Skip to content
/ qrystal Public

Services to manage several WireGuard networks with a central configuration server.

nyiyui.ca/qrystal

License

GPL-3.0 license
2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nyiyui/qrystal

BranchesTags

Repository files navigation

Qrystal

Website/Docs / Github.com

Qrystal /kristl/ sets up several WireGuard tunnels between servers. In addition, it provides centralised configuration management. Nodes and tokens can be dynamically added (and removed, in a future version).

Installation

  1. Install Go
  2. Download the source: https://github.com/nyiyui/qrystal/archive/refs/heads/next2goal.tar.gz
  3. cd-into the source code

Installing for a Device Client

  1. make device-client gen-keys
  2. sudo make install-device
  • If you see errors such as 'user not found', make sure systemd-sysusersd has run after the Makefile ran.
  1. Edit config files at /etc/qrystal-device/ (gen-keys will be useful here!)
  2. systemctl enable --now qrystal-device-client.service

Installing for a Coordiation Server

  1. make coord-server
  2. sudo make install-coord
  • If you see errors such as 'user not found', make sure systemd-sysusersd has run after the Makefile ran.
  1. Edit config files at /etc/qrystal-coord/
  2. systemctl enable --now qrystal-coord-server.service

Contributing

Using Nix and direnv is recommended. To set up, install Nix and direnv, cd into this repo, then run direnv allow. This will setup your $PATH to have all the tools needed (and with the right versions) to develop.

Testing should be done using go test ./... for Go tests and nix flake check for NixOS tests. Note that nix flake check downloads a lot of files and is fairly slow/expensive (involves starting multiple VMs for testing).

Additionally, individual NixOS tests can be run:

# Example for running `goal` test:
nix build --print-build-logs .#checks.x86_64-linux.goal
# Run an interactive test:
nix build --print-build-logs .#checks.x86_64-linux.goal.driverInteractive && ./result/bin/nixos-test-driver
# Opens a Python REPL; run `test_script()` to run the test itself. See <https://wiki.nixos.org/wiki/NixOS_VM_tests> for details.

TODO

  • node: test node backport (in test.nix)
  • confine qrystal-node and qrystal-cs (using systemd's options)
  • configure existing interfaces without disrupting connections (as much as possible)
  • support multiple hosts
    • e.g. specify VPC network IP address first, and then public IP address
    • heuristics for a successful wg connection?
  • test all fails on host cs but after waiting a few hours, host cs works so I'll have to figure that out...
  • if azusa contains configuration for a network that isn't in config.cs.networks, warn about this (possible misconfiguration)
  • SRV records

About

Services to manage several WireGuard networks with a central configuration server.

nyiyui.ca/qrystal

Topics

wireguard

Resources

Readme

License

GPL-3.0 license
Activity

Stars

2 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases 1

v1.0.0 Latest
Aug 25, 2024

Languages