Final cleanup for distribution
parent
6fd9a371e2
commit
f2424ea1d6
23
README.md
23
README.md
|
@ -1,18 +1,17 @@
|
|||
# wgapi
|
||||
2022 Keith Irwin (ki9.gf4.pw)
|
||||
2022 Keith Irwin [ki9.gf4.pw](https://ki9.gf4.pw/)
|
||||
|
||||
### Allow cgi scripts to run as root
|
||||
wgapi is a web application for managing a large number of hosts on a wireguard network. Each host is assigned a domain name on a custom top-level-domain (TLD) and TLS certificates are signed by a custom certificate authority (CA) and provided to the user.
|
||||
|
||||
To ensure the `srv/send/wg` and `srv/send/ssl` commands can run as root, run
|
||||
## Features
|
||||
|
||||
```sh
|
||||
sudo visudo
|
||||
```
|
||||
- Multi-server federation (hub-and-spoke networking with one or more hubs)
|
||||
- No login screen; authentication is IP-based
|
||||
- Private keys are not stored in a central location
|
||||
- No database; all data are stored stored in wireguard and the nameserver
|
||||
|
||||
And add these lines:
|
||||
## Installation
|
||||
|
||||
```
|
||||
# Let http run these cgi scripts as root
|
||||
http ALL=(ALL) NOPASSWD: /path/to/wgapi/srv/send/ssl
|
||||
http ALL=(ALL) NOPASSWD: /path/to/wgapi/srv/send/wg
|
||||
```
|
||||
Installation involves multiple steps.
|
||||
|
||||
**TODO**: Write complete implementation instructions
|
35
checklist.md
35
checklist.md
|
@ -1,35 +0,0 @@
|
|||
# wgapi checklist
|
||||
|
||||
[X] user peer listing
|
||||
[X] admin peer listing
|
||||
[X] user peer adding
|
||||
[X] user peer deleting
|
||||
[X] admin peer adding
|
||||
[X] admin peer deleting
|
||||
[X] set permissions of ssl certs
|
||||
[X] Admin user add/delete frontend
|
||||
[X] admin user adding backend
|
||||
[X] admin user deleting backend
|
||||
[X] Add Loading...
|
||||
[X] Let users download ssl certs
|
||||
[X] Replace ns_lookup_rdns with ns_lookup_rxfr where applicable
|
||||
[X] Display full domain to user peers
|
||||
[X] Disable delete button for new peers on dashboard
|
||||
[X] shellcheck
|
||||
[X] Prepare config portability
|
||||
[X] Let this server route traffic for all hosts
|
||||
[X] Prevent deleting user's only peer
|
||||
[X] Remove bash errors
|
||||
[X] Move loging to STDERR
|
||||
[X] Remove extraneous checks
|
||||
[X] Federated servers
|
||||
[X] shellcheck
|
||||
[X] Check server secrets
|
||||
[X] Deploy on GF4
|
||||
[ ] Single token failure (mismatched)
|
||||
[ ] Testing
|
||||
[ ] Prepare for IPv4 exhaustion
|
||||
[ ] Move to letsencrypt-URLs
|
||||
[ ] Deduplicate code
|
||||
[ ] shellcheck
|
||||
[ ] Write tests
|
|
@ -1,5 +1,5 @@
|
|||
const API_URL = 'https://wg-admin-backend.ksn.gf4'
|
||||
const TLD = 'gf4'
|
||||
const API_URL = 'https://wg-admin-backend.myhost.mytld'
|
||||
const TLD = 'mytld'
|
||||
|
||||
function Peer(data) {
|
||||
this.domain = data.domain
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
const API_URL = 'https://wg-dashboard-backend.ksn.gf4'
|
||||
const API_URL = 'https://wg-dashboard-backend.myhost.mytld'
|
||||
|
||||
function Peer(data) {
|
||||
this.domain = data.domain
|
||||
|
|
Loading…
Reference in New Issue