gf4
/
wagon
2
0
Fork 0
Code Issues 3 Pull Requests Projects Releases Wiki Activity

#9 Started installation docs

master
Keith Irwin 2023-04-07 01:32:37 -06:00
parent 2fa0afd8f1
commit 279a461659
Signed by: ki9
GPG Key ID: DF773B3F4A88DA86
2 changed files with 100 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
INSTALL.md Normal file
View File

@ -0,0 +1,96 @@
# Installing wagon
Before installing wagon, the server needs to be set up with the following basic services:
- wireguard
- bind9
- openssl ca
Theoretically, wireguard, bind9, and wagon could all live in docker containers, or none of them. If wagon is in docker but either wireguard or bind9 *aren't*, then the wagon container has to use `host` network mode.
Almost all commands in this guide need to be run as root/admin.
## 1. Wireguard
On the server, [install wireguard](https://www.wireguard.com/install/). Then modify and run these commands to set some variables:
```sh
# Choose a short lowercase name for the network
net_name=mynet
# Choose a number (between 2 and 254) for the network
net_num=99
# Find an unused UDP port between 1024 and 65535
srv_listenport=58395
```
Create the wireguard interface
```sh
srv_privkey="$(wg genkey)"
psk="$(wg genpsk)"
ip link add dev "${net_name}" type wireguard
ip addr add dev "${net_name}" "10.${net_num}.0.1/8"
echo "${srv_privkey}" | wg set "${net_name}" listen-port "${srv_listenport}" private-key /dev/stdin
ip link set up dev "${net_name}"
```
Get the server's public key and psk (copy the output of these command)
```sh
wg pubkey <<<"${srv_privkey}"
XXXXXXXXXXXXXX
echo "${psk}"
YYYYYYYYYYYYYY
```
Now on your first client, install wireguard and set these variables:
```sh
net_name=mynet # Match what's on the server
net_num=99 # Match what's on the server
srv_listenport=58395 # Match what's on the server
srv_pubkey='XXXXXXXXXXXXXX' # The public key we copied above
psk='YYYYYYYYYYYYYY' # The psk we copied above
srv_endpoint='1.2.3.4' # The server's public IP address
```
Create the interface on the client and add the server as a peer:
```sh
our_privkey="$(wg genkey)"
ip link add dev "${net_name}" type wireguard
ip addr add dev "${net_name}" "10.${net_num}.1.1/8"
echo "${our_privkey}" | wg set "${net_name}" private-key /dev/stdin \
peer "${srv_pubkey}" allowed-ips "10.0.0.0/8" endpoint "${srv_endpoint}:${srv_listenport}" persistent-keepalive 25
ip link set up dev "${net_name}"
```
Now grab the client's pubkey:
```sh
wg pubkey <<<"${our_privkey}"
ZZZZZZZZZZZZZZ
```
Go back to the server and add the client as a peer:
```sh
our_pubkey='ZZZZZZZZZZZZZZ' # From the client
wg set "${net_name}" peer "${our_pubkey}" allowed-ips "10.${net_num}.1.1/32"
```
Make sure the client can ping the server with `ping 10.${net_num}.0.1` and the server can ping the client with `ping 10.${net_num}.1.1`. If that's working, proceed to the next section.
## 2. bind9
TODO
## 3. Certificate authority
TODO
## 4. Wagon
TODO

4
README.md
View File

@ -116,6 +116,10 @@ The wireguard dashboard and admin are in a working alpha state. I have it implem
*binaries compiled from languages like c/rust/go/haskell, as long as SDKs are available.
## Installation
You want to use this half-built product on your server at your own risk? Fine, go right ahead! Take a look at [INSTALL.md](INSTALL.md). If you have trouble, ask for help in the matrix room below.
## Contributing
If you think you can help with any of these bulletpoints, come by [#wagon:gf4.pw](https://matrix.to/#/#wagon:gf4.pw) on matrix.