mirror of
https://github.com/jwhited/wgsd.git
synced 2025-04-03 18:49:32 +08:00
Merge 48707b7691db7dc21d9780547cced3ba91d76bfe into 537afbe95b2019ac8c32e700bd6d7dc2929e3187
This commit is contained in:
commit
fbe21b5569
6
vagrant/Corefile
Normal file
6
vagrant/Corefile
Normal file
@ -0,0 +1,6 @@
|
||||
.:5353 {
|
||||
debug
|
||||
bind 127.0.0.1
|
||||
bind 192.168.100.10
|
||||
wgsd example.com. wg0
|
||||
}
|
11
vagrant/README
Normal file
11
vagrant/README
Normal file
@ -0,0 +1,11 @@
|
||||
Quick start instructions
|
||||
|
||||
Clone & build wgsd:
|
||||
~# go get github.com/jwhited/wgsd
|
||||
|
||||
Start and provision VMs with Vagrant:
|
||||
~# cd ~/go/src/github.com/jwhited/wgsd/vagrant
|
||||
~# vagrant up
|
||||
|
||||
Setup Wireguard Mesh:
|
||||
~# ./setup.sh
|
53
vagrant/Vagrantfile
vendored
Normal file
53
vagrant/Vagrantfile
vendored
Normal file
@ -0,0 +1,53 @@
|
||||
# -*- mode: ruby -*-
|
||||
# vi: set ft=ruby :
|
||||
|
||||
Vagrant.configure("2") do |config|
|
||||
|
||||
config.trigger.before :up do |trigger|
|
||||
trigger.run = {inline: "cp -uvf ../../../../../bin/coredns ../../../../../bin/wgsd-client ."}
|
||||
end
|
||||
|
||||
config.vm.box = "ubuntu/focal64"
|
||||
|
||||
config.vm.synced_folder ".", "/vagrant", type: "rsync"
|
||||
|
||||
config.vm.provision "shell", inline: <<-SHELL
|
||||
apt-get -y update
|
||||
apt-get -y install wireguard
|
||||
SHELL
|
||||
|
||||
config.vm.define "registry" do |registry|
|
||||
registry.vm.hostname = "registry"
|
||||
registry.vm.network "private_network", ip: "192.168.33.10"
|
||||
registry.vm.provision "shell", inline: <<-SHELL
|
||||
wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey
|
||||
cat > /etc/wireguard/wg0.conf << EOF
|
||||
[Interface]
|
||||
PrivateKey = $(cat /etc/wireguard/privatekey)
|
||||
Address = 192.168.100.10/24
|
||||
SaveConfig = True
|
||||
ListenPort = 51820
|
||||
EOF
|
||||
chmod 600 /etc/wireguard/{privatekey,wg0.conf}
|
||||
chmod 644 /etc/wireguard/publickey
|
||||
chmod 711 /etc/wireguard
|
||||
systemctl enable wg-quick@wg0
|
||||
systemctl start wg-quick@wg0
|
||||
cat > /etc/rc.local << EOF
|
||||
#!/bin/sh
|
||||
/vagrant/coredns -conf /vagrant/Corefile | logger &
|
||||
EOF
|
||||
chmod 755 /etc/rc.local
|
||||
sleep 1
|
||||
/etc/rc.local
|
||||
SHELL
|
||||
end
|
||||
|
||||
(1..4).each do |i|
|
||||
config.vm.define "client-#{i}" do |client|
|
||||
client.vm.hostname = "client-#{i}"
|
||||
client.vm.network "private_network", ip: "192.168.33.10#{i}"
|
||||
end
|
||||
end
|
||||
|
||||
end
|
39
vagrant/add.sh
Executable file
39
vagrant/add.sh
Executable file
@ -0,0 +1,39 @@
|
||||
#!/bin/sh
|
||||
set -eux
|
||||
|
||||
#
|
||||
# on-board a new client
|
||||
# connect it to the registry
|
||||
#
|
||||
|
||||
VM=$1
|
||||
ADDR=$2
|
||||
|
||||
SERVER_KEY=$(vagrant ssh registry -- cat /etc/wireguard/publickey)
|
||||
|
||||
vagrant ssh $VM -- sudo bash -s << EOF
|
||||
wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey
|
||||
# linux config
|
||||
cat > /etc/wireguard/wg0.conf << CLIENTEOF
|
||||
[Interface]
|
||||
PrivateKey = \$(cat /etc/wireguard/privatekey)
|
||||
Address = $ADDR/24
|
||||
SaveConfig = True
|
||||
ListenPort = 51820
|
||||
[Peer]
|
||||
PublicKey = $SERVER_KEY
|
||||
Endpoint = 192.168.33.10:51820
|
||||
