From 10f61433a92df820c7adddf46ccc3c1e6dfc6da6 Mon Sep 17 00:00:00 2001
From: Chris Guest <chris.guest@trint.com>
Date: Mon, 18 Oct 2021 22:14:47 +0100
Subject: [PATCH 1/2] Trying to get wireguard running in a container.

---
 52_wireguard/README.md                | 67 +++++++++++++++++++++++++++
 52_wireguard/client/Dockerfile.client | 13 ++++++
 52_wireguard/client/hold.sh           | 32 +++++++++++++
 52_wireguard/client/wg0.conf          | 19 ++++++++
 52_wireguard/docker-compose.yaml      | 33 +++++++++++++
 52_wireguard/server/Dockerfile.server | 13 ++++++
 52_wireguard/server/hold.sh           | 32 +++++++++++++
 52_wireguard/server/wg0.conf          | 10 ++++
 8 files changed, 219 insertions(+)
 create mode 100644 52_wireguard/README.md
 create mode 100644 52_wireguard/client/Dockerfile.client
 create mode 100755 52_wireguard/client/hold.sh
 create mode 100644 52_wireguard/client/wg0.conf
 create mode 100644 52_wireguard/docker-compose.yaml
 create mode 100644 52_wireguard/server/Dockerfile.server
 create mode 100755 52_wireguard/server/hold.sh
 create mode 100644 52_wireguard/server/wg0.conf

