Merge 48707b7691db7dc21d9780547cced3ba91d76bfe into 537afbe95b2019ac8c32e700bd6d7dc2929e3187

2025-04-03 18:49:32 +08:00 · 2024-01-01 01:42:20 -07:00 · 2024-01-01 01:42:20 -07:00 · fbe21b5569
commit fbe21b5569
parent 537afbe95b 48707b7691
5 changed files with 167 additions and 0 deletions
--- a/vagrant/Corefile
+++ b/vagrant/Corefile
@ -0,0 +1,6 @@
+.:5353 {
+  debug
+  bind 127.0.0.1
+  bind 192.168.100.10
+  wgsd example.com. wg0
+}
--- a/vagrant/README
+++ b/vagrant/README
@ -0,0 +1,11 @@
+Quick start instructions
+
+Clone & build wgsd:
+~# go get github.com/jwhited/wgsd
+
+Start and provision VMs with Vagrant:
+~# cd ~/go/src/github.com/jwhited/wgsd/vagrant
+~# vagrant up
+
+Setup Wireguard Mesh:
+~# ./setup.sh
--- a/vagrant/Vagrantfile
+++ b/vagrant/Vagrantfile
@ -0,0 +1,53 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+
+  config.trigger.before :up do |trigger|
+      trigger.run = {inline: "cp -uvf ../../../../../bin/coredns ../../../../../bin/wgsd-client ."}
+  end
+
+  config.vm.box = "ubuntu/focal64"
+
+  config.vm.synced_folder ".", "/vagrant", type: "rsync"
+
+  config.vm.provision "shell", inline: <<-SHELL
+    apt-get -y update
+    apt-get -y install wireguard
+  SHELL
+
+  config.vm.define "registry" do |registry|
+    registry.vm.hostname = "registry"
+    registry.vm.network "private_network", ip: "192.168.33.10"
+    registry.vm.provision "shell", inline: <<-SHELL
+      wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey
+      cat > /etc/wireguard/wg0.conf << EOF
+[Interface]
+PrivateKey = $(cat /etc/wireguard/privatekey)
+Address = 192.168.100.10/24
+SaveConfig = True
+ListenPort = 51820
+EOF
+      chmod 600 /etc/wireguard/{privatekey,wg0.conf}
+      chmod 644 /etc/wireguard/publickey
+      chmod 711 /etc/wireguard
+      systemctl enable wg-quick@wg0
+      systemctl start wg-quick@wg0
+      cat > /etc/rc.local << EOF
+#!/bin/sh
+/vagrant/coredns -conf /vagrant/Corefile | logger &
+EOF
+      chmod 755 /etc/rc.local
+      sleep 1
+      /etc/rc.local
+    SHELL
+  end
+
+  (1..4).each do |i|
+      config.vm.define "client-#{i}" do |client|
+          client.vm.hostname = "client-#{i}"
+          client.vm.network "private_network", ip: "192.168.33.10#{i}"
+      end
+  end
+
+end
--- a/vagrant/add.sh
+++ b/vagrant/add.sh
@ -0,0 +1,39 @@
+#!/bin/sh
+set -eux
+
+#
+# on-board a new client
+# connect it to the registry
+#
+
+VM=$1
+ADDR=$2
+
+SERVER_KEY=$(vagrant ssh registry -- cat /etc/wireguard/publickey)
+
+vagrant ssh $VM -- sudo bash -s << EOF
+wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey
+# linux  config
+cat > /etc/wireguard/wg0.conf << CLIENTEOF
+[Interface]
+PrivateKey = \$(cat /etc/wireguard/privatekey)
+Address = $ADDR/24
+SaveConfig = True
+ListenPort = 51820
+[Peer]
+PublicKey = $SERVER_KEY
+Endpoint = 192.168.33.10:51820
