Merge branch 'master' into add-oidc-rule-expressions

CHANGELOG.md

@@ -13,6 +13,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - When disabled the `DNS` wireguard config value will be omitted from client wg config files
   - When disabled the DNS proxy will not be started server-side (i.e. port 53 won't be used)
 - Config options to change the web, wireguard and dns ports.
+- Better instructions for connecting a linux device ([@nfg](https://github.com/Place1/wg-access-server/pull/38))
+- More helm chart flexibility ([@halkeye](https://github.com/Place1/wg-access-server/pull/33))
 
 ### Changes
 

deploy/helm/wg-access-server/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 0.1.1
+appVersion: 0.2.0-rc3
 description: A Wireguard VPN Access Server
 name: wg-access-server
-version: 0.1.1
+version: 0.2.0-rc3

deploy/helm/wg-access-server/README.md

@@ -26,7 +26,7 @@ The command removes all the Kubernetes components associated with the chart and
 ```yaml
 config:
   wireguard:
-    externalHost: "<loadbalancer-ip>:51820"
+    externalHost: "<loadbalancer-ip>"
 wireguard:
   config:
     privateKey: "<wireguard-private-key>"

deploy/helm/wg-access-server/templates/configmap.yaml

@@ -6,6 +6,6 @@ metadata:
     {{- include "wg-access-server.labels" . | nindent 4 }}
 data:
   config.yaml: |-
-{{- if .Values.config.wireguard }}
-{{ toYaml .Values.config.wireguard | indent 4 }}
+{{- if .Values.config }}
+{{ toYaml .Values.config | indent 4 }}
 {{- end }}

deploy/helm/wg-access-server/templates/deployment.yaml

@@ -14,6 +14,8 @@ spec:
       {{- include "wg-access-server.selectorLabels" . | nindent 6 }}
   template:
     metadata:
+      annotations:
+        checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
       labels:
         {{- include "wg-access-server.selectorLabels" . | nindent 8 }}
     spec:

deploy/helm/wg-access-server/templates/service.yaml

@@ -23,7 +23,14 @@ metadata:
   name: {{ $fullName }}-wireguard
   labels:
     {{- include "wg-access-server.labels" . | nindent 4 }}
+{{- if .Values.wireguard.service.annotations }}
+  annotations:
+{{ toYaml .Values.wireguard.service.annotations | indent 4 }}
+{{- end }}
 spec:
+{{- if .Values.wireguard.service.externalTrafficPolicy }}
+  externalTrafficPolicy: {{ .Values.wireguard.service.externalTrafficPolicy }}
+{{- end }}
   type: {{ .Values.wireguard.service.type }}
 {{- if .Values.wireguard.service.loadBalancerIP }}
   loadBalancerIP: {{ .Values.wireguard.service.loadBalancerIP }}

deploy/k8s/quickstart.yaml

@@ -5,28 +5,27 @@ kind: ConfigMap
 metadata:
   name: quickstart-wg-access-server
   labels:
-    helm.sh/chart: wg-access-server-0.1.1
+    helm.sh/chart: wg-access-server-0.2.0-rc3
     app: wg-access-server
     app.kubernetes.io/name: wg-access-server
     app.kubernetes.io/instance: quickstart
-    app.kubernetes.io/version: "0.1.1"
-    app.kubernetes.io/managed-by: Tiller
+    app.kubernetes.io/version: "0.2.0-rc3"
+    app.kubernetes.io/managed-by: Helm
 data:
   config.yaml: |-
-
 ---
 # Source: wg-access-server/templates/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
   name: quickstart-wg-access-server-web
   labels:
-    helm.sh/chart: wg-access-server-0.1.1
+    helm.sh/chart: wg-access-server-0.2.0-rc3
     app: wg-access-server
     app.kubernetes.io/name: wg-access-server
     app.kubernetes.io/instance: quickstart
-    app.kubernetes.io/version: "0.1.1"
-    app.kubernetes.io/managed-by: Tiller
+    app.kubernetes.io/version: "0.2.0-rc3"
+    app.kubernetes.io/managed-by: Helm
 spec:
   type: ClusterIP
   ports:
@@ -38,20 +37,19 @@ spec:
     app: wg-access-server
     app.kubernetes.io/name: wg-access-server
     app.kubernetes.io/instance: quickstart
-
 ---
-
+# Source: wg-access-server/templates/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
   name: quickstart-wg-access-server-wireguard
   labels:
-    helm.sh/chart: wg-access-server-0.1.1
+    helm.sh/chart: wg-access-server-0.2.0-rc3
     app: wg-access-server
     app.kubernetes.io/name: wg-access-server
