wg-selfserve

Prerequisites

The tested setup is to host the service on apache, with uwsgi running the python application. Example configs for apache and uwsgi are provided in the examples/ subdirectory.

All python dependencies are listed in requirements.txt. It is recommended to run the application in a virtualenv.

Wireguard must be installed with the wg binary available in $PATH.

You will need to register the service with an oauth server, probably toker.dsv.su.se. Oauth settings are saved in config.ini along with all other settings.

Setup

• Clone the repo
• Create server keys:
  wg genkey | tee server-priv.key | wg pubkey > server-pub.key
• Create a suitable directory for user client data:
  mkdir user-data
• Set up config.ini:
  cp config.ini.example config.ini && editor config.ini
  The comments in the file should explain each option.
• Ensure the web server user can write to the work/ subdirectory:
  chown www-data work/
• Configure apache and uwsgi, see examples under examples/.
• Start apache and uwsgi
• Create a symbolic link to the wireguard server config:
  ln -s /path/to/repo/work/<tunnel-id>.conf /etc/wireguard/
• Activate the wg-quick systemd unit:
  systemctl enable wg-quick@<tunnel-id>.service
• Start the wg-quick systemd unit:
  systemctl start wg-quick@<tunnel-id>.service