".conf"
|
||||
}
|
||||
netBackend := ctx.String("type")
|
||||
|
||||
client := lib.NewClient(ctx.String("server"), ctx.Bool("insecure"))
|
||||
|
||||
log.Println(inter)
|
||||
log.Println(config)
|
||||
log.Println(netBackend)
|
||||
log.Println(client)
|
||||
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,49 @@
|
|||
package cmd
|
||||
|
||||
import (
|
||||
"log"
|
||||
|
||||
"github.com/urfave/cli/v2"
|
||||
)
|
||||
|
||||
var CmdServer = &cli.Command{
|
||||
Name: "server",
|
||||
Usage: "Start the wireguard-negotiator server",
|
||||
Flags: []cli.Flag{
|
||||
&cli.StringFlag{
|
||||
Name: "interface",
|
||||
Aliases: []string{"i"},
|
||||
Value: "wg0",
|
||||
Usage: "An existing WireGuard interface to manage",
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "config",
|
||||
Aliases: []string{"c"},
|
||||
Value: "",
|
||||
DefaultText: "/etc/wireguard/<interface>.conf",
|
||||
Usage: "Path to the WireGuard configuration file",
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "listen",
|
||||
Aliases: []string{"l"},
|
||||
Value: ":8080",
|
||||
Usage: "Listen on this address",
|
||||
},
|
||||
},
|
||||
Action: runServer,
|
||||
}
|
||||
|
||||
func runServer(ctx *cli.Context) error {
|
||||
inter := ctx.String("interface")
|
||||
config := ctx.String("config")
|
||||
if !ctx.IsSet("config") {
|
||||
config = "/etc/wireguard/" + inter + ".conf"
|
||||
}
|
||||
listen := ctx.String("listen")
|
||||
|
||||
log.Println(inter)
|
||||
log.Println(config)
|
||||
log.Println(listen)
|
||||
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
module github.com/serverwentdown/wireguard-negotiator
|
||||
|
||||
go 1.13
|
||||
|
||||
require github.com/urfave/cli/v2 v2.0.0
|
|
@ -0,0 +1,13 @@
|
|||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
|
||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
|
||||
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
|
||||
github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
|
||||
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
|
||||
github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo=
|
||||
github.com/urfave/cli/v2 v2.0.0 h1:+HU9SCbu8GnEUFtIBfuUNXN39ofWViIEJIp6SURMpCg=
|
||||
github.com/urfave/cli/v2 v2.0.0/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
|
@ -0,0 +1,29 @@
|
|||
package lib
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
type Client struct {
|
||||
ServerURL string
|
||||
httpClient *http.Client
|
||||
}
|
||||
|
||||
func NewClient(serverURL string, insecure bool) *Client {
|
||||
httpClient := &http.Client{}
|
||||
if insecure {
|
||||
httpClient.Transport = &http.Transport{
|
||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
|
||||
}
|
||||
}
|
||||
return &Client{
|
||||
ServerURL: serverURL,
|
||||
// We don't need to set a connection timeout
|
||||
httpClient: &http.Client{},
|
||||
}
|
||||
}
|
||||
|
||||
func (c *Client) Create() {
|
||||
|
||||
}
|
|
@ -0,0 +1,41 @@
|
|||
// wireguard-negotiator is a tool to exchange WireGuard keys over HTTP(S).
|
||||
package main // import "github.com/serverwentdown/wireguard-negotiator"
|
||||
|
||||
import (
|
||||
"log"
|
||||
"os"
|
||||
|
||||
"github.com/serverwentdown/wireguard-negotiator/cmd"
|
||||
"github.com/urfave/cli/v2"
|
||||
)
|
||||
|
||||
func main() {
|
||||
app := &cli.App{
|
||||
Name: "wireguard-negotiator",
|
||||
Usage: "Exchange WireGuard keys over HTTP(S)",
|
||||
Flags: []cli.Flag{
|
||||
&cli.StringFlag{
|
||||
Name: "server",
|
||||
Aliases: []string{"s"},
|
||||
Usage: "wireguard-negotiator server URL",
|
||||
EnvVars: []string{"WGN_SERVER_URL"},
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "insecure",
|
||||
Usage: "Disable TLS verification",
|
||||
EnvVars: []string{"WGN_SERVER_INSECURE"},
|
||||
},
|
||||
},
|
||||
Commands: []*cli.Command{
|
||||
cmd.CmdServer,
|
||||
cmd.CmdList,
|
||||
cmd.CmdApprove,
|
||||
cmd.CmdRequest,
|
||||
},
|
||||
}
|
||||
|
||||
err := app.Run(os.Args)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue