Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mattzque/wgpull
Lighthouse for Wireguard Mesh Networks
https://github.com/mattzque/wgpull
Last synced: about 1 month ago
JSON representation
Lighthouse for Wireguard Mesh Networks
- Host: GitHub
- URL: https://github.com/mattzque/wgpull
- Owner: mattzque
- License: mit
- Created: 2023-07-05T17:13:49.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-08-11T17:34:04.000Z (5 months ago)
- Last Synced: 2024-08-12T13:07:14.701Z (4 months ago)
- Language: Rust
- Size: 193 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Wireguard Lighthouse System
wgpull is a wireguard configuration management system for small mesh networks based on a
central lighthouse and node architecture. Nodes will periodically poll the lighthouse,
sending their own configuration and receiving a list of peers to configure.
Wireguard private, public and pre-shared keys are transparently configured, private
and public keys are generated by the nodes, the pre-shared keys are generated by
the lighthouse.Right now this only supports nodes that either run Linux with systemd-networkd
or OpenWRT with UCI, but more backends should be easy to add.It is written in Rust, using gotham as a web server and ureq as a HTTP client
among some other crates.## Rationale
The main purpose of wgpull is to make it easier to add, remove, configure and
monitor small wireguard networks, which can be cumbersome in a fully connected /
mesh network where every node is connected to every other node. I previously
used ansible to distribute the configuration, but I found this to be slow and
error prone, now if a node configuration changes or is added I only have to
configure a single node with ansible, not all nodes on the network.## Features:
* automatic configuration orchestration of wireguard mesh network setups
* transparent private, public and pre-shared key configuration and revocation[^1]
* metrics aggregation with a prometheus export endpoint
* configuration backends:
* `systemd`: Linux with wireguard and systemd-networkd (tested on Ubuntu 20.04 / 23.04)
* `uci`: OpenWRT with wireguard and UCI (prebuild package for armv7 / tested on TurrisOS 6.3.3)[^1] Key revocation will cause some down time until all the new keys are discovered (disabled by default)
## Installation
tbd. I will add some more details once I've tested it a bit more in production.