+AllowedIPs = 192.168.100.10/32
+CLIENTEOF
+chmod 600 /etc/wireguard/{privatekey,wg0.conf}
+chmod 644 /etc/wireguard/publickey
+chmod 711 /etc/wireguard
+EOF
+
+CLIENT_KEY=$(vagrant ssh $VM -- cat /etc/wireguard/publickey)
+
+vagrant ssh registry -- sudo wg set wg0 peer $CLIENT_KEY allowed-ips $ADDR/32
+
+vagrant ssh $VM -- sudo systemctl enable wg-quick@wg0
+vagrant ssh $VM -- sudo systemctl restart wg-quick@wg0
+vagrant ssh $VM -- ping -c2 192.168.100.10
--- a/vagrant/setup.sh
+++ b/vagrant/setup.sh
@ -0,0 +1,58 @@
+#!/bin/bash
+set -eux
+
+#
+# connect clients to the registry
+# setup mesh between clients
+#
+
+MYDIR="$(dirname "$(readlink -f "$0")")"
+
+# setup each client to connect to the registry (on-boarding)
+"$MYDIR"/add.sh client-1 192.168.100.101
+"$MYDIR"/add.sh client-2 192.168.100.102
+"$MYDIR"/add.sh client-3 192.168.100.103
+"$MYDIR"/add.sh client-4 192.168.100.104
+
+# setup mesh connections between clients
+KEY1="$(vagrant ssh client-1 -- cat /etc/wireguard/publickey)"
+KEY2="$(vagrant ssh client-2 -- cat /etc/wireguard/publickey)"
+KEY3="$(vagrant ssh client-3 -- cat /etc/wireguard/publickey)"
+KEY4="$(vagrant ssh client-4 -- cat /etc/wireguard/publickey)"
+vagrant ssh client-1 -- sudo bash -s << EOF
+wg set wg0 peer '$KEY2' allowed-ips 192.168.100.102/32
+wg set wg0 peer '$KEY3' allowed-ips 192.168.100.103/32
+wg set wg0 peer '$KEY4' allowed-ips 192.168.100.104/32
+EOF
+vagrant ssh client-2 -- sudo bash -s << EOF
+wg set wg0 peer '$KEY1' allowed-ips 192.168.100.101/32
+wg set wg0 peer '$KEY3' allowed-ips 192.168.100.103/32
+wg set wg0 peer '$KEY4' allowed-ips 192.168.100.104/32
+EOF
+vagrant ssh client-3 -- sudo bash -s << EOF
+wg set wg0 peer '$KEY1' allowed-ips 192.168.100.101/32
+wg set wg0 peer '$KEY2' allowed-ips 192.168.100.102/32
+wg set wg0 peer '$KEY4' allowed-ips 192.168.100.104/32
+EOF
+vagrant ssh client-4 -- sudo bash -s << EOF
+wg set wg0 peer '$KEY1' allowed-ips 192.168.100.101/32
+wg set wg0 peer '$KEY2' allowed-ips 192.168.100.102/32
+wg set wg0 peer '$KEY3' allowed-ips 192.168.100.103/32
+EOF
+# wgsd magic
+vagrant ssh client-1 -- sudo /vagrant/wgsd-client -device wg0 -dns 192.168.100.10:5353 -zone example.com.
+vagrant ssh client-2 -- sudo /vagrant/wgsd-client -device wg0 -dns 192.168.100.10:5353 -zone example.com.
+vagrant ssh client-3 -- sudo /vagrant/wgsd-client -device wg0 -dns 192.168.100.10:5353 -zone example.com.
+# client-4 has been connected to 1/2/3 at this point
+
+# smoke-test: ping working means both directions work, no need for all combinations
+vagrant ssh client-1 -- bash -s << EOF
+ping -c2 192.168.100.102
+ping -c2 192.168.100.103
+ping -c2 192.168.100.104
+EOF
+vagrant ssh client-2 -- bash -s << EOF
+ping -c2 192.168.100.103
+ping -c2 192.168.100.104
+EOF
+vagrant ssh client-3 -- ping -c2 192.168.100.104