diff --git a/surreal/README.md b/surreal/README.md new file mode 100644 index 0000000..85e6ff1 --- /dev/null +++ b/surreal/README.md @@ -0,0 +1 @@ +# WIP diff --git a/surreal/create_vms.sh b/surreal/create_vms.sh new file mode 100755 index 0000000..e4d140e --- /dev/null +++ b/surreal/create_vms.sh @@ -0,0 +1,22 @@ +#!/bin/bash +script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +cd $script_dir +set -e +export FORMAT=YAML +mkdir -p tmp/vms + +for vm_config in vm_configs/*; do + vm_name=$(echo $vm_config | cut -d '/' -f2 | cut -d '.' -f1) + detee-cli vm deploy --from-yaml $vm_config > tmp/vms/${vm_name}_install.yaml && + echo "The VM $vm_name got created." & +done + +wait + +for vm_config in $(grep -r uuid: tmp/vms/ | awk '{ print $2}'); do + vm_id=$(echo $vm_config | cut -d '/' -f2 | cut -d '.' -f1) + detee-cli vm inspect $vm_id > tmp/vms/${vm_id}_inspect.yaml + vm_name=$(grep 'hostname: ' tmp/vms/${vm_id}_inspect.yaml | + awk '{ print $2 }') + mv tmp/vms/${vm_id}_inspect.yaml tmp/vms/${vm_name}_inspect.yaml +done diff --git a/surreal/setup_wg_mesh.sh b/surreal/setup_wg_mesh.sh new file mode 100755 index 0000000..20aaba7 --- /dev/null +++ b/surreal/setup_wg_mesh.sh @@ -0,0 +1,82 @@ +#!/bin/bash +script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +cd $script_dir +set -e +export FORMAT=YAML +mkdir -p tmp/wg +mkdir -p tmp/logs + +vms=() + +# define VM object +vm_count=0 +new_vm() { + (( vm_count++ )) || true + local vm_name="$1" + local vm_id="vm$vm_count" + + local vm_install_data="tmp/vms/${vm_name}_install.yaml" + local vm_inspect_data="tmp/vms/${vm_name}_inspect.yaml" + + vm_node_ip=$(grep 'ip: ' $vm_install_data | awk '{ print $2 }') + vm_ssh_port=$(grep exposed_ports -A 1 $vm_inspect_data | tail -1 | grep -oE "[0-9]*") + vm_wg_port=$(grep exposed_ports -A 2 $vm_inspect_data | tail -1 | grep -oE "[0-9]*") + wg_privkey=$(wg genkey) + wg_pubkey=$(echo $wg_privkey | wg pubkey) + + declare -gA "$vm_id" + eval "$vm_id[id]=$vm_count" + eval "$vm_id[name]=$vm_name" + eval "$vm_id[ssh_port]=$vm_ssh_port" + eval "$vm_id[wg_port]=$vm_wg_port" + eval "$vm_id[node_ip]=$vm_node_ip" + eval "$vm_id[private_ip]=10.254.254.$vm_count" + eval "$vm_id[wg_priv]=$wg_privkey" + eval "$vm_id[wg_pub]=$wg_pubkey" + + vms+=("$vm_id") +} + +# loops over all VMs +for vm_install_file in tmp/vms/*_install.yaml; do + vm_name=$(echo $vm_install_file | cut -d '/' -f3 | cut -d '_' -f1) + new_vm $vm_name +done + +# loops over all VMs in array +for main_vm_loop in "${vms[@]}"; do + declare -n main_vm_ref="$main_vm_loop" + wg_file="tmp/wg/${main_vm_ref[name]}.ini" + { + echo "[Interface]" + echo "Address = "${main_vm_ref[private_ip]}" " + echo "PrivateKey = "${main_vm_ref[wg_priv]}" " + echo "ListenPort = 1337" + } > ${wg_file} + + for inner_vm_loop in "${vms[@]}"; do + declare -n inner_vm_ref="$inner_vm_loop" + [[ "${inner_vm_ref[id]}" == "${main_vm_ref[id]}" ]] && continue + { + echo + echo "[Peer]" + echo "PublicKey = ${inner_vm_ref[wg_pub]}" + echo "Endpoint = ${inner_vm_ref[node_ip]}:${inner_vm_ref[wg_port]}" + echo "AllowedIPs = ${inner_vm_ref[private_ip]}" + echo "PersistentKeepalive = 25" + } >> ${wg_file} + done + echo WireGuard config written to ${wg_file} + + ssh="ssh -p ${main_vm_ref[ssh_port]} root@${main_vm_ref[node_ip]}" + $ssh pacman -Syu --noconfirm > tmp/logs/${main_vm_ref[name]}.log 2>&1 + $ssh pacman -S wireguard-tools --needed --noconfirm >> tmp/logs/${main_vm_ref[name]}.log 2>&1 + echo Packages installed for ${main_vm_ref[name]} + + # TODO: make this reboot persistant + $ssh sysctl -w net.ipv4.conf.all.forwarding=1 > /dev/null + cat ${wg_file} | $ssh tee /etc/wireguard/brain.conf > /dev/null + $ssh wg-quick down brain >> tmp/logs/${main_vm_ref[name]}.log 2>&1 || true + $ssh wg-quick up brain >> tmp/logs/${main_vm_ref[name]}.log 2>&1 || true + echo WireGuard started on ${main_vm_ref[name]} +done diff --git a/surreal/vm_configs/brain-1.yaml b/surreal/vm_configs/brain-1.yaml new file mode 100644 index 0000000..db577eb --- /dev/null +++ b/surreal/vm_configs/brain-1.yaml @@ -0,0 +1,10 @@ +hostname: brain-1 +hours: 700 +price: 20000 +location: + country: "FR" +ipv4: !PublishPorts [ 1337 ] +public_ipv6: false +vcpus: 4 +memory_mb: 8000 +disk_size_gb: 60 diff --git a/surreal/vm_configs/brain-2.yaml b/surreal/vm_configs/brain-2.yaml new file mode 100644 index 0000000..5f6402d --- /dev/null +++ b/surreal/vm_configs/brain-2.yaml @@ -0,0 +1,10 @@ +hostname: brain-2 +hours: 700 +price: 20000 +location: + country: "GB" +ipv4: !PublishPorts [ 1337 ] +public_ipv6: false +vcpus: 4 +memory_mb: 8000 +disk_size_gb: 60 diff --git a/surreal/vm_configs/brain-3.yaml b/surreal/vm_configs/brain-3.yaml new file mode 100644 index 0000000..6c92e86 --- /dev/null +++ b/surreal/vm_configs/brain-3.yaml @@ -0,0 +1,10 @@ +hostname: brain-3 +hours: 700 +price: 20000 +location: + country: "US" +ipv4: !PublishPorts [ 1337 ] +public_ipv6: false +vcpus: 4 +memory_mb: 8000 +disk_size_gb: 60 diff --git a/surreal/vm_configs/brain-bastion.yaml b/surreal/vm_configs/brain-bastion.yaml new file mode 100644 index 0000000..bc2e74a --- /dev/null +++ b/surreal/vm_configs/brain-bastion.yaml @@ -0,0 +1,10 @@ +hostname: brain-bastion +hours: 700 +price: 20000 +location: + country: "FR" +ipv4: !PublishPorts [ 1337 ] +public_ipv6: false +vcpus: 4 +memory_mb: 8000 +disk_size_gb: 60 diff --git a/surreal/vm_configs/brain-mon.yaml b/surreal/vm_configs/brain-mon.yaml new file mode 100644 index 0000000..6c5bde4 --- /dev/null +++ b/surreal/vm_configs/brain-mon.yaml @@ -0,0 +1,10 @@ +hostname: brain-mon +hours: 700 +price: 20000 +location: + country: "US" +ipv4: !PublishPorts [ 1337 ] +public_ipv6: false +vcpus: 4 +memory_mb: 8000 +disk_size_gb: 60