Our great sponsors
-
Netmaker
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
#!/bin/bash # -- Prerequists yum install -y wireguard-tools net-tools jq modprobe ip_tables echo 'ip_tables' >> /etc/modules # -- Install Netmaker Client wget https://github.com/gravitl/netmaker/releases/download/v0.15.2/netclient-arm64 -O /usr/sbin/netclient chmod +x /usr/sbin/netclient netclient daemon & # -- Joining Netmaker Master netclient join -t
#!/bin/bash # -- Prerequists # yum install -y wireguard-tools net-tools jq # modprobe ip_tables # echo 'ip_tables' >> /etc/modules # -- Install Docker Compose # curl -L --fail https://github.com/docker/compose/releases/download/v2.11.0/docker-compose-linux-aarch64 -o /usr/sbin/docker-compose # chmod +x /usr/sbin/docker-compose # -- Setting env variables NETMAKER_BASE_DOMAIN=$DOMAIN_NAME COREDNS_IP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p') SERVER_PUBLIC_IP=$(curl -s ifconfig.me) MASTER_KEY=$(tr -dc A-Za-z0-9 head -c 30 ; echo '') EMAIL="[email protected]" MESH_SETUP="true" VPN_SETUP="false" NUM_CLIENTS=5 echo " ----------------------------" echo " SETUP ARGUMENTS" echo " ----------------------------" echo " domain: $NETMAKER_BASE_DOMAIN" echo " email: $EMAIL" echo " coredns ip: $COREDNS_IP" echo " public ip: $SERVER_PUBLIC_IP" echo " master key: $MASTER_KEY" echo " setup mesh?: $MESH_SETUP" echo " setup vpn?: $VPN_SETUP" if [ "${VPN_SETUP}" == "true" ]; then echo " # clients: $NUM_CLIENTS" fi echo " ----------------------------" sleep 5 # -- Installation echo "setting mosquitto.conf..." wget -q -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf echo "setting docker-compose..." mkdir -p /root/dnsconfig cp /home/opc/setup/netmaker/Corefile /root/dnsconfig/ mkdir -p /root/traefik_certs mkdir -p /root/shared_certs mkdir -p /root/sqldata mkdir -p /root/mosquitto_data mkdir -p /root/mosquitto_logs cp /home/opc/setup/netmaker/docker-compose.yml /root/docker-compose.yml sed -i "s/SERVER_PUBLIC_IP/$SERVER_PUBLIC_IP/g" /root/docker-compose.yml sed -i "s/COREDNS_IP/$COREDNS_IP/g" /root/docker-compose.yml sed -i "s/REPLACE_MASTER_KEY/$MASTER_KEY/g" /root/docker-compose.yml sed -i "s/YOUR_EMAIL/$EMAIL/g" /root/docker-compose.yml echo "starting containers..." docker-compose -f /root/docker-compose.yml up -d test_connection() { echo "testing Traefik setup (please be patient, this may take 1-2 minutes)" for i in 1 2 3 4 5 6 do curlresponse=$(curl -vIs https://api-base-domain.extenssion 2>&1) if [[ "$i" == 6 ]]; then echo " Traefik is having an issue setting up certificates, please investigate (docker logs traefik)" echo " exiting..." exit 1 elif [[ "$curlresponse" == *"failed to verify the legitimacy of the server"* ]]; then echo " certificates not yet configured, retrying..." elif [[ "$curlresponse" == *"left intact"* ]]; then echo " certificates ok" break else secs=$(($i*5+10)) echo " issue establishing connection...retrying in $secs seconds..." fi sleep $secs done } set +e test_connection cat << "EOF" __ __ ______ ______ __ __ ______ __ __ ______ ______ /\ "-.\ \ /\ ___\ /\__ _\ /\ "-./ \ /\ __ \ /\ \/ / /\ ___\ /\ == \ \ \ \-. \ \ \ __\ \/_/\ \/ \ \ \-./\ \ \ \ __ \ \ \ _"-. \ \ __\ \ \ __< \ \_\\"\_\ \ \_____\ \ \_\ \ \_\ \ \_\ \ \_\ \_\ \ \_\ \_\ \ \_____\ \ \_\ \_\ \/_/ \/_/ \/_____/ \/_/ \/_/ \/_/ \/_/\/_/ \/_/\/_/ \/_____/ \/_/ /_/ EOF echo "visit https://dashboard-base-domain.extenssion to log in" sleep 7 setup_mesh() {( set -e echo "creating netmaker network (10.101.0.0/16)" curl -s -o /dev/null -d '{"addressrange":"10.101.0.0/16","netid":"netmaker"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api-base-domain.extenssion/api/networks