adding wireguard example

.gitignore

@@ -1 +1,2 @@
 *.tmp
+tmp

wireguard-bastion/cali-bastion.yaml

@@ -0,0 +1,10 @@
+hostname: cali-bastion
+hours: 5
+price: 20000
+location:
+  region: "California"
+ipv4: !PublishPorts [ 1337 ]
+public_ipv6: false
+vcpus: 2
+memory_mb: 2000
+disk_size_gb: 20

wireguard-bastion/cali-protected.yaml

@@ -0,0 +1,10 @@
+hostname: cali-protected
+hours: 5
+price: 20000
+location:
+  region: "California"
+ipv4: !PublishPorts [ ]
+public_ipv6: false
+vcpus: 2
+memory_mb: 2000
+disk_size_gb: 20

wireguard-bastion/create_vms.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+set -e
+export FORMAT=YAML
+
+detee-cli vm deploy --from-yaml cali-bastion.yaml > tmp/cali-bastion-install.yaml
+detee-cli vm deploy --from-yaml vanc-bastion.yaml > tmp/vanc-bastion-install.yaml
+detee-cli vm deploy --from-yaml cali-protected.yaml > tmp/cali-protected-install.yaml
+detee-cli vm deploy --from-yaml vanc-protected.yaml > tmp/vanc-protected-install.yaml

wireguard-bastion/deploy.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+set -e
+export FORMAT=YAML
+
+cali_bastion_uuid=$(grep uuid tmp/cali-bastion-install.yaml)
+cali_bastion_uuid=${cali_bastion_uuid#uuid: }
+vanc_bastion_uuid=$(grep uuid tmp/vanc-bastion-install.yaml)
+vanc_bastion_uuid=${vanc_bastion_uuid#uuid: }
+cali_protected_uuid=$(grep uuid tmp/cali-protected-install.yaml)
+cali_protected_uuid=${cali_protected_uuid#uuid: }
+vanc_protected_uuid=$(grep uuid tmp/vanc-protected-install.yaml)
+vanc_protected_uuid=${vanc_protected_uuid#uuid: }
+
+detee-cli vm inspect $cali_bastion_uuid > tmp/cali-bastion-inspect.yaml
+detee-cli vm inspect $vanc_bastion_uuid > tmp/vanc-bastion-inspect.yaml
+detee-cli vm inspect $cali_protected_uuid > tmp/cali-protected-inspect.yaml
+detee-cli vm inspect $vanc_protected_uuid > tmp/vanc-protected-inspect.yaml
+
+cali_wg_port=$(grep exposed_ports -A 2 tmp/cali-bastion-inspect.yaml | tail 1)
+cali_wg_port=${cali_wg_port#- }
+vanc_wg_port=$(grep exposed_ports -A 2 tmp/cali-bastion-inspect.yaml | tail 1)
+vanc_wg_port=${cali_wg_port#- }

wireguard-bastion/vanc-bastion.yaml

@@ -0,0 +1,10 @@
+hostname: vanc-bastion
+hours: 5
+price: 20000
+location:
+  city: "Vancouver"
+ipv4: !PublishPorts [ 1337 ]
+public_ipv6: false
+vcpus: 2
+memory_mb: 2000
+disk_size_gb: 20

wireguard-bastion/vanc-protected.yaml

@@ -0,0 +1,10 @@
+hostname: vanc-bastion
+hours: 5
+price: 20000
+location:
+  city: "Vancouver"
+ipv4: !PublishPorts [ ]
+public_ipv6: false
+vcpus: 2
+memory_mb: 2000
+disk_size_gb: 20

wireguard-bastion/wg_configs/cali-bastion-client.conf

@@ -0,0 +1,8 @@
+[Interface]
+Address = 10.200.20.21/24
+PrivateKey = CALI_BASTION_PRIVATE
+
+[Peer]
+PublicKey = CALI_BASTION_PUBLIC
+AllowedIPs = 10.200.20.0/24
+Endpoint = VANC_BASTION_IP:VANC_BASTION_PORT

wireguard-bastion/wg_configs/cali-bastion-server.conf

@@ -0,0 +1,16 @@
+[Interface]
+Address = 10.100.10.1/24
+PrivateKey = CALI_BASTION_PRIVATE
+ListenPort = 1337
+
+[Peer]
+PublicKey = CALI_PROTECTED_PUBLIC
+AllowedIPs = 10.100.10.101/24
+
+[Peer]
+PublicKey = VANC_PROTECTED_PUBLIC
+AllowedIPs = 10.100.10.201/24
+
+[Peer]
+PublicKey = VANC_BASTION_PUBLIC
+AllowedIPs = 10.100.10.21

wireguard-bastion/wg_configs/cali-protected-cali.conf

@@ -0,0 +1,8 @@
+[Interface]
+Address = 10.100.10.101/24
+PrivateKey = CALI_PROTECTED_PRIVATE
+
+[Peer]
+PublicKey = CALI_BASTION_PUBLIC
+AllowedIPs = 10.100.10.0/24
+Endpoint = CALI_BASTION_IP:CALI_BASTION_PORT

wireguard-bastion/wg_configs/cali-protected-vanc.conf

@@ -0,0 +1,8 @@
+[Interface]
+Address = 10.200.20.101/24
+PrivateKey = CALI_PROTECTED_PRIVATE
+
+[Peer]
+PublicKey = VANC_BASTION_PUBLIC
+AllowedIPs = 10.200.20.0/24
+Endpoint = VANC_BASTION_IP:VANC_BASTION_PORT

wireguard-bastion/wg_configs/vanc-bastion-client.conf

@@ -0,0 +1,8 @@
+[Interface]
+Address = 10.100.10.21/24
+PrivateKey = VANC_BASTION_PRIVATE
+
+[Peer]
+PublicKey = CALI_BASTION_PUBLIC
+AllowedIPs = 10.100.10.0/24
+Endpoint = CALI_BASTION_IP:CALI_BASTION_PORT

wireguard-bastion/wg_configs/vanc-bastion-server.conf

@@ -0,0 +1,16 @@
+[Interface]
+Address = 10.200.20.1/24
+PrivateKey = VANC_BASTION_PRIVATE
+ListenPort = 1337
+
+[Peer]
+PublicKey = CALI_PROTECTED_PUBLIC
+AllowedIPs = 10.200.20.101/24
+
+[Peer]
+PublicKey = VANC_PROTECTED_PUBLIC
+AllowedIPs = 10.200.20.201/24
+
+[Peer]
+PublicKey = CALI_BASTION_PUBLIC
+AllowedIPs = 10.200.20.21

wireguard-bastion/wg_configs/vanc-protected-cali.conf

@@ -0,0 +1,8 @@
+[Interface]
+Address = 10.100.10.201/24
+PrivateKey = VANC_PROTECTED_PRIVATE
+
+[Peer]
+PublicKey = CALI_BASTION_PUBLIC
+AllowedIPs = 10.100.10.0/24
+Endpoint = CALI_BASTION_IP:CALI_BASTION_PORT

wireguard-bastion/wg_configs/vanc-protected-vanc.conf

@@ -0,0 +1,8 @@
+[Interface]
+Address = 10.200.20.201/24
+PrivateKey = VANC_PROTECTED_PRIVATE
+
+[Peer]
+PublicKey = VANC_BASTION_PUBLIC
+AllowedIPs = 10.200.20.0/24
+Endpoint = VANC_BASTION_IP:VANC_BASTION_PORT