     app.kubernetes.io/instance: quickstart
-    app.kubernetes.io/version: "0.1.1"
-    app.kubernetes.io/managed-by: Tiller
+    app.kubernetes.io/version: "0.2.0-rc3"
+    app.kubernetes.io/managed-by: Helm
 spec:
   type: ClusterIP
   ports:
@@ -63,20 +61,19 @@ spec:
     app: wg-access-server
     app.kubernetes.io/name: wg-access-server
     app.kubernetes.io/instance: quickstart
-
 ---
 # Source: wg-access-server/templates/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: quickstart-wg-access-server
   labels:
-    helm.sh/chart: wg-access-server-0.1.1
+    helm.sh/chart: wg-access-server-0.2.0-rc3
     app: wg-access-server
     app.kubernetes.io/name: wg-access-server
     app.kubernetes.io/instance: quickstart
-    app.kubernetes.io/version: "0.1.1"
-    app.kubernetes.io/managed-by: Tiller
+    app.kubernetes.io/version: "0.2.0-rc3"
+    app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
   strategy:
@@ -88,6 +85,8 @@ spec:
       app.kubernetes.io/instance: quickstart
   template:
     metadata:
+      annotations:
+        checksum/configmap: b16e3a6d857fc6f16817d2a638febf416e055d0e5230d30ac8ba7c0d7164573c
       labels:
         app: wg-access-server
         app.kubernetes.io/name: wg-access-server
@@ -98,7 +97,7 @@ spec:
           securityContext:
             capabilities:
               add: ['NET_ADMIN']
-          image: "place1/wg-access-server:0.1.1"
+          image: "place1/wg-access-server:0.2.0-rc3"
           imagePullPolicy: IfNotPresent
           ports:
             - name: http
@@ -122,7 +121,6 @@ spec:
               port: http
           resources:
             {}
-
       volumes:
         - name: tun
           hostPath:
@@ -133,15 +131,3 @@ spec:
         - name: config
           configMap:
             name: "quickstart-wg-access-server"
-
----
-# Source: wg-access-server/templates/ingress.yaml
-
-
----
-# Source: wg-access-server/templates/pvc.yaml
-
----
-# Source: wg-access-server/templates/secret.yaml
-
-

docs/configuration.md

@@ -59,8 +59,7 @@ wireguard:
   # If this value is empty then the server will use an in-memory
   # generated key
   privateKey: ""
-  # ExternalAddress is the address that clients
-  # use to connect to the wireguard interface
+  # ExternalAddress is the address (without port) that clients use to connect to the wireguard interface
   # By default, this will be empty and the web ui
   # will use the current page's origin i.e. window.location.origin
   # Optional
@@ -140,13 +139,12 @@ auth:
     # You can create a user using "htpasswd -nB <username>"
     users: []
   oidc:
-    name: ""
-    issuer: ""
+    name: "" # anything you want
+    issuer: "" # Should point to the oidc url without .well-known
     clientID: ""
     clientSecret: ""
-    scopes: ""
-    redirectURL: ""
-    # See https://github.com/Knetic/govaluate/blob/9aa49832a739dcd78a5542ff189fb82c3e423116/MANUAL.md for how to write rules
+    scopes: null  # list of scopes, defaults to ["openid"]
+    redirectURL: "" # full url you want the oidc to redirect to, example: https://vpn-admin.example.com/finish-signin
     userClaimsRules:
       admin: "'WireguardAdmins' in group_membership"
     # Optionally restrict login to users with an allowed email domain

docs/index.yaml

@@ -1,9 +1,18 @@
 apiVersion: v1
 entries:
   wg-access-server:
+  - apiVersion: v2
+    appVersion: 0.2.0-rc3
+    created: "2020-04-18T14:37:40.292441835+10:00"
+    description: A Wireguard VPN Access Server
+    digest: 08d15d89278086c8fa4b2e1a4762bd711008f847ba0c84a3e228f859d5c15756
+    name: wg-access-server
+    urls:
+    - https://place1.github.io/wg-access-server/charts/wg-access-server-0.2.0-rc3.tgz
+    version: 0.2.0-rc3
   - apiVersion: v2
     appVersion: 0.1.1
-    created: "2020-03-31T13:53:26.656055+11:00"
+    created: "2020-04-18T14:37:40.291766163+10:00"
     description: A Wireguard VPN Access Server
     digest: 1326673b9cdbb886c6c8f922cecd63f7ef7bf9698ac3f0915d37d58497910987
     name: wg-access-server
@@ -12,7 +21,7 @@ entries:
     version: 0.1.1
   - apiVersion: v2
     appVersion: 0.1.0
-    created: "2020-03-31T13:53:26.655762+11:00"
+    created: "2020-04-18T14:37:40.288203139+10:00"
     description: A Wireguard VPN Access Server
     digest: ab366ab952e77e031e0c280b80ca0ade1960831fa87acc15a4b6232ab37ef6b3
     name: wg-access-server
@@ -21,11 +30,11 @@ entries:
     version: 0.1.0
   - apiVersion: v2
     appVersion: 0.0.9
-    created: "2020-03-31T13:53:26.655476+11:00"
+    created: "2020-04-18T14:37:40.287723382+10:00"
     description: A Wireguard VPN Access Server
     digest: e8d795290f577d5d5678619dac42e1a667407aa7128a682da30f26db9f383a1c
     name: wg-access-server
     urls:
     - https://place1.github.io/wg-access-server/charts/wg-access-server-0.0.9.tgz
     version: 0.0.9
-generated: "2020-03-31T13:53:26.654975+11:00"
+generated: "2020-04-18T14:37:40.28709738+10:00"

publish.py

@@ -21,34 +21,30 @@ def is_release_candidate(version):
 subprocess.run(['docker', 'build', '-t', docker_tag, '.'])
 
 # update the helm chart and quickstart manifest
-if not is_release_candidate(version):
-    with open('deploy/helm/wg-access-server/Chart.yaml', 'r+') as f:
-        chart = yaml.load(f)
-        chart['version'] = version
-        chart['appVersion'] = version
-        f.seek(0)
-        yaml.dump(chart, f, default_flow_style=False)
-        f.truncate()
-    with open('deploy/k8s/quickstart.yaml', 'w') as f:
-        subprocess.run(['helm', 'template', '--name-template',
-                        'quickstart', 'deploy/helm/wg-access-server/'], stdout=f)
-    subprocess.run(['helm', 'package', 'deploy/helm/wg-access-server/',
-                    '--destination', 'docs/charts/'])
-    subprocess.run(['helm', 'repo', 'index', 'docs/', '--url',
-                    'https://place1.github.io/wg-access-server'])
+with open('deploy/helm/wg-access-server/Chart.yaml', 'r+') as f:
+    chart = yaml.load(f)
+    chart['version'] = version
+    chart['appVersion'] = version
+    f.seek(0)
+    yaml.dump(chart, f, default_flow_style=False)
+    f.truncate()
+with open('deploy/k8s/quickstart.yaml', 'w') as f:
+    subprocess.run(['helm', 'template', '--name-template',
+                    'quickstart', 'deploy/helm/wg-access-server/'], stdout=f)
+subprocess.run(['helm', 'package', 'deploy/helm/wg-access-server/',
+                '--destination', 'docs/charts/'])
+subprocess.run(['helm', 'repo', 'index', 'docs/', '--url',
+                'https://place1.github.io/wg-access-server'])
 
 # update gh-pages (docs)
-if not is_release_candidate(version):
-    subprocess.run(['mkdocs', 'gh-deploy'])
+subprocess.run(['mkdocs', 'gh-deploy'])
 
 # commit changes
-if not is_release_candidate(version):
-    subprocess.run(['git', 'add', '.'])
-    subprocess.run(['git', 'commit', '-m', f'{version}'])
+subprocess.run(['git', 'add', '.'])
+subprocess.run(['git', 'commit', '-m', f'{version}'])
 
 # tag the current commit
-if not is_release_candidate(version):
-    subprocess.run(['git', 'tag', '-a', f'{version}', '-m', f'{version}'])
+subprocess.run(['git', 'tag', '-a', f'{version}', '-m', f'{version}'])
 
 # push everything
 subprocess.run(['git', 'push'])

website/src/components/GetConnected.tsx

@@ -47,7 +47,16 @@ export class GetConnected extends React.Component<Props> {
             <Grid item xs={12} sm={6}>
               <List>
                 <ListItem>
-                  <ListItemText primary="1. hmmm todo" />
+                  <ListItemText primary="1. Install WireGuard for Linux" />
+                </ListItem>
+                <ListItem>
+                  <ListItemText primary="2. Download your connection file" />
+                </ListItem>
+                <ListItem>
+                  <ListItemText
+                    primary="3. Copy it to /etc/wireguard/wg0.conf"
+                    secondary="This will allow you to use wg-quick to bring the interface up and down easily."
+                  />
                 </ListItem>
               </List>
             </Grid>