Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mattzque/wgpull

Lighthouse for Wireguard Mesh Networks
https://github.com/mattzque/wgpull

Last synced: about 1 month ago
JSON representation

Lighthouse for Wireguard Mesh Networks

Awesome Lists containing this project

README

        

# Wireguard Lighthouse System

wgpull is a wireguard configuration management system for small mesh networks based on a
central lighthouse and node architecture. Nodes will periodically poll the lighthouse,
sending their own configuration and receiving a list of peers to configure.
Wireguard private, public and pre-shared keys are transparently configured, private
and public keys are generated by the nodes, the pre-shared keys are generated by
the lighthouse.

Right now this only supports nodes that either run Linux with systemd-networkd
or OpenWRT with UCI, but more backends should be easy to add.

It is written in Rust, using gotham as a web server and ureq as a HTTP client
among some other crates.

## Rationale

The main purpose of wgpull is to make it easier to add, remove, configure and
monitor small wireguard networks, which can be cumbersome in a fully connected /
mesh network where every node is connected to every other node. I previously
used ansible to distribute the configuration, but I found this to be slow and
error prone, now if a node configuration changes or is added I only have to
configure a single node with ansible, not all nodes on the network.

## Features:

* automatic configuration orchestration of wireguard mesh network setups
* transparent private, public and pre-shared key configuration and revocation[^1]
* metrics aggregation with a prometheus export endpoint
* configuration backends:
* `systemd`: Linux with wireguard and systemd-networkd (tested on Ubuntu 20.04 / 23.04)
* `uci`: OpenWRT with wireguard and UCI (prebuild package for armv7 / tested on TurrisOS 6.3.3)

[^1] Key revocation will cause some down time until all the new keys are discovered (disabled by default)

## Installation

tbd. I will add some more details once I've tested it a bit more in production.