sleep 5 echo "creating netmaker access key" curlresponse=$(curl -s -d '{"uses":99999,"name":"netmaker-key"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api-base-domain.extenssion/api/networks/netmaker/keys) ACCESS_TOKEN=$(jq -r '.accessstring' <<< ${curlresponse}) sleep 5 echo "configuring netmaker server as ingress gateway" curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api-base-domain.extenssion/api/nodes/netmaker) SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse}) curl -o /dev/null -s -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api-base-domain.extenssion/api/nodes/netmaker/$SERVER_ID/createingress sleep 5 echo "finished configuring server and network. You can now add clients." echo "" echo "For Linux, Mac, Windows, and FreeBSD:" echo " 1. Install the netclient: https://docs.netmaker.org/netclient.html#installation" echo " 2. Join the network: netclient join -t $ACCESS_TOKEN" echo "" echo "For Android and iOS clients, perform the following steps:" echo " 1. Log into UI at dashboard-base-domain.extenssion" echo " 2. Navigate to \"EXTERNAL CLIENTS\" tab" echo " 3. Select the gateway and create clients" echo " 4. Scan the QR Code from WireGuard app in iOS or Android" echo "" echo "Netmaker setup is now complete. You are ready to begin using Netmaker." )} setup_vpn() {( set -e echo "creating vpn network (10.201.0.0/16)" curl -s -o /dev/null -d '{"addressrange":"10.201.0.0/16","netid":"vpn","defaultextclientdns":"10.201.255.254"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api-base-domain.extenssion/api/networks sleep 5 echo "configuring netmaker server as vpn inlet..." curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api-base-domain.extenssion/api/nodes/vpn) SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse}) curl -s -o /dev/null -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api-base-domain.extenssion/api/nodes/vpn/$SERVER_ID/createingress echo "waiting 5 seconds for server to apply configuration..." sleep 5 echo "configuring netmaker server vpn gateway..." [ -z "$GATEWAY_IFACE" ] && GATEWAY_IFACE=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)') echo "gateway iface: $GATEWAY_IFACE" curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api-base-domain.extenssion/api/nodes/vpn) SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse}) EGRESS_JSON=$( jq -n \ --arg gw "$GATEWAY_IFACE" \ '{ranges: ["0.0.0.0/0"], interface: $gw}' ) echo "egress json: $EGRESS_JSON" curl -s -o /dev/null -X POST -d "$EGRESS_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api-base-domain.extenssion/api/nodes/vpn/$SERVER_ID/creategateway sleep 3 echo "creating client configs..." for ((a=1; a <= $NUM_CLIENTS; a++)) do CLIENT_JSON=$( jq -n \ --arg clientid "vpnclient-$a" \ '{clientid: $clientid}' ) curl -s -o /dev/null -d "$CLIENT_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api-base-domain.extenssion/api/extclients/vpn/$SERVER_ID sleep 2 done echo "finished configuring vpn server." echo "" echo "To configure clients, perform the following steps:" echo " 1. log into dashboard-base-domain.extenssion" echo " 2. Navigate to \"EXTERNAL CLIENTS\" tab" echo " 3. Download or scan a client config (vpnclient-x) to the appropriate device" echo " 4. Follow the steps for your system to configure WireGuard on the appropriate device" echo " 5. Create and delete clients as necessary. Changes to netmaker server settings require regenerating ext clients." )} if [ "${MESH_SETUP}" != "false" ]; then setup_mesh fi if [ "${VPN_SETUP}" == "true" ]; then setup_vpn fi echo "" echo "Netmaker setup is now complete. You are ready to begin using Netmaker."