Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/firezone/wireguardex

Configure WireGuard® interfaces in Elixir using Rust NIFs.
https://github.com/firezone/wireguardex

elixir erlang hexpm nif rust wireguard

Last synced: 7 days ago
JSON representation

Configure WireGuard® interfaces in Elixir using Rust NIFs.

Host: GitHub
URL: https://github.com/firezone/wireguardex
Owner: firezone
License: apache-2.0
Created: 2022-05-25T17:09:01.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2023-10-24T12:31:47.000Z (about 1 year ago)
Last Synced: 2024-10-30T16:58:32.425Z (13 days ago)
Topics: elixir, erlang, hexpm, nif, rust, wireguard
Language: Elixir
Homepage: https://hex.pm/packages/wireguardex
Size: 177 KB
Stars: 71
Watchers: 12
Forks: 9
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md

Awesome Lists containing this project

README

        # Wireguardex

## Overview

[![hex.pm](https://img.shields.io/hexpm/v/wireguardex.svg)](https://hex.pm/packages/wireguardex)

[![hex.pm](https://img.shields.io/hexpm/dt/wireguardex.svg)](https://hex.pm/packages/wireguardex)

[![hex.pm](https://img.shields.io/hexpm/l/wireguardex.svg)](https://hex.pm/packages/wireguardex)

Wireguardex is an Elixir library for configuring [WireGuard®](https://www.wireguard.com/) interfaces.

It is exposed as a native library via NIFs implemented in [Rust](https://rust-lang.org) using the [rustler](https://crates.io/crates/rustler) and [wireguard-control](https://docs.rs/wireguard-control/latest/wireguard_control/) crates.

Used by [Firezone](https://github.com/firezone/firezone) to manage WireGuard interfaces in Elixir.

## Getting started

Add `wireguardex` to your dependencies:

```elixir

def deps do

  [

    {:wireguardex, "~> 0.3"}

  ]

end

```

Then you can just use wireguardex to manage your wireguard interfaces:

```elixir

# Imports for cleanliness

import Wireguardex.DeviceConfigBuilder

import Wireguardex.PeerConfigBuilder

import Wireguardex, only: [set_device: 2]

interface_name = "wg0"

private_key = Wireguardex.generate_private_key()

{:ok, public_key} = Wireguardex.get_public_key(private_key)

listen_port = 58210

fwmark = 1234

:ok =

  device_config() # <-- Start configuring the devices

  # Here we set configuration for the device

  |> private_key(private_key)

  |> public_key(public_key)

  |> listen_port(listen_port)

  |> fwmark(fwmark)

  |> set_device(interface_name) # <-- This actually creates the interface

```

After creation you could also add peers:

```elixir

# Create a peer

peer =

  peer_config()

  |> public_key(public_key)

  |> preshared_key(Wireguardex.generate_preshared_key())

  |> endpoint("127.0.0.1:1234")

  |> persistent_keepalive_interval(30)

  |> allowed_ips(["255.0.0.0/24", "127.0.0.0/16"])

# Add peer to existing device

:ok = Wireguardex.add_peer(interface_name, peer)

```

And easily remove it afterwards using its public key:

```elixir

:ok = Wireguardex.remove_peer(interface_name, public_key)

```

To get information on an existing device:

```elixir

{:ok, device} = Wireguardex.get_device(interface_name)

```

Finally to delete a device:

```elixir

:ok = Wireguardex.delete_device(interface_name)

```

## Installation

The package can be installed by adding `wireguardex` to your list of dependencies

in `mix.exs`:

```elixir

def deps do

  [

    {:wireguardex, "~> 0.3"}

  ]

end

```

Wireguardex will try to download a precompiled NIF library. If you want to compile

your own NIF, you'll need to have Rust installed. The common option is to use

[Rustup](https://rustup.rs/).

To force compilation you can set the environment variable `WIREGUARDNIF_BUILD`

to `true` or `1`. Or you can set the application env to force the NIF to compile:

```elixir

config :rustler_precompiled, :force_build, wireguardex: true

```

### Note about privileges

This library creates and modifies network interfaces. If you'd like to run this library as a non-root user, we recommend adding the `CAP_NET_ADMIN` Linux capability to the Erlang VM executable:

```sh

sudo setcap 'cap_net_admin+eip' /bin/beam.smp

```

If you're using [asdf-vm](https://asdf-vm.com/) to manage dependencies you can do:

```sh

sudo setcap 'cap_net_admin+eip' $(ls -1 `asdf where erlang 24.3.4`/erts-*/bin/beam.smp)

```

This can be handy for development and testing purposes.

**Note**: This will also give `CAP_NET_ADMIN` to any other Erlang programs using this `beam.smp` executable. If this is undesired, consider using a dedicated Erlang installation or `beam.smp` executable for this library.

## Features

* Manage WireGuard interfaces

* Doesn't require a WireGuard installation

## Tests

Running the tests in this library will also require a Rust installation, as the NIF is compiled

locally before running the tests.

Follow [these](https://www.rust-lang.org/learn/get-started) instructions to install Rust.

Then you can run `mix test` as long as you have the [user privileges to create interfaces](#note-about-privileges).

### Pre-commit

We use [pre-commit](https://pre-commit.com) to catch any static analysis issues before code is

committed. Install with Homebrew: `brew install pre-commit` or pip: `pip install pre-commit`.

## Acknowledgments

"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld.