wg-admin 0.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 70eb93699c05f931e8904d01f703d4ec3e63d02cebd0853acd13c63a903cf02d
+  data.tar.gz: 43e8d87dc246fd7d523ef2ffe9f72b2403a19f47a83aa13a308cf6ed5fe71964
+SHA512:
+  metadata.gz: 730e5df74d993c754ac57cdf7a8a91559593ede4d8c4455145fbd3e0673f7d81869ae673ce1d07fc9819b40d5a690b7cfc6aea1d322a40304483385a42ca0fd7
+  data.tar.gz: c65568ea9955110c3b5f66940258d1bc7b07ce9bf2c912f997eea600713a9310975b383658d6540a13e6c727a040fbde04c8a46184fd9cbcc35fd50dbd8ee9df

data/.dependabot/config.yml

@@ -0,0 +1,16 @@
+version: 1
+update_configs:
+  - package_manager: "ruby:bundler"
+    directory: "/"
+    update_schedule: "live"
+    automerged_updates:
+      - match:
+          dependency_type: "development"
+          update_type: "all"
+      - match:
+          dependency_type: "production"
+          update_type: "semver:minor"
+    version_requirement_updates: auto
+    commit_message:
+      prefix: "bump"
+      include_scope: true

data/.gitignore

@@ -0,0 +1,2 @@
+mkmf.log
+pkg

data/.rspec

@@ -0,0 +1,5 @@
+--color
+--format documentation
+--tty
+--order random
+--require 'spec_helper'

data/.rubocop.yml

@@ -0,0 +1,17 @@
+require: rubocop-rspec
+
+AllCops:
+  TargetRubyVersion: 2.7
+
+  DisplayCopNames:
+    Enabled: true
+
+  DisplayStyleGuide:
+    Enabled: true
+
+Metrics/BlockLength:
+  Exclude:
+    - spec/**/*
+
+Layout/LineLength:
+  Max: 180

data/.ruby-version

@@ -0,0 +1 @@
+2.7.1

data/.travis.yml

@@ -0,0 +1,11 @@
+---
+dist: xenial
+language: ruby
+before_install:
+  - sudo add-apt-repository --yes ppa:wireguard/wireguard
+  - sudo apt-get --yes update
+  - sudo apt-get --yes install wireguard
+rvm:
+- 2.7.1
+- 2.6.6
+- 2.5.8

data/Gemfile

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+gemspec

data/Gemfile.lock

@@ -0,0 +1,135 @@
+PATH
+  remote: .
+  specs:
+    wg-admin (0.0.2)
+      thor (~> 1.0.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    aruba (0.14.14)
+      childprocess (>= 0.6.3, < 4.0.0)
+      contracts (~> 0.9)
+      cucumber (>= 1.3.19)
+      ffi (~> 1.9)
+      rspec-expectations (>= 2.99)
+      thor (>= 0.19, < 2.0)
+    ast (2.4.0)
+    backports (3.17.1)
+    builder (3.2.4)
+    byebug (11.1.3)
+    childprocess (3.0.0)
+    coderay (1.1.2)
+    contracts (0.16.0)
+    cucumber (3.1.2)
+      builder (>= 2.1.2)
+      cucumber-core (~> 3.2.0)
+      cucumber-expressions (~> 6.0.1)
+      cucumber-wire (~> 0.0.1)
+      diff-lcs (~> 1.3)
+      gherkin (~> 5.1.0)
+      multi_json (>= 1.7.5, < 2.0)
+      multi_test (>= 0.1.2)
+    cucumber-core (3.2.1)
+      backports (>= 3.8.0)
+      cucumber-tag_expressions (~> 1.1.0)
+      gherkin (~> 5.0)
+    cucumber-expressions (6.0.1)
+    cucumber-tag_expressions (1.1.1)
+    cucumber-wire (0.0.1)
+    diff-lcs (1.3)
+    ffi (1.12.2)
+    formatador (0.2.5)
+    gherkin (5.1.0)
+    guard (2.16.2)
+      formatador (>= 0.2.4)
+      listen (>= 2.7, < 4.0)
+      lumberjack (>= 1.0.12, < 2.0)
+      nenv (~> 0.1)
+      notiffany (~> 0.0)
+      pry (>= 0.9.12)
+      shellany (~> 0.0)
+      thor (>= 0.18.1)
+    guard-bundler (3.0.0)
+      bundler (>= 2.1, < 3)
+      guard (~> 2.2)
+      guard-compat (~> 1.1)
+    guard-compat (1.2.1)
+    guard-rspec (4.7.3)
+      guard (~> 2.1)
+      guard-compat (~> 1.1)
+      rspec (>= 2.99.0, < 4.0)
+    inifile (3.0.0)
+    jaro_winkler (1.5.4)
+    listen (3.2.1)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
+    lumberjack (1.2.4)
+    method_source (0.9.2)
+    multi_json (1.14.1)
+    multi_test (0.1.2)
+    nenv (0.3.0)
+    notiffany (0.1.3)
+      nenv (~> 0.1)
+      shellany (~> 0.0)
+    parallel (1.19.1)
+    parser (2.7.1.2)
+      ast (~> 2.4.0)
+    pry (0.12.2)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    pry-byebug (3.7.0)
+      byebug (~> 11.0)
+      pry (~> 0.10)
+    rainbow (3.0.0)
+    rake (13.0.1)
+    rb-fsevent (0.10.4)
+    rb-inotify (0.10.1)
+      ffi (~> 1.0)
+    rspec (3.9.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+    rspec-core (3.9.1)
+      rspec-support (~> 3.9.1)
+    rspec-expectations (3.9.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-mocks (3.9.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-support (3.9.2)
+    rubocop (0.79.0)
+      jaro_winkler (~> 1.5.1)
+      parallel (~> 1.10)
+      parser (>= 2.7.0.1)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 1.7)
+    rubocop-rspec (1.37.1)
+      rubocop (>= 0.68.1)
+    ruby-progressbar (1.10.1)
+    shellany (0.0.1)
+    thor (1.0.1)
+    unicode-display_width (1.6.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  aruba (~> 0.14.14)
+  bundler (~> 2.1)
+  guard (~> 2.16.1)
+  guard-bundler (~> 3.0.0)
+  guard-rspec (~> 4.7.3)
+  inifile (~> 3.0.0)
+  pry (~> 0.12.2)
+  pry-byebug (~> 3.7.0)
+  rake (~> 13.0.1)
+  rspec (~> 3.9.0)
+  rubocop (~> 0.79.0)
+  rubocop-rspec (~> 1.37.1)
+  wg-admin!
+
+BUNDLED WITH
+   2.1.4

