I'm not working on this project at this point in time.
Note: This branch is meant for Debian 10 / buster.
This rails application implements a webserivce (REST) API for wireguard --- similar to Mullvad's (https://www.mullvad.net/guides/wireguard-and-mullvad-vpn/).
It allows users --- identified by there account number --- to manage wireguard public keys. In return, it generates network configuration just like Mullvad.
This application does not implement any busy logic - it is uses in the Freifunk KBU network in order to provide a tinkering alternative to mullvad within the Freifunk KBU (https://kbu.freifunk.net) network.
This application provides CRUD functionality for public keys. When running on wireguard-VPN-servers, it may be used as a backend service, being called from frontend endpoints (registration portal, etc.).
Please note:
- Users are identified by a secret account ID (ie generating via makepasswd:
makepasswd --chars=20). Account IDs are unique. - Documents contain comments and additional information: In order to keep the database schema simple, all additional information is supposed to be stored using a json encoded document (NoSQL-Style).
- On errors, HTTP 422 (Unprocessable Entity) and error message are returned.
- Example call:
curl -sSL https://<endpoint> -d account="<account id>" -d document="Some text data" --data-urlencode pubkey="<publickey>" - Example result:
192.168.1.1, fc00:1234::1/128
For debugging (by users) all public keys can be retrieved. Account ID and Document remain hidden.
- Example call:
curl -sSL https://<endpoint> - Result (JSON):
[{id: 1, pubkey: AA.., created_at: '2017-01-01 18:25'},{id: 2, pubkey: BB.., created_at: '2017-01-01 19:25'}]
- Example call:
curl -X "DELETE" https://<endpoint> -d account="<account id>" - Result: HTTP 204 (No Content)
This application can be deployed as a standard ruby on rails application. For simplicity, the Debian rails package as of Debian 10 / Buster can be used.
Please note, that the deployment instructions are rather brief and assume general knowledge on deploying Ruby on Rails applications.
In addition, (ansible-wireguard-rest)[https://github.com/yanosz/ansible-wireguard-rest] can be used for ansible based deployments on Debian 9. It configures this application and a network interface accordingly.
As usual, mod_rails / phusion passenger can be used as well.
apt-get install rails git puma sudo ruby-dev
useradd -m wireguard-rest -s /bin/bash; su - wireguard-rest
wireguard-rest ALL=(root) NOPASSWD: /usr/bin/setconf wg-rest /etc/wireguard/rest.conf
Make sure that a wireguard link (default name: wg-rest) exists on your system.
git clone https://github.com/yanosz/wireguard-rest.git
config/app.ymlandconfig/rest.erb.confaccording to your needs.- When not using sqlite3, adjust
config/database.yml. Install additional packages if needed.
- Database:
rake db:migrate RAILS_ENV=production - Wireguard configuration:
rake init:wg_conf RAILS_ENV=production
Make sure, that /etc/wireguard/rest.conf is correct and applicable: sudo /usr/bin/setconf wg-rest /etc/wireguard/rest.conf
rails s -e production
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.