{"id":16265103,"url":"https://github.com/apocas/wireguarode","last_synced_at":"2025-10-03T22:52:07.392Z","repository":{"id":143671933,"uuid":"616632782","full_name":"apocas/wireguarode","owner":"apocas","description":"Wireguard with ACLs and TOTP 2FA","archived":false,"fork":false,"pushed_at":"2023-03-28T01:26:46.000Z","size":66,"stargazers_count":9,"open_issues_count":0,"forks_count":0,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-01-08T02:57:10.671Z","etag":null,"topics":["acls","iptables","javascript","nodejs","security","vpn","wireguard"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/apocas.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-20T19:14:04.000Z","updated_at":"2024-11-27T01:21:11.000Z","dependencies_parsed_at":"2023-05-20T08:00:23.062Z","dependency_job_id":null,"html_url":"https://github.com/apocas/wireguarode","commit_stats":{"total_commits":47,"total_committers":1,"mean_commits":47.0,"dds":0.0,"last_synced_commit":"8af93d5cd286c759f96617067e27603e1ccd26c1"},"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apocas%2Fwireguarode","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apocas%2Fwireguarode/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apocas%2Fwireguarode/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apocas%2Fwireguarode/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apocas","download_url":"https://codeload.github.com/apocas/wireguarode/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":233496550,"owners_count":18684942,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acls","iptables","javascript","nodejs","security","vpn","wireguard"],"created_at":"2024-10-10T17:06:14.389Z","updated_at":"2025-09-18T15:33:00.899Z","avatar_url":"https://github.com/apocas.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Wireguarode\n\n* Wireguarode allows to easily manage a Wireguard installation with ACLs and 2FA (TOTP) peer authentication.\n* It works with a main JSON file as input/config, allowing to allocate peers to groups, manage ACLs, and enable 2FA TOTP authentication.\n* Wireguarode can be used both as a library and a CLI tool.\n* Leverages `iptables` to acomplish all this.\n\n## Features\n\n- Accepts JSON configuration file\n- Group-based peer allocation\n- Access Control Lists (ACL) management\n- Two-Factor Authentication (2FA) with Time-based One-Time Password (TOTP)\n- Library and CLI usage\n\n## Installation\n\nTo install Wireguarode, run the following command:\n\n```bash\nnpm install -g wireguarode\n```\n\nYou need to have Wireguard already installed, `wireguarode` defaults to `/etc/wireguard/...` but it's possible to specify a different path.\n\n## Usage\n\n### As a CLI tool\n\nTo use Wireguarode as a CLI tool, simply provide the path to your JSON configuration file as an argument:\n\n```bash\nwireguarode --help\nwireguarode group --help\nwireguarode peer --help\n```\n\n#### Example use case\n\n* Create two groups of peers one called \"operator\" that can only access a specific IP address and port and an unrestricted one called \"god\".\n* Add a new peer that belongs to the operator group.\n\n```bash\nwireguarode group add operator\nwireguarode group adddestination operator tcp://192.168.1.10:443\nwireguarode group adddestination operator tcp://192.168.1.10:22\nwireguarode group add god\nwireguarode peer add --identifier john.doe2@rainbow --key XXXXXXX --address 10.15.12.4 --group operator\nwireguarode reload\n```\n\n### 2FA\n\n```bash\nwireguarode peer secret john.doe1@rainbow\n\u003e Secret generated: otpauth://totp/wireguarode:john.doe1%40rainbow?secret=XXXXXXXXXXXX\u0026period=30\u0026digits=6\u0026algorithm=SHA1\u0026issuer=wireguarode\n\nwireguarode reload\n```\n\n#### CLI Commands\n\nWireguarode supports several CLI commands for different operations:\n\n- `save`: Save the configuration file to a specified optional path.\n- `generate`: Generate Wireguard configuration files and save them to a specified path.\n\nGroup Commands:\n\n- `add`: Add a new group.\n- `remove`: Remove an existing group.\n- `adddestination`: Add a destination (IP, port, and protocol) to an existing group.\n- `removedestination`: Remove a destination (IP, port, and protocol) from an existing group.\n\nPeer Commands:\n\n- `activate`: Activate a peer using a TOTP code.\n- `deactivate`: Deactivate a peer.\n- `secret`: Activate 2FA for a peer.\n- `expire`: Expire peers based on the maximum minutes since their last login (default: 24 hours).\n- `add`: Add a new peer.\n\nTo use a command, pass it as an argument followed by the configuration file:\n\n```bash\nwireguarode \u003ccommand\u003e [arguments]\n```\n\n### As a library\n\nTo use Wireguarode as a library, first install it as a dependency in your project:\n\n```bash\nnpm install wireguarode\n```\n\nThen, you can import and use it in your project:\n\n```javascript\nconst wireguarode = require('wireguarode');\n\n// Load your WireGuard configuration JSON\nconst config = require('./path/to/your/config.json');\n\n// Instantiate Wireguarode \nvar wireguard = new Wireguard();\nwireguard.loadConfig(config);\n```\n\n## Configuration\n\n* Wireguarode uses a JSON file for its configuration.\n* The following configuration will automatically generate the files that are in the `output_example` folder.\n\n```json\n{\n  \"addresses\": [\n    \"192.168.1.1\"\n  ],\n  \"enforce2fa\": false,\n  \"debug\": true,\n  \"path\": \"/etc/wireguard\",\n  \"private_key\": \"XXXXXXXXXX\",\n  \"listen_port\": 12345,\n  \"interfaces\": [\n    \"eth0\",\n    \"eth1\"\n  ],\n  \"peers\": [\n    {\n      \"identifier\": \"john.doe1@rainbow\",\n      \"addresses\": [\n        \"192.168.20.1\"\n      ],\n      \"public_key\": \"YYYYYYYYYY\",\n      \"group\": \"xpto\"\n    },\n    {\n      \"identifier\": \"john.doe2@rainbow\",\n      \"addresses\": [\n        \"192.168.20.3\"\n      ],\n      \"public_key\": \"HHHHHHHHHHH\",\n      \"group\": \"admin\"\n    }\n  ],\n  \"groups\": [\n    {\n      \"name\": \"admin\",\n      \"destinations\": [\n        \"tcp://192.168.1.1:80\",\n        \"tcp://192.168.1.1:443\"\n      ]\n    },\n    {\n      \"name\": \"admin2\",\n      \"destinations\": [\n        \"tcp://192.168.1.10:443\",\n        \"tcp://192.168.1.2:22\",\n        \"tcp://192.168.1.4:22\"\n      ]\n    },\n    {\n      \"name\": \"xpto\",\n      \"destinations\": [\n        \"tcp://192.168.1.2:22\"\n      ]\n    }\n  ]\n}\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapocas%2Fwireguarode","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fapocas%2Fwireguarode","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapocas%2Fwireguarode/lists"}