Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/miguelangel-nubla/WireGuard-CoreOS

WireGuard builds for CoreOS
https://github.com/miguelangel-nubla/WireGuard-CoreOS

coreos wireguard

Last synced: about 2 months ago
JSON representation

WireGuard builds for CoreOS

Host: GitHub
URL: https://github.com/miguelangel-nubla/WireGuard-CoreOS
Owner: miguelangel-nubla
Archived: true
Created: 2019-04-09T03:24:16.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2019-12-19T16:46:28.000Z (almost 5 years ago)
Last Synced: 2024-06-03T09:44:52.503Z (4 months ago)
Topics: coreos, wireguard
Language: Shell
Size: 14.6 KB
Stars: 18
Watchers: 2
Forks: 3
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# WireGuard builds for CoreOS
Automatically built WireGuard [torcx](https://github.com/coreos/torcx) packages for latest CoreOS releases.

Built by [Travis CI](https://travis-ci.org/miguelangel-nubla/WireGuard-CoreOS/) to the [releases page](https://github.com/miguelangel-nubla/WireGuard-CoreOS/releases) of this GitHub repository.

## Getting Started

### Via Container Linux Config and Ignition (preferred)
You can use [the example Container Linux Config](container_linux_config.yml), then [convert it]([https://github.com/coreos/container-linux-config-transpiler](https://github.com/coreos/container-linux-config-transpiler)) onto a ignition.json file and provide it to your CoreOS instances.

### Manually
* Download the torcx package for your CoreOS release from the [releases page](https://github.com/miguelangel-nubla/WireGuard-CoreOS/releases) to your torcx folder.
```
source /etc/os-release
wget https://github.com/miguelangel-nubla/WireGuard-CoreOS/releases/download/latest-all/WireGuard.CoreOS_${VERSION_ID}.torcx.tgz \
-O /var/lib/torcx/store/${VERSION_ID}/WireGuard:CoreOS_${VERSION_ID}.torcx.tgz
```
* Add a new torcx profile.
```
jq '.value.images += [{ "name": "WireGuard", "reference": "'CoreOS_${VERSION_ID}'" }]' /usr/share/torcx/profiles/vendor.json > /etc/torcx/profiles/wg.json
```
* `echo wg > /etc/torcx/next-profile`
* Reboot. WireGuard should be available in `/run/torcx/bin/wg`. Installation is done.
* After each reboot and before using wireguard you should load the required kernel modules:
```
source /run/metadata/torcx
/sbin/modprobe ip6_udp_tunnel
/sbin/modprobe udp_tunnel
/sbin/insmod ${TORCX_UNPACKDIR}/WireGuard/lib/modules/$(uname -r)/extra/wireguard.ko
```
* Load you config with `/run/torcx/bin/wg-quick`

## How to handle CoreOS updates
The `/etc/wireguard-setup` script at [the example Container Linux Config](container_linux_config.yml) will try to fetch the torcx package for the new CoreOS version.

If it fails or there are no packages available for the new version, it will fallback to try building WireGuard directly on the target machine.

## Build yourself
For Ubuntu, git clone this repo, then
```
cd WireGuard-CoreOS
sudo apt-get update
sudo apt-get install -y curl gpg2 bzip2 systemd-container dirmngr
bash run.sh
```
Packages will be at `output/`

## Notes
At the time of writing, building the latest WireGuard sources result in a Segmentation fault on most of the CoreOS developer container releases.\
The [Travis CI job](https://travis-ci.org/miguelangel-nubla/WireGuard-CoreOS/) will keep trying daily until the upstream code is fixed.

#### The tag `latest-all` on the [releases page](https://github.com/miguelangel-nubla/WireGuard-CoreOS/releases/tag/latest-all) will always have the latest WireGuard release compatible with each respective CoreOS release.

## Based on
* https://github.com/coreos/bugs/issues/2225#issuecomment-351578984
* https://github.com/nopdotcom/coreos-build-wireguard