diff --git a/52_wireguard/README.md b/52_wireguard/README.md
new file mode 100644
index 0000000..02ceb88
--- /dev/null
+++ b/52_wireguard/README.md
@@ -0,0 +1,67 @@
+# README
+Demonstrate how to get wireguard setup to access a private docker network
+
+## Server
+```sh
+# build and run server
+docker build -f ./server/Dockerfile.server -t wireguard-server ./server  
+docker run -it wireguard-server /bin/bash           
+
+ip addr
+cat /etc/wireguard/privatekey 
+cat /etc/wireguard/publickey 
+nano /etc/wireguard/wg0.conf 
+```
+
+## Client
+```sh
+# build and run client
+docker build -f ./client/Dockerfile.client -t wireguard-client ./client/  
+docker run -it wireguard-client /bin/bash   
+
+ip addr
+cat /etc/wireguard/privatekey 
+cat /etc/wireguard/publickey 
+nano /etc/wireguard/wg0.conf 
+```
+
+
+
+
+
+
+
+## Docker Compose App
+```sh
+docker compose up -d --build
+
+# quick test
+docker logs $(docker ps --filter name=wireguard_wgserver_1 -q)
+docker logs $(docker ps --filter name=wireguard_wgclient_1 -q) 
+```
+
+### Cleanup
+```sh
+# bring it down and delete the volume
+docker compose down --volumes
+```
+
+### Rebuild backend and run
+```sh
+# if changes are made to backend rerun
+docker compose up -d --build
+```
+
+
+
+
+# Resources 
+https://www.cyberciti.biz/faq/ubuntu-20-04-set-up-wireguard-vpn-server/
+
+https://www.docker.com/blog/introduction-to-heredocs-in-dockerfiles/
+
+
+https://github.com/wsargent/docker-cheat-sheet/blob/master/README.md
+
+
+https://www.thomas-krenn.com/en/wiki/Ubuntu_Desktop_as_WireGuard_VPN_client_configuration
\ No newline at end of file
diff --git a/52_wireguard/client/Dockerfile.client b/52_wireguard/client/Dockerfile.client
new file mode 100644
index 0000000..ea09d20
--- /dev/null
+++ b/52_wireguard/client/Dockerfile.client
@@ -0,0 +1,13 @@
+FROM ubuntu:20.04
+
+RUN apt-get update && apt-get install wireguard nano -y 
+RUN apt-get install curl lsof iproute2 nmap iputils-ping -y
+
+WORKDIR /etc/wireguard
+COPY wg0.conf ./wg0.conf
+RUN umask 077; wg genkey | tee privatekey | wg pubkey > publickey
+
+WORKDIR /scratch
+COPY hold.sh .
+
+CMD [ "/bin/bash", "-c", "/scratch/hold.sh" ]
diff --git a/52_wireguard/client/hold.sh b/52_wireguard/client/hold.sh
new file mode 100755
index 0000000..89dc65e
--- /dev/null
+++ b/52_wireguard/client/hold.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+echo "Holding..."
+
+function trap_hup_handler() {
+    echo "SIGHUP handler exiting"
+    exit $(( 128 + 1 ))
+}
+function trap_int_handler() {
+    echo "SIGINT handler exiting"
+    exit $(( 128 + 2 ))
+}
+function trap_quit_handler() {
+    echo "SIGQUIT handler exiting"
+    exit $(( 128 + 3 ))
+}
+function trap_term_handler() {
+    echo "SIGTERM handler exiting"
+    exit $(( 128 + 15 ))
+}
+
+trap trap_hup_handler SIGHUP
+trap trap_int_handler SIGINT
+trap trap_quit_handler SIGQUIT
+trap trap_term_handler SIGTERM
+
+while true
+do
+    echo "."
+    sleep 10
+done
+
diff --git a/52_wireguard/client/wg0.conf b/52_wireguard/client/wg0.conf
new file mode 100644
index 0000000..4fbd4ba
--- /dev/null
+++ b/52_wireguard/client/wg0.conf
@@ -0,0 +1,19 @@
+[Interface]
+## This Desktop/client's private key ##
+PrivateKey = uJPzgCQ6WNlAUp3s5rabE/EVt1qYh3Ym01sx6oJI0V4=
+ 
+## Client ip address ##
+Address = 192.168.6.2/24
+ 
+[Peer]
+## Ubuntu 20.04 server public key ##
+PublicKey = qdjdqh2+N3DEMDUDRob8K3b+9BZFJbT59f+rBrl99zM
+ 
+## set ACL ##
+AllowedIPs = 192.168.6.0/24
+ 
+## Your Ubuntu 20.04 LTS server's public IPv4/IPv6 address and port ##
+Endpoint = 172.105.112.120:41194
+ 
+##  Key connection alive ##
+PersistentKeepalive = 15
\ No newline at end of file
diff --git a/52_wireguard/docker-compose.yaml b/52_wireguard/docker-compose.yaml
new file mode 100644
index 0000000..8c587f1
--- /dev/null
+++ b/52_wireguard/docker-compose.yaml
@@ -0,0 +1,33 @@
+services:
+    internalnginx:
+        image: nginx:1.21.1
+        networks:
+            app_private_network:
+                ipv4_address: 172.16.238.64
+
+    wgserver:
+        build: 
+            context: .
+            dockerfile: ./Dockerfile.server
+        networks:
+            app_private_network:
+                ipv4_address: 172.16.238.3
+            host:
+            
+    wgclient:
+        build:
+            context: . 
+            dockerfile: ./Dockerfile.client
+        networks:
+            app_private_network:
+                ipv4_address: 172.16.238.4
+            host:
+    
+
+networks:
+    app_private_network:
+        ipam:
+        driver: default
+        config:
+            - subnet: "172.16.238.0/24"
+
diff --git a/52_wireguard/server/Dockerfile.server b/52_wireguard/server/Dockerfile.server
new file mode 100644
index 0000000..3ee6e3d
--- /dev/null
+++ b/52_wireguard/server/Dockerfile.server
@@ -0,0 +1,13 @@
+FROM ubuntu:20.04
+
+RUN apt-get update && apt-get install wireguard nano -y 
+RUN apt-get install curl lsof iproute2 nmap iputils-ping -y
+
+WORKDIR /etc/wireguard
+COPY wg0.conf ./wg0.conf
+RUN umask 077; wg genkey | tee privatekey | wg pubkey > publickey
+
+WORKDIR /scratch
+COPY hold.sh .
+
+CMD [ "/bin/bash", "-c", "/scratch/hold.sh" ]
\ No newline at end of file
diff --git a/52_wireguard/server/hold.sh b/52_wireguard/server/hold.sh
new file mode 100755
index 0000000..89dc65e
--- /dev/null
+++ b/52_wireguard/server/hold.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+echo "Holding..."
+
+function trap_hup_handler() {
+    echo "SIGHUP handler exiting"
+    exit $(( 128 + 1 ))
+}
+function trap_int_handler() {
+    echo "SIGINT handler exiting"
+    exit $(( 128 + 2 ))
+}
+function trap_quit_handler() {
+    echo "SIGQUIT handler exiting"
+    exit $(( 128 + 3 ))
+}
+function trap_term_handler() {
+    echo "SIGTERM handler exiting"
+    exit $(( 128 + 15 ))
+}
+
+trap trap_hup_handler SIGHUP
+trap trap_int_handler SIGINT
+trap trap_quit_handler SIGQUIT
+trap trap_term_handler SIGTERM
+
+while true
+do
+    echo "."
+    sleep 10
+done
+
diff --git a/52_wireguard/server/wg0.conf b/52_wireguard/server/wg0.conf
new file mode 100644
index 0000000..5eb6f37
--- /dev/null
+++ b/52_wireguard/server/wg0.conf
@@ -0,0 +1,10 @@
+## Set Up WireGuard VPN on Ubuntu By Editing/Creating wg0.conf File ##
+[Interface]
+## My VPN server private IP address ##
+Address = 192.168.6.1/24
+ 
+## My VPN server port ##
+ListenPort = 41194
+ 
+## VPN server's private key i.e. /etc/wireguard/privatekey ##
+PrivateKey = ${PRIVATEKEY}
\ No newline at end of file

