# wg-selfserve

## Prerequisites

The tested setup is to host the service on apache, with uwsgi running the
python application. Example configs for apache and uwsgi are provided in the
`examples/` subdirectory.

All python dependencies are listed in `requirements.txt`. It is recommended to
run the application in a virtualenv.

Wireguard must be installed with the `wg` binary available in `$PATH`.

You will need to register the service with an oauth server,
probably `toker.dsv.su.se`. Oauth settings are saved in `config.ini` along
with all other settings.

## Setup

 - Clone the repo
 - Create server keys:  
   `wg genkey | tee server-priv.key | wg pubkey > server-pub.key`
 - Create a suitable directory for user client data:  
   `mkdir user-data`
 - Set up config.ini:  
   `cp config.ini.example config.ini && editor config.ini`  
   The comments in the file should explain each option.
 - Ensure the web server user can write to the `work/` subdirectory:  
   `chown www-data work/`
 - Configure apache and uwsgi, see examples under `examples/`.
 - Start apache and uwsgi
 - Create a symbolic link to the wireguard server config:  
   `ln -s /path/to/repo/work/<tunnel-id>.conf /etc/wireguard/`
 - Activate the wg-quick systemd unit:  
   `systemctl enable wg-quick@<tunnel-id>.service`
 - Start the wg-quick systemd unit:  
   `systemctl start wg-quick@<tunnel-id>.service`