I wrote a little script that creates the configuration files, and shows a QR code in the terminal to easily add new clients.
The problem I ran into is dynamic IP allocation, without extra logging, or storing the client config files after they’ve been distributed. If I want to avoid assigning a used IP, I need to know what I’ve already given out.
I mocked up a few things then decided the perfect was becoming the enemy of the good. Since I’ll only ever have a few peers, I ultimately just decided randomize the 4th octet, each time I create a new client config. Obviously, this opens me up to a potential conflict in the future (prayers to St. YAGNI for benevolence).
I suppose I could/should be pre-generating all the configs, handing one out at random, then deleting it.
This script[0] gets that part right by having a `lastip` file containing the latest assigned IP, so the script counts up for new clients. You can add a line for qrencode to the end to get the QR[1].
Yes, although it's not very configurable in a Docker environment without editing the Dockerfile yourself (hardcoded IP ranges and all that, though it does assign a new IP to each new profile you generate). You can still modify the Dockerfile if you wish to have more control over things like IP ranges and the DNS server used by clients but you'd have to rebuild the container after modifying.
You will also likely need to make some changes to your iptables and/or sysctl depending on your server config and firewall.
Nothing too shocking per se; you need to do all that with any other kind of VPN as well.
I’ve made a http json service that allocates IPs and configures WireGuard. Not sure if it can be used for this project but here it is: https://github.com/balboah/wireguard-operator
Does it handle IP assignment/configuration as well?