Working on token acquisition

steilerDev · Sep 13, 2023 · a4f075d · a4f075d
1 parent dcdaee0
commit a4f075d
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 34 deletions.
diff --git a/.github/actions/helper/api-token-setup/action.yml b/.github/actions/helper/api-token-setup/action.yml
@@ -6,29 +6,29 @@ inputs:
     required: false
     default: app
   wg-endpoint: 
-    description: The endpoint of the wireguard server
+    description: The endpoint (IP and port) of the wireguard peer
     required: true
-  wg-endpoint-public-key:
-    description: The wireguard server's public key
+  wg-peer-public-key:
+    description: The wireguard peers's public key
     required: true
-  wg-address:
+  wg-local-address:
     description: The IP address to assign to the runner
     required: true
+  wg-remote-address:
+    description: The IP address of the wireguard peer
+    required: true
   wg-allowed-ips:
     description: The IPs to route through the wireguard tunnel
     required: true
   wg-private-key:
     description: The private key for the runner
     required: true
   wg-preshared-key:
-    description: The preshared key for the runner
+    description: The preshared key
     required: true
   wg-listen-port:
     description: The port to listen on
     required: true
-  wg-dns:
-    description: The dns server to use
-    required: true
 runs:
   using: composite
   steps:
@@ -51,21 +51,16 @@ runs:
       shell: bash
       run: |
         sudo mkdir -p /etc/wireguard
-        sudo rm -f /etc/wireguard/wg0.conf
-        sudo touch /etc/wireguard/wg0.conf
-        echo "[Interface]" | sudo tee -a /etc/wireguard/wg0.conf
-        echo "Address = ${{ inputs.wg-address }}" | sudo tee -a /etc/wireguard/wg0.conf
-        echo "PrivateKey = ${{ inputs.wg-private-key }}" | sudo tee -a /etc/wireguard/wg0.conf
-        echo "ListenPort = ${{ inputs.wg-listen-port }}" | sudo tee -a /etc/wireguard/wg0.conf
-        echo "" | sudo tee -a /etc/wireguard/wg0.conf
-        echo "[Peer]" | sudo tee -a /etc/wireguard/wg0.conf
-        echo "PublicKey = ${{ inputs.wg-endpoint-public-key }}" | sudo tee -a /etc/wireguard/wg0.conf
-        echo "PresharedKey = ${{ inputs.wg-preshared-key }}" | sudo tee -a /etc/wireguard/wg0.conf
-        echo "Endpoint = ${{ inputs.wg-endpoint }}" | sudo tee -a /etc/wireguard/wg0.conf
-        echo "AllowedIPs = ${{ inputs.wg-allowed-ips }}" | sudo tee -a /etc/wireguard/wg0.conf
+        sudo apt install wireguard
+
+        echo "${{ inputs.wg-private-key }}" > private.key
+        echo "${{ inputs.wg-preshared-key }}" > preshared.key
+
+        sudo ip link add dev wg0 type wireguard
+        sudo ip address add dev wg0 ${{ inputs.wg-local-address }} peer ${{ inputs.wg-remote-address }}
+        sudo wg set wg0 listen-port ${{ inputs.wg-listen-port }} private-key private.key peer ${{ inputs.wg-peer-public-key }} allowed-ips ${{ inputs.wg-allowed-ips }} preshared-key preshared.key endpoint ${{ inputs.wg-endpoint }}
     - id: start-wg
       shell: bash
       run: |
-        sudo apt install wireguard
-        sudo wg-quick up wg0
-        sudo wg
+        sudo ip link set up dev wg0
+        sudo wg show
diff --git a/.github/workflows/action_trust-token.yml b/.github/workflows/action_trust-token.yml
@@ -9,14 +9,18 @@ on:
         description: The endpoint of the wireguard server
         required: true
         type: string
-      wg-endpoint-public-key:
-        description: The wireguard server's public key
+      wg-peer-public-key:
+        description: The wireguard peer's public key
         required: true
         type: string
-      wg-address:
+      wg-local-address:
         description: The IP address to assign to the runner
         required: true
         type: string
+      wg-remote-address:
+        description: The IP address of the peer
+        required: true
+        type: string
       wg-allowed-ips:
         description: The IPs to route through the wireguard tunnel
         required: true
@@ -26,17 +30,13 @@ on:
         required: true
         type: string
       wg-preshared-key:
-        description: The preshared key for the runner
+        description: The preshared key
         required: true
         type: string
       wg-listen-port:
         description: The port to listen on
         required: true
         type: string
-      wg-dns:
-        description: The DNS server to use
-        required: true
-        type: string
 
 permissions: {}
 
@@ -52,13 +52,13 @@ jobs:
       uses: ./.github/actions/helper/api-token-setup
       with:
         wg-endpoint: ${{ inputs.wg-endpoint}}
-        wg-endpoint-public-key: ${{ inputs.wg-endpoint-public-key }}
-        wg-address: ${{ inputs.wg-address }}
+        wg-peer-public-key: ${{ inputs.wg-peer-public-key }}
+        wg-local-address: ${{ inputs.wg-local-address }}
+        wg-remote-address: ${{ inputs.wg-remote-address }}
         wg-allowed-ips: ${{ inputs.wg-allowed-ips }}
         wg-private-key: ${{ inputs.wg-private-key }}
         wg-preshared-key: ${{ inputs.wg-preshared-key }}
         wg-listen-port: ${{ inputs.wg-listen-port }}
-        wg-dns: ${{ inputs.wg-dns }}
     - name: action/api-token
       uses: ./.github/actions/helper/api-token
       with: