wg-admin 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 70eb93699c05f931e8904d01f703d4ec3e63d02cebd0853acd13c63a903cf02d
4
+ data.tar.gz: 43e8d87dc246fd7d523ef2ffe9f72b2403a19f47a83aa13a308cf6ed5fe71964
5
+ SHA512:
6
+ metadata.gz: 730e5df74d993c754ac57cdf7a8a91559593ede4d8c4455145fbd3e0673f7d81869ae673ce1d07fc9819b40d5a690b7cfc6aea1d322a40304483385a42ca0fd7
7
+ data.tar.gz: c65568ea9955110c3b5f66940258d1bc7b07ce9bf2c912f997eea600713a9310975b383658d6540a13e6c727a040fbde04c8a46184fd9cbcc35fd50dbd8ee9df
@@ -0,0 +1,16 @@
1
+ version: 1
2
+ update_configs:
3
+ - package_manager: "ruby:bundler"
4
+ directory: "/"
5
+ update_schedule: "live"
6
+ automerged_updates:
7
+ - match:
8
+ dependency_type: "development"
9
+ update_type: "all"
10
+ - match:
11
+ dependency_type: "production"
12
+ update_type: "semver:minor"
13
+ version_requirement_updates: auto
14
+ commit_message:
15
+ prefix: "bump"
16
+ include_scope: true
data/.gitignore ADDED
@@ -0,0 +1,2 @@
1
+ mkmf.log
2
+ pkg
data/.rspec ADDED
@@ -0,0 +1,5 @@
1
+ --color
2
+ --format documentation
3
+ --tty
4
+ --order random
5
+ --require 'spec_helper'
data/.rubocop.yml ADDED
@@ -0,0 +1,17 @@
1
+ require: rubocop-rspec
2
+
3
+ AllCops:
4
+ TargetRubyVersion: 2.7
5
+
6
+ DisplayCopNames:
7
+ Enabled: true
8
+
9
+ DisplayStyleGuide:
10
+ Enabled: true
11
+
12
+ Metrics/BlockLength:
13
+ Exclude:
14
+ - spec/**/*
15
+
16
+ Layout/LineLength:
17
+ Max: 180
data/.ruby-version ADDED
@@ -0,0 +1 @@
1
+ 2.7.1
data/.travis.yml ADDED
@@ -0,0 +1,11 @@
1
+ ---
2
+ dist: xenial
3
+ language: ruby
4
+ before_install:
5
+ - sudo add-apt-repository --yes ppa:wireguard/wireguard
6
+ - sudo apt-get --yes update
7
+ - sudo apt-get --yes install wireguard
8
+ rvm:
9
+ - 2.7.1
10
+ - 2.6.6
11
+ - 2.5.8
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ # frozen_string_literal: true
2
+
3
+ source 'https://rubygems.org'
4
+ gemspec
data/Gemfile.lock ADDED
@@ -0,0 +1,135 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ wg-admin (0.0.2)
5
+ thor (~> 1.0.1)
6
+
7
+ GEM
8
+ remote: https://rubygems.org/
9
+ specs:
10
+ aruba (0.14.14)
11
+ childprocess (>= 0.6.3, < 4.0.0)
12
+ contracts (~> 0.9)
13
+ cucumber (>= 1.3.19)
14
+ ffi (~> 1.9)
15
+ rspec-expectations (>= 2.99)
16
+ thor (>= 0.19, < 2.0)
17
+ ast (2.4.0)
18
+ backports (3.17.1)
19
+ builder (3.2.4)
20
+ byebug (11.1.3)
21
+ childprocess (3.0.0)
22
+ coderay (1.1.2)
23
+ contracts (0.16.0)
24
+ cucumber (3.1.2)
25
+ builder (>= 2.1.2)
26
+ cucumber-core (~> 3.2.0)
27
+ cucumber-expressions (~> 6.0.1)
28
+ cucumber-wire (~> 0.0.1)
29
+ diff-lcs (~> 1.3)
30
+ gherkin (~> 5.1.0)
31
+ multi_json (>= 1.7.5, < 2.0)
32
+ multi_test (>= 0.1.2)
33
+ cucumber-core (3.2.1)
34
+ backports (>= 3.8.0)
35
+ cucumber-tag_expressions (~> 1.1.0)
36
+ gherkin (~> 5.0)
37
+ cucumber-expressions (6.0.1)
38
+ cucumber-tag_expressions (1.1.1)
39
+ cucumber-wire (0.0.1)
40
+ diff-lcs (1.3)
41
+ ffi (1.12.2)
42
+ formatador (0.2.5)
43
+ gherkin (5.1.0)
44
+ guard (2.16.2)
45
+ formatador (>= 0.2.4)
46
+ listen (>= 2.7, < 4.0)
47
+ lumberjack (>= 1.0.12, < 2.0)
48
+ nenv (~> 0.1)
49
+ notiffany (~> 0.0)
50
+ pry (>= 0.9.12)
51
+ shellany (~> 0.0)
52
+ thor (>= 0.18.1)
53
+ guard-bundler (3.0.0)
54
+ bundler (>= 2.1, < 3)
55
+ guard (~> 2.2)
56
+ guard-compat (~> 1.1)
57
+ guard-compat (1.2.1)
58
+ guard-rspec (4.7.3)
59
+ guard (~> 2.1)
60
+ guard-compat (~> 1.1)
61
+ rspec (>= 2.99.0, < 4.0)
62
+ inifile (3.0.0)
63
+ jaro_winkler (1.5.4)
64
+ listen (3.2.1)
65
+ rb-fsevent (~> 0.10, >= 0.10.3)
66
+ rb-inotify (~> 0.9, >= 0.9.10)
67
+ lumberjack (1.2.4)
68
+ method_source (0.9.2)
69
+ multi_json (1.14.1)
70
+ multi_test (0.1.2)
71
+ nenv (0.3.0)
72
+ notiffany (0.1.3)
73
+ nenv (~> 0.1)
74
+ shellany (~> 0.0)
75
+ parallel (1.19.1)
76
+ parser (2.7.1.2)
77
+ ast (~> 2.4.0)
78
+ pry (0.12.2)
79
+ coderay (~> 1.1.0)
80
+ method_source (~> 0.9.0)
81
+ pry-byebug (3.7.0)
82
+ byebug (~> 11.0)
83
+ pry (~> 0.10)
84
+ rainbow (3.0.0)
85
+ rake (13.0.1)
86
+ rb-fsevent (0.10.4)
87
+ rb-inotify (0.10.1)
88
+ ffi (~> 1.0)
89
+ rspec (3.9.0)
90
+ rspec-core (~> 3.9.0)
91
+ rspec-expectations (~> 3.9.0)
92
+ rspec-mocks (~> 3.9.0)
93
+ rspec-core (3.9.1)
94
+ rspec-support (~> 3.9.1)
95
+ rspec-expectations (3.9.1)
96
+ diff-lcs (>= 1.2.0, < 2.0)
97
+ rspec-support (~> 3.9.0)
98
+ rspec-mocks (3.9.1)
99
+ diff-lcs (>= 1.2.0, < 2.0)
100
+ rspec-support (~> 3.9.0)
101
+ rspec-support (3.9.2)
102
+ rubocop (0.79.0)
103
+ jaro_winkler (~> 1.5.1)
104
+ parallel (~> 1.10)
105
+ parser (>= 2.7.0.1)
106
+ rainbow (>= 2.2.2, < 4.0)
107
+ ruby-progressbar (~> 1.7)
108
+ unicode-display_width (>= 1.4.0, < 1.7)
109
+ rubocop-rspec (1.37.1)
110
+ rubocop (>= 0.68.1)
111
+ ruby-progressbar (1.10.1)
112
+ shellany (0.0.1)
113
+ thor (1.0.1)
114
+ unicode-display_width (1.6.1)
115
+
116
+ PLATFORMS
117
+ ruby
118
+
119
+ DEPENDENCIES
120
+ aruba (~> 0.14.14)
121
+ bundler (~> 2.1)
122
+ guard (~> 2.16.1)
123
+ guard-bundler (~> 3.0.0)
124
+ guard-rspec (~> 4.7.3)
125
+ inifile (~> 3.0.0)
126
+ pry (~> 0.12.2)
127
+ pry-byebug (~> 3.7.0)
128
+ rake (~> 13.0.1)
129
+ rspec (~> 3.9.0)
130
+ rubocop (~> 0.79.0)
131
+ rubocop-rspec (~> 1.37.1)
132
+ wg-admin!
133
+
134
+ BUNDLED WITH
135
+ 2.1.4
data/Guardfile ADDED
@@ -0,0 +1,23 @@
1
+ # frozen_string_literal: true
2
+
3
+ guard :bundler do
4
+ require 'guard/bundler'
5
+ require 'guard/bundler/verify'
6
+ helper = Guard::Bundler::Verify.new
7
+ files = ['Gemfile']
8
+ files += Dir['*.gemspec'] if files.any? { |f| helper.uses_gemspec?(f) }
9
+ files.each { |file| watch(helper.real_path(file)) }
10
+ end
11
+
12
+ guard :rspec, cmd: 'bundle exec rspec' do
13
+ watch('spec/spec_helper.rb') { 'spec' }
14
+ watch(%r{^spec/unit/.+_spec\.rb$})
15
+ watch(%r{^spec/system/.+_spec\.rb$})
16
+ watch(%r{^lib/(?<module>.*/)*(?<file>.+)\.rb$}) do |m|
17
+ "spec/unit/#{m[:module]}#{m[:file]}_spec.rb"
18
+ end
19
+ watch(%r{^lib/(?<module>.*/)*(?<file>.+)\.rb$}) do |m|
20
+ "spec/system/#{m[:module]}#{m[:file]}_spec.rb"
21
+ end
22
+ watch('lib/wireguard/admin/cli.rb') { 'spec/system' }
23
+ end
data/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2020 Steffen Uhlig
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
data/README.markdown ADDED
@@ -0,0 +1,87 @@
1
+ # `wg-admin`
2
+
3
+ [![Build Status](https://travis-ci.org/uhlig-it/wg-admin.svg?branch=master)](https://travis-ci.org/uhlig-it/wg-admin)
4
+
5
+ `wg-admin` is a command-line tool to administer [WireGuard](https://www.wireguard.com/) configuration files. It maintains a local database of networks, which each has a number of peers. From this database, the configuration can be rendered for all peers.
6
+
7
+ Deploying the configuration is outside the scope of this project.
8
+
9
+ # Add a Network
10
+
11
+ The defining attribute of the configuration is a network. This is a range of IP addresses specified as `prefix/suffix`, e.g. `192.168.10.0/24` or `2001:0DB8:0:CD30::1/60`.
12
+
13
+ Examples:
14
+
15
+ ```command
16
+ $ wg-admin networks add 192.168.10.0/24
17
+ ```
18
+
19
+ # Add a Server
20
+
21
+ A `server` is a peer with a public DNS name that is reachable by all clients via public internet. It's the entry point for clients into the VPN (a.k.a. relay or bounce server).
22
+
23
+ Examples:
24
+
25
+ ```command
26
+ $ wg-admin servers add --name wg.example.com
27
+ $ wg-admin servers add --name wg.example.com --ip 192.168.20.128
28
+ ```
29
+
30
+ This command will add a new server with the given DNS name and a default configuration. If no IP address was passed, the next available address in the network will be used. When no port was specified, the de-facto standard port for WireGuard will be used (`51820`).
31
+
32
+ # Add a Client
33
+
34
+ A `client` is regular peer that does not relay (bounce) traffic. It will connect to the VPN via a server.
35
+
36
+ Examples:
37
+
38
+ ```command
39
+ $ wg-admin client add --name Alice
40
+ $ wg-admin client add --name Alice --ip 192.168.20.11
41
+ ```
42
+
43
+ If no IP address was passed, the next available address in the network will be used.
44
+
45
+ # List Peers
46
+
47
+ ```command
48
+ $ wg-admin peers list
49
+ +================+========|=================|
50
+ | Name | Type | IP Addresses |
51
+ +================+========|=================|
52
+ | wg.example.com | server | 192.168.20.1 |
53
+ +----------------+--------|-----------------|
54
+ | Alice | client | 192.168.20.11 |
55
+ +----------------+--------|-----------------|
56
+ ```
57
+
58
+ `TODO` If this command is run without a (pseudo) terminal, it will print the name of each peer on a single line, which allows for a convenient loop over all peers, e.g. for writing configuration files (see below for further details):
59
+
60
+ ```command
61
+ $ for peer in $(wg-admin peers list); do
62
+ wg-admin config "$peer" > "$peer".conf
63
+ done
64
+ ```
65
+
66
+ # Generate the Config Files
67
+
68
+ This command will show the configuration of the server itself as well as the necessary fragments for a particular peer:
69
+
70
+ ```command
71
+ $ wg-admin config wg.example.com
72
+ [Interface]
73
+ Address = 192.168.20.1/24
74
+ ListenPort = 51820
75
+ PrivateKey = private-key-of-the-server=
76
+
77
+ [Peer]
78
+ # Name = Alice
79
+ PublicKey = public-key-of-Alice=
80
+ AllowedIPs = 192.168.20.11/32
81
+ ```
82
+
83
+ The result is printed to `stdout` and could be redirected to a file, or piped into a QR encoder:
84
+
85
+ ```command
86
+ $ wg-admin config --client=Alice | qrencode -t ANSIUTF8
87
+ ```
data/Rakefile ADDED
@@ -0,0 +1,25 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'rspec/core/rake_task'
4
+ require 'rubocop/rake_task'
5
+ require 'bundler/gem_tasks'
6
+
7
+ RSpec::Core::RakeTask.new(:spec)
8
+
9
+ RuboCop::RakeTask.new do |task|
10
+ task.requires << 'rubocop-rspec'
11
+ end
12
+
13
+ namespace :spec do
14
+ desc 'Run CI tests'
15
+ task ci: %i[rubocop unit system]
16
+
17
+ %w[unit system].each do |type|
18
+ desc "Run #{type} tests"
19
+ RSpec::Core::RakeTask.new(type) do |t|
20
+ t.pattern = "spec/#{type}/**/*_spec.rb"
21
+ end
22
+ end
23
+ end
24
+
25
+ task default: 'spec:ci'
data/TODO.markdown ADDED
@@ -0,0 +1,3 @@
1
+ * if no network is specified, and there is one and only one, use that.
2
+ * pass the private key via command line
3
+ * pass the public key via command line (useful when `wg` is not installed)
data/exe/wg-admin ADDED
@@ -0,0 +1,7 @@
1
+ #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
3
+
4
+ require 'bundler/setup'
5
+ require 'wire_guard/admin/cli'
6
+
7
+ WireGuard::Admin::CLI.start
@@ -0,0 +1,69 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'thor'
4
+ require 'ipaddr'
5
+
6
+ require 'wire_guard/admin/repository'
7
+ require 'wire_guard/admin/client'
8
+ require 'wire_guard/admin/server'
9
+ require 'wire_guard/admin/templates/client'
10
+ require 'wire_guard/admin/templates/server'
11
+
12
+ require 'wire_guard/admin/cli/helpers'
13
+ require 'wire_guard/admin/cli/networks'
14
+ require 'wire_guard/admin/cli/clients'
15
+ require 'wire_guard/admin/cli/servers'
16
+ require 'wire_guard/admin/cli/peers'
17
+
18
+ module WireGuard
19
+ module Admin
20
+ #
21
+ # Provides all the commands
22
+ #
23
+ class CLI < Thor
24
+ extend ClassHelpers
25
+ include InstanceHelpers
26
+
27
+ def self.exit_on_failure?
28
+ true
29
+ end
30
+
31
+ package_name 'wg-admin is an opinionated tool to administer WireGuard configuration.
32
+
33
+ Available'
34
+
35
+ desc 'networks SUBCOMMAND ...ARGS', 'work with networks'
36
+ subcommand 'networks', Networks
37
+
38
+ desc 'clients SUBCOMMAND ...ARGS', 'work with clients'
39
+ subcommand 'clients', Clients
40
+
41
+ desc 'servers SUBCOMMAND ...ARGS', 'work with servers'
42
+ subcommand 'servers', Servers
43
+
44
+ desc 'peers SUBCOMMAND ...ARGS', 'work with peers'
45
+ subcommand 'peers', Peers
46
+
47
+ # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
48
+ desc 'config PEER', 'Show the configuration of a peer'
49
+ long_desc 'Prints the configuration for a peer to STDOUT.'
50
+ method_option :network, desc: 'network', aliases: '-n', default: default_network
51
+ def config(name)
52
+ warn "Using database #{repository.path}" if options[:verbose]
53
+ peer = repository.find_peer(network, name)
54
+
55
+ case peer
56
+ when Server
57
+ puts Templates::Server.new(peer, repository.clients(network)).render
58
+ when Client
59
+ puts Templates::Client.new(peer, repository.servers(network)).render
60
+ else
61
+ raise "No template defined for #{peer}"
62
+ end
63
+ rescue StandardError => e
64
+ raise Thor::Error, "Error: #{e.message}"
65
+ end
66
+ # rubocop:enable Metrics/MethodLength, Metrics/AbcSize
67
+ end
68
+ end
69
+ end