AllowedIPs = 192.168.100.10/32
|
||||
CLIENTEOF
|
||||
chmod 600 /etc/wireguard/{privatekey,wg0.conf}
|
||||
chmod 644 /etc/wireguard/publickey
|
||||
chmod 711 /etc/wireguard
|
||||
EOF
|
||||
|
||||
CLIENT_KEY=$(vagrant ssh $VM -- cat /etc/wireguard/publickey)
|
||||
|
||||
vagrant ssh registry -- sudo wg set wg0 peer $CLIENT_KEY allowed-ips $ADDR/32
|
||||
|
||||
vagrant ssh $VM -- sudo systemctl enable wg-quick@wg0
|
||||
vagrant ssh $VM -- sudo systemctl restart wg-quick@wg0
|
||||
vagrant ssh $VM -- ping -c2 192.168.100.10
|
58
vagrant/setup.sh
Executable file
58
vagrant/setup.sh
Executable file
@ -0,0 +1,58 @@
|
||||
#!/bin/bash
|
||||
set -eux
|
||||
|
||||
#
|
||||
# connect clients to the registry
|
||||
# setup mesh between clients
|
||||
#
|
||||
|
||||
MYDIR="$(dirname "$(readlink -f "$0")")"
|
||||
|
||||
# setup each client to connect to the registry (on-boarding)
|
||||
"$MYDIR"/add.sh client-1 192.168.100.101
|
||||
"$MYDIR"/add.sh client-2 192.168.100.102
|
||||
"$MYDIR"/add.sh client-3 192.168.100.103
|
||||
"$MYDIR"/add.sh client-4 192.168.100.104
|
||||
|
||||
# setup mesh connections between clients
|
||||
KEY1="$(vagrant ssh client-1 -- cat /etc/wireguard/publickey)"
|
||||
KEY2="$(vagrant ssh client-2 -- cat /etc/wireguard/publickey)"
|
||||
KEY3="$(vagrant ssh client-3 -- cat /etc/wireguard/publickey)"
|
||||
KEY4="$(vagrant ssh client-4 -- cat /etc/wireguard/publickey)"
|
||||
vagrant ssh client-1 -- sudo bash -s << EOF
|
||||
wg set wg0 peer '$KEY2' allowed-ips 192.168.100.102/32
|
||||
wg set wg0 peer '$KEY3' allowed-ips 192.168.100.103/32
|
||||
wg set wg0 peer '$KEY4' allowed-ips 192.168.100.104/32
|
||||
EOF
|
||||
vagrant ssh client-2 -- sudo bash -s << EOF
|
||||
wg set wg0 peer '$KEY1' allowed-ips 192.168.100.101/32
|
||||
wg set wg0 peer '$KEY3' allowed-ips 192.168.100.103/32
|
||||
wg set wg0 peer '$KEY4' allowed-ips 192.168.100.104/32
|
||||
EOF
|
||||
vagrant ssh client-3 -- sudo bash -s << EOF
|
||||
wg set wg0 peer '$KEY1' allowed-ips 192.168.100.101/32
|
||||
wg set wg0 peer '$KEY2' allowed-ips 192.168.100.102/32
|
||||
wg set wg0 peer '$KEY4' allowed-ips 192.168.100.104/32
|
||||
EOF
|
||||
vagrant ssh client-4 -- sudo bash -s << EOF
|
||||
wg set wg0 peer '$KEY1' allowed-ips 192.168.100.101/32
|
||||
wg set wg0 peer '$KEY2' allowed-ips 192.168.100.102/32
|
||||
wg set wg0 peer '$KEY3' allowed-ips 192.168.100.103/32
|
||||
EOF
|
||||
# wgsd magic
|
||||
vagrant ssh client-1 -- sudo /vagrant/wgsd-client -device wg0 -dns 192.168.100.10:5353 -zone example.com.
|
||||
vagrant ssh client-2 -- sudo /vagrant/wgsd-client -device wg0 -dns 192.168.100.10:5353 -zone example.com.
|
||||
vagrant ssh client-3 -- sudo /vagrant/wgsd-client -device wg0 -dns 192.168.100.10:5353 -zone example.com.
|
||||
# client-4 has been connected to 1/2/3 at this point
|
||||
|
||||
# smoke-test: ping working means both directions work, no need for all combinations
|
||||
vagrant ssh client-1 -- bash -s << EOF
|
||||
ping -c2 192.168.100.102
|
||||
ping -c2 192.168.100.103
|
||||
ping -c2 192.168.100.104
|
||||
EOF
|
||||
vagrant ssh client-2 -- bash -s << EOF
|
||||
ping -c2 192.168.100.103
|
||||
ping -c2 192.168.100.104
|
||||
EOF
|
||||
vagrant ssh client-3 -- ping -c2 192.168.100.104
|
Loading…
x
Reference in New Issue
Block a user