Skip to content
/ configuard Public

WireGuard Web-API that generates whole configuration on the fly.

6 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

VerKnowSys/configuard

BranchesTags

Repository files navigation

WireGuard Service

What Am I Looking At Here

This is HTTP service that manages WireGuard-server configuration via API.

Pass vault values

  • ops/wireguard/uuid - Unique UUID for Configuard.

  • ops/wireguard/address - Configuard listen address.

  • ops/wireguard/port - Configuard listen port.

  • ops/wireguard/domain - Internal network domain (for dnsmasq).

Quick install:

If you have Pass vault access:

curl -s https://raw.githubusercontent.com/VerKnowSys/configuard/master/bin/auto-setup | bash -s YOURuniqueNAME

If you don't have Pass vault:

curl -s https://raw.githubusercontent.com/VerKnowSys/configuard/master/bin/auto-setup | bash -s YOURuniqueNAME your.internal.domain http://ask-devops-for-configuard-link

Quick uninstall:

curl -s https://raw.githubusercontent.com/VerKnowSys/configuard/master/bin/auto-uninstall | bash

Assumptions:

  • small/ medium private network is fine for me

  • production system is svdOS (based on HardnedBSD/FreeBSD 12.x) x86_64 with ZFS-on-root.

  • by default /10 netmask is used for access to whole default private network: 100.64.0.0

  • by default max defined workstations: 253 (.1.2 => .1.254)

  • by default max defined instances: 64009 (.2.2 => .254.254)

Configuration:

config/config.toml contains:

uuid = "791A455F-DD50-4A61-B535-92920EA34848" # uuid is unique part of a request path
main_net = "100.64" # main network used on wireguard server
main_net_mask = "/10" # default mask for main_net
server_public_ip = "1.2.3.4" # your external wireguard server ipv4 address
server_port = 51194 # some open port on server endpoint
wireguard_bin = "/Software/Wireguard-tools/exports/wg" # full path to wg utility
wireguard_conf = "/Services/Wireguard-tools/wg0.conf" # full path to wg0.conf

Usage

workstation side, Darwin only:

  • Install latest version of Wireguard tools: brew install wireguard-tools

  • Fetch your configuration from your configuard server and store it in local configuration file: curl -X POST http://localhost:8000/your-configured-uuid/wireguard/workstation/your-user-name > /usr/local/etc/wireguard/wg0.conf

  • Use system-specific configuration: cp config/config.toml.$(uname) config/config.toml

  • Run client script on your workstation: Install Wireguard GUI from AppStore or bin/wg-workstation or bin/install (background)

remote-host-instance side, Linux or FreeBSD only:

  • Install latest version of Wireguard tools: apt install -y wireguard-tools wireguard-dkms (Ubuntu 18.x) or s i Wireguard-tools (FreeBSD 12.x + svdOS)

  • Fetch your configuration from your configuard server and store it in local configuration file: curl -X POST http://localhost:8000/your-configured-uuid/wireguard/instance/your-instance-name > /etc/wireguard/wg0.conf (Ubuntu 18.x) or curl -X POST http://localhost:8000/your-configured-uuid/wireguard/instance/your-instance-name > /Services/Wireguard-tools/wg0.conf (FreeBSD 12.x + svdOS)

  • Use system-specific configuration: cp config/config.toml.$(uname) config/config.toml

  • Run client script on your instance: bin/wg-instance (foreground) or bin/install (background)

configuard server:

  • Run under tmux (will generate all initally required files like private/pub keys): bin/configuard + bin/wg-server

  • Start service locally on 127.1:8000: ROCKET_ENV=production ROCKET_address="localhost" ROCKET_port=8000 cargo run

License:

  • BSD

  • MIT

  • Apache2

About

WireGuard Web-API that generates whole configuration on the fly.

Resources

Readme
Activity
Custom properties

Stars

6 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

1 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages