wg-admin 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.dependabot/config.yml +16 -0
- data/.gitignore +2 -0
- data/.rspec +5 -0
- data/.rubocop.yml +17 -0
- data/.ruby-version +1 -0
- data/.travis.yml +11 -0
- data/Gemfile +4 -0
- data/Gemfile.lock +135 -0
- data/Guardfile +23 -0
- data/LICENSE +21 -0
- data/README.markdown +87 -0
- data/Rakefile +25 -0
- data/TODO.markdown +3 -0
- data/exe/wg-admin +7 -0
- data/lib/wire_guard/admin/cli.rb +69 -0
- data/lib/wire_guard/admin/cli/clients.rb +49 -0
- data/lib/wire_guard/admin/cli/helpers.rb +52 -0
- data/lib/wire_guard/admin/cli/networks.rb +55 -0
- data/lib/wire_guard/admin/cli/peers.rb +36 -0
- data/lib/wire_guard/admin/cli/servers.rb +54 -0
- data/lib/wire_guard/admin/client.rb +87 -0
- data/lib/wire_guard/admin/repository.rb +150 -0
- data/lib/wire_guard/admin/server.rb +56 -0
- data/lib/wire_guard/admin/templates/client.rb +46 -0
- data/lib/wire_guard/admin/templates/server.rb +48 -0
- data/lib/wire_guard/admin/version.rb +7 -0
- data/wg-admin.gemspec +40 -0
- metadata +253 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 70eb93699c05f931e8904d01f703d4ec3e63d02cebd0853acd13c63a903cf02d
|
4
|
+
data.tar.gz: 43e8d87dc246fd7d523ef2ffe9f72b2403a19f47a83aa13a308cf6ed5fe71964
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 730e5df74d993c754ac57cdf7a8a91559593ede4d8c4455145fbd3e0673f7d81869ae673ce1d07fc9819b40d5a690b7cfc6aea1d322a40304483385a42ca0fd7
|
7
|
+
data.tar.gz: c65568ea9955110c3b5f66940258d1bc7b07ce9bf2c912f997eea600713a9310975b383658d6540a13e6c727a040fbde04c8a46184fd9cbcc35fd50dbd8ee9df
|
@@ -0,0 +1,16 @@
|
|
1
|
+
version: 1
|
2
|
+
update_configs:
|
3
|
+
- package_manager: "ruby:bundler"
|
4
|
+
directory: "/"
|
5
|
+
update_schedule: "live"
|
6
|
+
automerged_updates:
|
7
|
+
- match:
|
8
|
+
dependency_type: "development"
|
9
|
+
update_type: "all"
|
10
|
+
- match:
|
11
|
+
dependency_type: "production"
|
12
|
+
update_type: "semver:minor"
|
13
|
+
version_requirement_updates: auto
|
14
|
+
commit_message:
|
15
|
+
prefix: "bump"
|
16
|
+
include_scope: true
|
data/.gitignore
ADDED
data/.rspec
ADDED
data/.rubocop.yml
ADDED
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
2.7.1
|
data/.travis.yml
ADDED
data/Gemfile
ADDED
data/Gemfile.lock
ADDED
@@ -0,0 +1,135 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
wg-admin (0.0.2)
|
5
|
+
thor (~> 1.0.1)
|
6
|
+
|
7
|
+
GEM
|
8
|
+
remote: https://rubygems.org/
|
9
|
+
specs:
|
10
|
+
aruba (0.14.14)
|
11
|
+
childprocess (>= 0.6.3, < 4.0.0)
|
12
|
+
contracts (~> 0.9)
|
13
|
+
cucumber (>= 1.3.19)
|
14
|
+
ffi (~> 1.9)
|
15
|
+
rspec-expectations (>= 2.99)
|
16
|
+
thor (>= 0.19, < 2.0)
|
17
|
+
ast (2.4.0)
|
18
|
+
backports (3.17.1)
|
19
|
+
builder (3.2.4)
|
20
|
+
byebug (11.1.3)
|
21
|
+
childprocess (3.0.0)
|
22
|
+
coderay (1.1.2)
|
23
|
+
contracts (0.16.0)
|
24
|
+
cucumber (3.1.2)
|
25
|
+
builder (>= 2.1.2)
|
26
|
+
cucumber-core (~> 3.2.0)
|
27
|
+
cucumber-expressions (~> 6.0.1)
|
28
|
+
cucumber-wire (~> 0.0.1)
|
29
|
+
diff-lcs (~> 1.3)
|
30
|
+
gherkin (~> 5.1.0)
|
31
|
+
multi_json (>= 1.7.5, < 2.0)
|
32
|
+
multi_test (>= 0.1.2)
|
33
|
+
cucumber-core (3.2.1)
|
34
|
+
backports (>= 3.8.0)
|
35
|
+
cucumber-tag_expressions (~> 1.1.0)
|
36
|
+
gherkin (~> 5.0)
|
37
|
+
cucumber-expressions (6.0.1)
|
38
|
+
cucumber-tag_expressions (1.1.1)
|
39
|
+
cucumber-wire (0.0.1)
|
40
|
+
diff-lcs (1.3)
|
41
|
+
ffi (1.12.2)
|
42
|
+
formatador (0.2.5)
|
43
|
+
gherkin (5.1.0)
|
44
|
+
guard (2.16.2)
|
45
|
+
formatador (>= 0.2.4)
|
46
|
+
listen (>= 2.7, < 4.0)
|
47
|
+
lumberjack (>= 1.0.12, < 2.0)
|
48
|
+
nenv (~> 0.1)
|
49
|
+
notiffany (~> 0.0)
|
50
|
+
pry (>= 0.9.12)
|
51
|
+
shellany (~> 0.0)
|
52
|
+
thor (>= 0.18.1)
|
53
|
+
guard-bundler (3.0.0)
|
54
|
+
bundler (>= 2.1, < 3)
|
55
|
+
guard (~> 2.2)
|
56
|
+
guard-compat (~> 1.1)
|
57
|
+
guard-compat (1.2.1)
|
58
|
+
guard-rspec (4.7.3)
|
59
|
+
guard (~> 2.1)
|
60
|
+
guard-compat (~> 1.1)
|
61
|
+
rspec (>= 2.99.0, < 4.0)
|
62
|
+
inifile (3.0.0)
|
63
|
+
jaro_winkler (1.5.4)
|
64
|
+
listen (3.2.1)
|
65
|
+
rb-fsevent (~> 0.10, >= 0.10.3)
|
66
|
+
rb-inotify (~> 0.9, >= 0.9.10)
|
67
|
+
lumberjack (1.2.4)
|
68
|
+
method_source (0.9.2)
|
69
|
+
multi_json (1.14.1)
|
70
|
+
multi_test (0.1.2)
|
71
|
+
nenv (0.3.0)
|
72
|
+
notiffany (0.1.3)
|
73
|
+
nenv (~> 0.1)
|
74
|
+
shellany (~> 0.0)
|
75
|
+
parallel (1.19.1)
|
76
|
+
parser (2.7.1.2)
|
77
|
+
ast (~> 2.4.0)
|
78
|
+
pry (0.12.2)
|
79
|
+
coderay (~> 1.1.0)
|
80
|
+
method_source (~> 0.9.0)
|
81
|
+
pry-byebug (3.7.0)
|
82
|
+
byebug (~> 11.0)
|
83
|
+
pry (~> 0.10)
|
84
|
+
rainbow (3.0.0)
|
85
|
+
rake (13.0.1)
|
86
|
+
rb-fsevent (0.10.4)
|
87
|
+
rb-inotify (0.10.1)
|
88
|
+
ffi (~> 1.0)
|
89
|
+
rspec (3.9.0)
|
90
|
+
rspec-core (~> 3.9.0)
|
91
|
+
rspec-expectations (~> 3.9.0)
|
92
|
+
rspec-mocks (~> 3.9.0)
|
93
|
+
rspec-core (3.9.1)
|
94
|
+
rspec-support (~> 3.9.1)
|
95
|
+
rspec-expectations (3.9.1)
|
96
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
97
|
+
rspec-support (~> 3.9.0)
|
98
|
+
rspec-mocks (3.9.1)
|
99
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
100
|
+
rspec-support (~> 3.9.0)
|
101
|
+
rspec-support (3.9.2)
|
102
|
+
rubocop (0.79.0)
|
103
|
+
jaro_winkler (~> 1.5.1)
|
104
|
+
parallel (~> 1.10)
|
105
|
+
parser (>= 2.7.0.1)
|
106
|
+
rainbow (>= 2.2.2, < 4.0)
|
107
|
+
ruby-progressbar (~> 1.7)
|
108
|
+
unicode-display_width (>= 1.4.0, < 1.7)
|
109
|
+
rubocop-rspec (1.37.1)
|
110
|
+
rubocop (>= 0.68.1)
|
111
|
+
ruby-progressbar (1.10.1)
|
112
|
+
shellany (0.0.1)
|
113
|
+
thor (1.0.1)
|
114
|
+
unicode-display_width (1.6.1)
|
115
|
+
|
116
|
+
PLATFORMS
|
117
|
+
ruby
|
118
|
+
|
119
|
+
DEPENDENCIES
|
120
|
+
aruba (~> 0.14.14)
|
121
|
+
bundler (~> 2.1)
|
122
|
+
guard (~> 2.16.1)
|
123
|
+
guard-bundler (~> 3.0.0)
|
124
|
+
guard-rspec (~> 4.7.3)
|
125
|
+
inifile (~> 3.0.0)
|
126
|
+
pry (~> 0.12.2)
|
127
|
+
pry-byebug (~> 3.7.0)
|
128
|
+
rake (~> 13.0.1)
|
129
|
+
rspec (~> 3.9.0)
|
130
|
+
rubocop (~> 0.79.0)
|
131
|
+
rubocop-rspec (~> 1.37.1)
|
132
|
+
wg-admin!
|
133
|
+
|
134
|
+
BUNDLED WITH
|
135
|
+
2.1.4
|
data/Guardfile
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
guard :bundler do
|
4
|
+
require 'guard/bundler'
|
5
|
+
require 'guard/bundler/verify'
|
6
|
+
helper = Guard::Bundler::Verify.new
|
7
|
+
files = ['Gemfile']
|
8
|
+
files += Dir['*.gemspec'] if files.any? { |f| helper.uses_gemspec?(f) }
|
9
|
+
files.each { |file| watch(helper.real_path(file)) }
|
10
|
+
end
|
11
|
+
|
12
|
+
guard :rspec, cmd: 'bundle exec rspec' do
|
13
|
+
watch('spec/spec_helper.rb') { 'spec' }
|
14
|
+
watch(%r{^spec/unit/.+_spec\.rb$})
|
15
|
+
watch(%r{^spec/system/.+_spec\.rb$})
|
16
|
+
watch(%r{^lib/(?<module>.*/)*(?<file>.+)\.rb$}) do |m|
|
17
|
+
"spec/unit/#{m[:module]}#{m[:file]}_spec.rb"
|
18
|
+
end
|
19
|
+
watch(%r{^lib/(?<module>.*/)*(?<file>.+)\.rb$}) do |m|
|
20
|
+
"spec/system/#{m[:module]}#{m[:file]}_spec.rb"
|
21
|
+
end
|
22
|
+
watch('lib/wireguard/admin/cli.rb') { 'spec/system' }
|
23
|
+
end
|
data/LICENSE
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
MIT License
|
2
|
+
|
3
|
+
Copyright (c) 2020 Steffen Uhlig
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
13
|
+
copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
21
|
+
SOFTWARE.
|
data/README.markdown
ADDED
@@ -0,0 +1,87 @@
|
|
1
|
+
# `wg-admin`
|
2
|
+
|
3
|
+
[](https://travis-ci.org/uhlig-it/wg-admin)
|
4
|
+
|
5
|
+
`wg-admin` is a command-line tool to administer [WireGuard](https://www.wireguard.com/) configuration files. It maintains a local database of networks, which each has a number of peers. From this database, the configuration can be rendered for all peers.