data/Guardfile

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+guard :bundler do
+  require 'guard/bundler'
+  require 'guard/bundler/verify'
+  helper = Guard::Bundler::Verify.new
+  files = ['Gemfile']
+  files += Dir['*.gemspec'] if files.any? { |f| helper.uses_gemspec?(f) }
+  files.each { |file| watch(helper.real_path(file)) }
+end
+
+guard :rspec, cmd: 'bundle exec rspec' do
+  watch('spec/spec_helper.rb') { 'spec' }
+  watch(%r{^spec/unit/.+_spec\.rb$})
+  watch(%r{^spec/system/.+_spec\.rb$})
+  watch(%r{^lib/(?<module>.*/)*(?<file>.+)\.rb$}) do |m|
+    "spec/unit/#{m[:module]}#{m[:file]}_spec.rb"
+  end
+  watch(%r{^lib/(?<module>.*/)*(?<file>.+)\.rb$}) do |m|
+    "spec/system/#{m[:module]}#{m[:file]}_spec.rb"
+  end
+  watch('lib/wireguard/admin/cli.rb') { 'spec/system' }
+end

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Steffen Uhlig
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.markdown

@@ -0,0 +1,87 @@
+# `wg-admin`
+
+[![Build Status](https://travis-ci.org/uhlig-it/wg-admin.svg?branch=master)](https://travis-ci.org/uhlig-it/wg-admin)
+
+`wg-admin` is a command-line tool to administer [WireGuard](https://www.wireguard.com/) configuration files. It maintains a local database of networks, which each has a number of peers. From this database, the configuration can be rendered for all peers.
+
+Deploying the configuration is outside the scope of this project.
+
+# Add a Network
+
+The defining attribute of the configuration is a network. This is a range of IP addresses specified as `prefix/suffix`, e.g. `192.168.10.0/24` or `2001:0DB8:0:CD30::1/60`.
+
+Examples:
+
+```command
+$ wg-admin networks add 192.168.10.0/24
+```
+
+# Add a Server
+
+A `server` is a peer with a public DNS name that is reachable by all clients via public internet. It's the entry point for clients into the VPN (a.k.a. relay or bounce server).
+
+Examples:
+
+```command
+$ wg-admin servers add --name wg.example.com
+$ wg-admin servers add --name wg.example.com --ip 192.168.20.128
+```
+
+This command will add a new server with the given DNS name and a default configuration. If no IP address was passed, the next available address in the network will be used. When no port was specified, the de-facto standard port for WireGuard will be used (`51820`).
+
+# Add a Client
+
+A `client` is regular peer that does not relay (bounce) traffic. It will connect to the VPN via a server.
+
+Examples:
+
+```command
+$ wg-admin client add --name Alice
+$ wg-admin client add --name Alice --ip 192.168.20.11
+```
+
+If no IP address was passed, the next available address in the network will be used.
+
+# List Peers
+
+```command
+$ wg-admin peers list
++================+========|=================|
+| Name           | Type   | IP Addresses    |
++================+========|=================|
+| wg.example.com | server | 192.168.20.1    |
++----------------+--------|-----------------|
+| Alice          | client | 192.168.20.11   |
++----------------+--------|-----------------|
+```
+
+`TODO` If this command is run without a (pseudo) terminal, it will print the name of each peer on a single line, which allows for a convenient loop over all peers, e.g. for writing configuration files (see below for further details):
+
+```command
+$ for peer in $(wg-admin peers list); do
+  wg-admin config "$peer" > "$peer".conf
+done
+```
+
+# Generate the Config Files
+
+This command will show the configuration of the server itself as well as the necessary fragments for a particular peer:
+
+```command
+$ wg-admin config wg.example.com
+[Interface]
+Address = 192.168.20.1/24
+ListenPort = 51820
+PrivateKey = private-key-of-the-server=
+
+[Peer]
+# Name = Alice
+PublicKey = public-key-of-Alice=
+AllowedIPs = 192.168.20.11/32
+```
+
+The result is printed to `stdout` and could be redirected to a file, or piped into a QR encoder:
+
+```command
+$ wg-admin config --client=Alice | qrencode -t ANSIUTF8
+```