From 36821655eaf7f69d1cc4c24caf2de279ac667b1a Mon Sep 17 00:00:00 2001
From: Chris Guest <chris.guest@trint.com>
Date: Sun, 20 Feb 2022 13:22:11 +0000
Subject: [PATCH 2/2] Tidy up wireguard

---
 52_wireguard/README.md | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/52_wireguard/README.md b/52_wireguard/README.md
index 02ceb88..f9db201 100644
--- a/52_wireguard/README.md
+++ b/52_wireguard/README.md
@@ -1,23 +1,31 @@
 # README
+
 Demonstrate how to get wireguard setup to access a private docker network
 
+Prebuilt
+https://www.sonicwall.com/support/knowledge-base/how-can-i-set-up-a-wireguard-tunnel-using-a-docker-container/211025104453553/
+
 ## Server
+
 ```sh
 # build and run server
 docker build -f ./server/Dockerfile.server -t wireguard-server ./server  
-docker run -it wireguard-server /bin/bash           
+docker run --rm -it --name wireguard-server -p 41194:41194 wireguard-server /bin/bash           
 
 ip addr
 cat /etc/wireguard/privatekey 
 cat /etc/wireguard/publickey 
+
+# replace ip and privatekey
 nano /etc/wireguard/wg0.conf 
 ```
 
 ## Client
+
 ```sh
 # build and run client
 docker build -f ./client/Dockerfile.client -t wireguard-client ./client/  
-docker run -it wireguard-client /bin/bash   
+docker run --rm -it wireguard-client /bin/bash   
 
 ip addr
 cat /etc/wireguard/privatekey 
@@ -64,4 +72,8 @@ https://www.docker.com/blog/introduction-to-heredocs-in-dockerfiles/
 https://github.com/wsargent/docker-cheat-sheet/blob/master/README.md
 
 
-https://www.thomas-krenn.com/en/wiki/Ubuntu_Desktop_as_WireGuard_VPN_client_configuration
\ No newline at end of file
+https://www.thomas-krenn.com/en/wiki/Ubuntu_Desktop_as_WireGuard_VPN_client_configuration
+
+
+https://www.linode.com/docs/guides/set-up-wireguard-vpn-on-ubuntu/
+