https://github.com/infertux/chef-wireguard

Chef cookbook for Wireguard
https://github.com/infertux/chef-wireguard

chef chef-cookbook ruby wireguard

Last synced: about 2 months ago
JSON representation

Chef cookbook for Wireguard

• Host: GitHub
• URL: https://github.com/infertux/chef-wireguard
• Owner: infertux
• License: other
• Created: 2024-06-19T00:40:25.000Z (about 2 years ago)
• Default Branch: master
• Last Pushed: 2024-06-19T00:52:45.000Z (about 2 years ago)
• Last Synced: 2025-04-06T04:45:33.784Z (about 1 year ago)
• Topics: chef, chef-cookbook, ruby, wireguard
• Language: Ruby
• Homepage: https://supermarket.chef.io/cookbooks/wireguard
• Size: 7.81 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE

Awesome Lists containing this project

README

          
# Wireguard Chef cookbook

[![Funding](https://img.shields.io/liberapay/patrons/infertux.svg?logo=liberapay)](https://liberapay.com/infertux/donate)

[![Cookbook](https://img.shields.io/cookbook/v/wireguard.svg)](https://supermarket.getchef.com/cookbooks/wireguard)

[![Build Status](https://github.com/infertux/chef-wireguard/actions/workflows/test.yml/badge.svg)](https://github.com/infertux/chef-wireguard/actions)

## Example usage

Let's assume a server listening on a static public address [2001:1:2:3::cafe] on UDP port 51820

and with a Wireguard private address [fc00::42:1].

Let's assume a client assigned with a dynamic public IP address

and with a Wireguard private address [fc00::42:2].

### Server

Add `wireguard::server` to the run list with the following attributes:

```ruby

default['wireguard']['server'] = {

  address: %w(fc00::42:1/112),

  port: 51820,

  public_key: 'SERVER_PUB_KEY',

  private_key: 'SERVER_PRIV_KEY',

  peers: { 'fc00::42:2/128': 'CLIENT_PUB_KEY' },

}

```

### Client

Add `wireguard::client` to the run list with the following attributes:

```ruby

default['wireguard']['client'] = {

  public_key: 'CLIENT_PUB_KEY',

  private_key: 'CLIENT_PRIV_KEY',

  endpoint: '[2001:1:2:3::cafe]:51820',

  address: %w(fc00::42:2/128),

}

default['wireguard']['server'] = {

  address: %w(fc00::42:1/128),

  public_key: 'SERVER_PUB_KEY',

}

```

Once server and client are both converged, you can inspect the Wireguard connection with the `wg` command and ping machines using the [fc00::42:x] addresses.

Bandwidth test using `socat`:

  - server: `dd if=/dev/zero bs=1M count=100 | socat - tcp6-listen:1234,reuseport`

  - client: `socat - tcp6:[fc00::42:1]:1234`

## License

AGPLv3+