creating automated wireguard mesh

2025-05-26 04:11:24 +03:00 · 2025-05-26 04:11:24 +03:00 · a9441e1ad5
commit a9441e1ad5
parent ae3999d4f7
8 changed files with 153 additions and 0 deletions
--- a/surreal/README.md
+++ b/surreal/README.md
@ -0,0 +1 @@
+# WIP
--- a/surreal/create_vms.sh
+++ b/surreal/create_vms.sh
@ -0,0 +1,22 @@
+#!/bin/bash
+script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+cd $script_dir
+set -e
+export FORMAT=YAML
+mkdir -p tmp/vms
+
+for vm_config in vm_configs/*; do
+  vm_name=$(echo $vm_config | cut -d '/' -f2 | cut -d '.' -f1)
+  detee-cli vm deploy --from-yaml $vm_config > tmp/vms/${vm_name}_install.yaml &&
+    echo "The VM $vm_name got created." &
+done
+
+wait
+
+for vm_config in $(grep -r uuid: tmp/vms/ | awk '{ print $2}'); do
+  vm_id=$(echo $vm_config | cut -d '/' -f2 | cut -d '.' -f1)
+  detee-cli vm inspect $vm_id > tmp/vms/${vm_id}_inspect.yaml
+  vm_name=$(grep 'hostname: ' tmp/vms/${vm_id}_inspect.yaml |
+    awk '{ print $2 }')
+  mv tmp/vms/${vm_id}_inspect.yaml tmp/vms/${vm_name}_inspect.yaml
+done
--- a/surreal/deploy.sh
+++ b/surreal/deploy.sh
@ -0,0 +1,80 @@
+#!/bin/bash
+script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+cd $script_dir
+set -e
+export FORMAT=YAML
+mkdir -p tmp/wg
+mkdir -p tmp/logs
+
+vms=()
+
+# define VM object
+vm_count=0
+new_vm() {
+  (( vm_count++ )) || true
+  local vm_name="$1"
+  local vm_id="vm$vm_count"
+
+  local vm_install_data="tmp/vms/${vm_name}_install.yaml"
+  local vm_inspect_data="tmp/vms/${vm_name}_inspect.yaml"
+
+  vm_node_ip=$(grep 'ip: ' $vm_install_data | awk '{ print $2 }')
+  vm_port=$(grep 'port: ' $vm_install_data | cut -d "'" -f2)
+  wg_privkey=$(wg genkey)
+  wg_pubkey=$(echo $wg_privkey | wg pubkey)
+
+  declare -gA "$vm_id"
+  eval "$vm_id[id]=$vm_count"
+  eval "$vm_id[name]=$vm_name"
+  eval "$vm_id[port]=$vm_port"
+  eval "$vm_id[node_ip]=$vm_node_ip"
+  eval "$vm_id[private_ip]=10.254.254.$vm_count"
+  eval "$vm_id[wg_priv]=$wg_privkey"
+  eval "$vm_id[wg_pub]=$wg_pubkey"
+
+  vms+=("$vm_id")
+}
+
+# loops over all VMs
+for vm_install_file in tmp/vms/*_install.yaml; do
+  vm_name=$(echo $vm_install_file | cut -d '/' -f3 | cut -d '_' -f1)
+  new_vm $vm_name
+done
+
+# loops over all VMs in array
+for main_vm_loop in "${vms[@]}"; do
+  declare -n main_vm_ref="$main_vm_loop"
+  wg_file="tmp/wg/${main_vm_ref[name]}.ini"
+  {
+    echo "[Interface]"
+    echo "Address = "${main_vm_ref[private_ip]}" "
+    echo "PrivateKey = "${main_vm_ref[wg_priv]}" "
+    echo "ListenPort = 1337"
+  } > ${wg_file}
+
+  for inner_vm_loop in "${vms[@]}"; do
+    declare -n inner_vm_ref="$inner_vm_loop"
+    [[ "${inner_vm_ref[id]}" == "${main_vm_ref[id]}" ]] && continue
+    {
+      echo
+      echo "[Peer]"
+      echo "PublicKey = ${inner_vm_ref[wg_pub]}"
+      echo "Endpoint = ${inner_vm_ref[node_ip]}:${inner_vm_ref[port]}"
+      echo "AllowedIPs = ${inner_vm_ref[private_ip]}"
+      echo "PersistentKeepalive = 25"
+    } >> ${wg_file}
+  done
+  echo WireGuard config written to ${wg_file}
+
+  ssh="ssh -p ${main_vm_ref[port]} root@${main_vm_ref[node_ip]}"
+  $ssh pacman -Syu --noconfirm > tmp/logs/${main_vm_ref[name]}.log 2>&1
+  $ssh pacman -S wireguard-tools --needed --noconfirm >> tmp/logs/${main_vm_ref[name]}.log 2>&1
+  echo Packages installed for ${main_vm_ref[name]}
+
+  # TODO: make this reboot persistant
+  $ssh sysctl -w net.ipv4.conf.all.forwarding=1 > /dev/null
+  cat ${wg_file} | $ssh tee /etc/wireguard/brain.conf > /dev/null
+  $ssh wg-quick down brain >> tmp/logs/${main_vm_ref[name]}.log 2>&1 || true
+  $ssh wg-quick up brain >> tmp/logs/${main_vm_ref[name]}.log 2>&1 || true
+  echo WireGuard started on ${main_vm_ref[name]}
+done
--- a/surreal/vm_configs/brain-1.yaml
+++ b/surreal/vm_configs/brain-1.yaml
@ -0,0 +1,10 @@
+hostname: brain-1
+hours: 700
+price: 20000
+location:
+  country: "FR"
+ipv4: !PublishPorts [ 1337 ]
+public_ipv6: false
+vcpus: 4
+memory_mb: 8000
+disk_size_gb: 60
--- a/surreal/vm_configs/brain-2.yaml
+++ b/surreal/vm_configs/brain-2.yaml
@ -0,0 +1,10 @@
+hostname: brain-2
+hours: 700
+price: 20000
+location:
+  country: "GB"
+ipv4: !PublishPorts [ 1337 ]
+public_ipv6: false
+vcpus: 4
+memory_mb: 8000
+disk_size_gb: 60
--- a/surreal/vm_configs/brain-3.yaml
+++ b/surreal/vm_configs/brain-3.yaml
@ -0,0 +1,10 @@
+hostname: brain-3
+hours: 700
+price: 20000
+location:
+  country: "US"
+ipv4: !PublishPorts [ 1337 ]
+public_ipv6: false
+vcpus: 4
+memory_mb: 8000
+disk_size_gb: 60
--- a/surreal/vm_configs/brain-bastion.yaml
+++ b/surreal/vm_configs/brain-bastion.yaml
@ -0,0 +1,10 @@
+hostname: brain-bastion
+hours: 700
+price: 20000
+location:
+  country: "FR"
+ipv4: !PublishPorts [ 1337 ]
+public_ipv6: false
+vcpus: 4
+memory_mb: 8000
+disk_size_gb: 60
--- a/surreal/vm_configs/brain-mon.yaml
+++ b/surreal/vm_configs/brain-mon.yaml
@ -0,0 +1,10 @@
+hostname: brain-mon
+hours: 700
+price: 20000
+location:
+  country: "US"
+ipv4: !PublishPorts [ 1337 ]
+public_ipv6: false
+vcpus: 4
+memory_mb: 8000
+disk_size_gb: 60