
Wireguard VPN Administrator

Primary LanguageGo

Wireguard Admin

Build Status

Wireguard Admin allows managing servers and peers easily.

Terraform Bootstrap

Check the instruction in ./terraform/platforms/gcp/README.md

Configure the WebApp

You'll need to configure a Oauth Client ID in order to run the admin webapp. If you already have a project follow the steps below to get all the necessary credentials to run the webapp.

Configure the Oauth Consent Screen

  1. Go to https://console.cloud.google.com/apis/credentials/consent?createClient=&project=<project_id>
  2. Select External User Type and click on create
  3. On Oauth consent screen, select Public Application Type
  4. Choose an Application Name
  5. Put the domain name which will host the wgadmin webapp

Add an Oauth Client ID

  1. Go to https://console.cloud.google.com/apis/credentials?project=<project_id>
  2. Click New Credentials, then select OAuth client ID.
  3. Select Web Application and fill the name of the app
  4. Add the origin and redirect uri using the same address
  5. Save it and copy the client id and the client secret

Create an service account

gcloud iam service-accounts create $SERVICEACCOUNT \
    --description "Wgadmin Webapp" \
    --display-name "wgadmin webapp" \
    --project $PROJECT_ID
gcloud projects add-iam-policy-binding $PROJECT_ID \
  --member serviceAccount:$SERVICEACCOUNT@$PROJECT_ID.iam.gserviceaccount.com \
  --role roles/storage.admin \
  --project $PROJECT_ID

WARNING: Make sure to run the server with TLS!

Deploy the WebApp

kubectl create ns $NAMESPACE
kubectl create secret -n $NAMESPACE generic tls-ssl-wgadm \
    --from-file=tls-cert=path/to/tls-cert.pem \
# Create a service account with Storage Admin role
kubectl create secret -n $NAMESPACE generic google-credentials \
cat - >webapp-config.yml <<EOF
httpPort: '8000'
- acme.tld
- gmail.com
  faviconURL: null
  googleClientID: $GOOGLE_CLIENT_ID
  googleRedirectURI: https://acme.tld
tlsKeyFile: /etc/ssl/custom-certs/tls-cert-key.pem
tlsCertFile: /etc/ssl/custom-certs/tls-cert.pem
googleApplicationCredentials: /var/run/secrets/google/serviceaccount
gcsBucketName: $GCS_BUCKET_NAME
kubectl create secret -n $NAMESPACE generic webapp-config --from-file=config.yaml=./webapp-config.yml
kubectl apply -f deploy/webapp/all.yml