|
6
|
+
|
7
|
+
Deploying the configuration is outside the scope of this project.
|
8
|
+
|
9
|
+
# Add a Network
|
10
|
+
|
11
|
+
The defining attribute of the configuration is a network. This is a range of IP addresses specified as `prefix/suffix`, e.g. `192.168.10.0/24` or `2001:0DB8:0:CD30::1/60`.
|
12
|
+
|
13
|
+
Examples:
|
14
|
+
|
15
|
+
```command
|
16
|
+
$ wg-admin networks add 192.168.10.0/24
|
17
|
+
```
|
18
|
+
|
19
|
+
# Add a Server
|
20
|
+
|
21
|
+
A `server` is a peer with a public DNS name that is reachable by all clients via public internet. It's the entry point for clients into the VPN (a.k.a. relay or bounce server).
|
22
|
+
|
23
|
+
Examples:
|
24
|
+
|
25
|
+
```command
|
26
|
+
$ wg-admin servers add --name wg.example.com
|
27
|
+
$ wg-admin servers add --name wg.example.com --ip 192.168.20.128
|
28
|
+
```
|
29
|
+
|
30
|
+
This command will add a new server with the given DNS name and a default configuration. If no IP address was passed, the next available address in the network will be used. When no port was specified, the de-facto standard port for WireGuard will be used (`51820`).
|
31
|
+
|
32
|
+
# Add a Client
|
33
|
+
|
34
|
+
A `client` is regular peer that does not relay (bounce) traffic. It will connect to the VPN via a server.
|
35
|
+
|
36
|
+
Examples:
|
37
|
+
|
38
|
+
```command
|
39
|
+
$ wg-admin client add --name Alice
|
40
|
+
$ wg-admin client add --name Alice --ip 192.168.20.11
|
41
|
+
```
|
42
|
+
|
43
|
+
If no IP address was passed, the next available address in the network will be used.
|
44
|
+
|
45
|
+
# List Peers
|
46
|
+
|
47
|
+
```command
|
48
|
+
$ wg-admin peers list
|
49
|
+
+================+========|=================|
|
50
|
+
| Name | Type | IP Addresses |
|
51
|
+
+================+========|=================|
|
52
|
+
| wg.example.com | server | 192.168.20.1 |
|
53
|
+
+----------------+--------|-----------------|
|
54
|
+
| Alice | client | 192.168.20.11 |
|
55
|
+
+----------------+--------|-----------------|
|
56
|
+
```
|
57
|
+
|
58
|
+
`TODO` If this command is run without a (pseudo) terminal, it will print the name of each peer on a single line, which allows for a convenient loop over all peers, e.g. for writing configuration files (see below for further details):
|
59
|
+
|
60
|
+
```command
|
61
|
+
$ for peer in $(wg-admin peers list); do
|
62
|
+
wg-admin config "$peer" > "$peer".conf
|
63
|
+
done
|
64
|
+
```
|
65
|
+
|
66
|
+
# Generate the Config Files
|
67
|
+
|
68
|
+
This command will show the configuration of the server itself as well as the necessary fragments for a particular peer:
|
69
|
+
|
70
|
+
```command
|
71
|
+
$ wg-admin config wg.example.com
|
72
|
+
[Interface]
|
73
|
+
Address = 192.168.20.1/24
|
74
|
+
ListenPort = 51820
|
75
|
+
PrivateKey = private-key-of-the-server=
|
76
|
+
|
77
|
+
[Peer]
|
78
|
+
# Name = Alice
|
79
|
+
PublicKey = public-key-of-Alice=
|
80
|
+
AllowedIPs = 192.168.20.11/32
|
81
|
+
```
|
82
|
+
|
83
|
+
The result is printed to `stdout` and could be redirected to a file, or piped into a QR encoder:
|
84
|
+
|
85
|
+
```command
|
86
|
+
$ wg-admin config --client=Alice | qrencode -t ANSIUTF8
|
87
|
+
```
|
data/Rakefile
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'rspec/core/rake_task'
|
4
|
+
require 'rubocop/rake_task'
|
5
|
+
require 'bundler/gem_tasks'
|
6
|
+
|
7
|
+
RSpec::Core::RakeTask.new(:spec)
|
8
|
+
|
9
|
+
RuboCop::RakeTask.new do |task|
|
10
|
+
task.requires << 'rubocop-rspec'
|
11
|
+
end
|
12
|
+
|
13
|
+
namespace :spec do
|
14
|
+
desc 'Run CI tests'
|
15
|
+
task ci: %i[rubocop unit system]
|
16
|
+
|
17
|
+
%w[unit system].each do |type|
|
18
|
+
desc "Run #{type} tests"
|
19
|
+
RSpec::Core::RakeTask.new(type) do |t|
|
20
|
+
t.pattern = "spec/#{type}/**/*_spec.rb"
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
task default: 'spec:ci'
|
data/TODO.markdown
ADDED
data/exe/wg-admin
ADDED
@@ -0,0 +1,69 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'thor'
|
4
|
+
require 'ipaddr'
|
5
|
+
|
6
|
+
require 'wire_guard/admin/repository'
|
7
|
+
require 'wire_guard/admin/client'
|
8
|
+
require 'wire_guard/admin/server'
|
9
|
+
require 'wire_guard/admin/templates/client'
|
10
|
+
require 'wire_guard/admin/templates/server'
|
11
|
+
|
12
|
+
require 'wire_guard/admin/cli/helpers'
|
13
|
+
require 'wire_guard/admin/cli/networks'
|
14
|
+
require 'wire_guard/admin/cli/clients'
|
15
|
+
require 'wire_guard/admin/cli/servers'
|
16
|
+
require 'wire_guard/admin/cli/peers'
|
17
|
+
|
18
|
+
module WireGuard
|
19
|
+
module Admin
|
20
|
+
#
|
21
|
+
# Provides all the commands
|
22
|
+
#
|
23
|
+
class CLI < Thor
|
24
|
+
extend ClassHelpers
|
25
|
+
include InstanceHelpers
|
26
|
+
|
27
|
+
def self.exit_on_failure?
|
28
|
+
true
|
29
|
+
end
|
30
|
+
|
31
|
+
package_name 'wg-admin is an opinionated tool to administer WireGuard configuration.
|
32
|
+
|
33
|
+
Available'
|
34
|
+
|
35
|
+
desc 'networks SUBCOMMAND ...ARGS', 'work with networks'
|
36
|
+
subcommand 'networks', Networks
|
37
|
+
|
38
|
+
desc 'clients SUBCOMMAND ...ARGS', 'work with clients'
|
39
|
+
subcommand 'clients', Clients
|
40
|
+
|
41
|
+
desc 'servers SUBCOMMAND ...ARGS', 'work with servers'
|
42
|
+
subcommand 'servers', Servers
|
43
|
+
|
44
|
+
desc 'peers SUBCOMMAND ...ARGS', 'work with peers'
|
45
|
+
subcommand 'peers', Peers
|
46
|
+
|
47
|
+
# rubocop:disable Metrics/MethodLength, Metrics/AbcSize
|
48
|
+
desc 'config PEER', 'Show the configuration of a peer'
|
49
|
+
long_desc 'Prints the configuration for a peer to STDOUT.'
|
50
|
+
method_option :network, desc: 'network', aliases: '-n', default: default_network
|
51
|
+
def config(name)
|
52
|
+
warn "Using database #{repository.path}" if options[:verbose]
|
53
|
+
peer = repository.find_peer(network, name)
|
54
|
+
|
55
|
+
case peer
|
56
|
+
when Server
|
57
|
+
puts Templates::Server.new(peer, repository.clients(network)).render
|
58
|
+
when Client
|
59
|
+
puts Templates::Client.new(peer, repository.servers(network)).render
|
60
|
+
else
|
61
|
+
raise "No template defined for #{peer}"
|
62
|
+
end
|
63
|
+
rescue StandardError => e
|
64
|
+
raise Thor::Error, "Error: #{e.message}"
|
65
|
+
end
|
66
|
+
# rubocop:enable Metrics/MethodLength, Metrics/AbcSize
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|