data/Rakefile

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+require 'bundler/gem_tasks'
+
+RSpec::Core::RakeTask.new(:spec)
+
+RuboCop::RakeTask.new do |task|
+  task.requires << 'rubocop-rspec'
+end
+
+namespace :spec do
+  desc 'Run CI tests'
+  task ci: %i[rubocop unit system]
+
+  %w[unit system].each do |type|
+    desc "Run #{type} tests"
+    RSpec::Core::RakeTask.new(type) do |t|
+      t.pattern = "spec/#{type}/**/*_spec.rb"
+    end
+  end
+end
+
+task default: 'spec:ci'

data/TODO.markdown

@@ -0,0 +1,3 @@
+* if no network is specified, and there is one and only one, use that.
+* pass the private key via command line
+* pass the public key via command line (useful when `wg` is not installed)

data/exe/wg-admin

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'wire_guard/admin/cli'
+
+WireGuard::Admin::CLI.start

data/lib/wire_guard/admin/cli.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+require 'thor'
+require 'ipaddr'
+
+require 'wire_guard/admin/repository'
+require 'wire_guard/admin/client'
+require 'wire_guard/admin/server'
+require 'wire_guard/admin/templates/client'
+require 'wire_guard/admin/templates/server'
+
+require 'wire_guard/admin/cli/helpers'
+require 'wire_guard/admin/cli/networks'
+require 'wire_guard/admin/cli/clients'
+require 'wire_guard/admin/cli/servers'
+require 'wire_guard/admin/cli/peers'
+
+module WireGuard
+  module Admin
+    #
+    # Provides all the commands
+    #
+    class CLI < Thor
+      extend ClassHelpers
+      include InstanceHelpers
+
+      def self.exit_on_failure?
+        true
+      end
+
+      package_name 'wg-admin is an opinionated tool to administer WireGuard configuration.
+
+Available'
+
+      desc 'networks SUBCOMMAND ...ARGS', 'work with networks'
+      subcommand 'networks', Networks
+
+      desc 'clients SUBCOMMAND ...ARGS', 'work with clients'
+      subcommand 'clients', Clients
+
+      desc 'servers SUBCOMMAND ...ARGS', 'work with servers'
+      subcommand 'servers', Servers
+
+      desc 'peers SUBCOMMAND ...ARGS', 'work with peers'
+      subcommand 'peers', Peers
+
+      # rubocop:disable  Metrics/MethodLength, Metrics/AbcSize
+      desc 'config PEER', 'Show the configuration of a peer'
+      long_desc 'Prints the configuration for a peer to STDOUT.'
+      method_option :network, desc: 'network', aliases: '-n', default: default_network
+      def config(name)
+        warn "Using database #{repository.path}" if options[:verbose]
+        peer = repository.find_peer(network, name)
+
+        case peer
+        when Server
+          puts Templates::Server.new(peer, repository.clients(network)).render
+        when Client
+          puts Templates::Client.new(peer, repository.servers(network)).render
+        else
+          raise "No template defined for #{peer}"
+        end
+      rescue StandardError => e
+        raise Thor::Error, "Error: #{e.message}"
+      end
+      # rubocop:enable Metrics/MethodLength, Metrics/AbcSize
+    end
+  end
+end