Merge pull request #8 from CloudFire-LLC/more-vagrantfile-changes

sample configs

Vagrantfile

@@ -1,12 +1,27 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
-Vagrant.configure("2") do |config|
-  config.vm.box = "hashicorp/bionic64"
+Vagrant.configure('2') do |config|
+  config.vm.box = 'ubuntu/bionic64'
 
-  config.vm.provider "virtualbox" do |vb|
-    vb.memory = "1024"
+  config.vm.provider 'virtualbox' do |vb|
+    vb.cpus = 4
+    vb.memory = '2048'
   end
 
-  config.vm.provision "shell", path: "provision_deps.sh", privileged: true
-  config.vm.provision "shell", path: "provision_runtimes.sh", privileged: false
+  # WireGuard
+  config.vm.network 'forwarded_port', guest: 51820, host: 51820, protocol: 'udp'
+
+  # App
+  config.vm.network 'forwarded_port', guest: 4000, host: 4000, protocol: 'tcp'
+
+  # Postgres, by default, this listens to 127.0.0.1 within the VM only. If you'd
+  # like to be able to access Postgres from the host, uncomment this line and configure
+  # it to listen to 0.0.0.0 within the VM.
+  # config.vm.network 'forwarded_port', guest: 5432, host: 5432, protocol: 'tcp'
+
+  config.vm.provision 'shell', path: 'provision_deps.sh', privileged: true
+  config.vm.provision 'shell', path: 'provision_configs.sh', privileged: true
+
+  # Copy WireGuard config into place
+  config.vm.provision 'file', source: 'sample_conf/wg-server.conf', destination: '/etc/wireguard/wgdev.conf'
 end

provision_deps.sh

@@ -57,7 +57,21 @@ apt-get install -y --no-install-recommends \
   unzip \
   xz-utils \
   zlib1g-dev \
+  linux-image-generic-hwe-18.04-edge \
+  linux-headers-generic-hwe-18.04-edge \
   git \
   libwxgtk3.0-dev \
-  wireguard wireguard-tools wireguard-dkms \
-  nftables
+  nftables \
+  curl \
+  ca-certificates \
+  gnupg
+
+# Install WireGuard
+apt install wireguard wireguard-tools wireguard-dkms
+
+# Install Postgres
+curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
+sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
+apt-get update
+apt-get install -y --no-install-recommends \
+  postgresql-12

sample_conf/wg-client.conf

@@ -0,0 +1,21 @@
+# CLIENT, place this in the client's config
+[Interface]
+# Generate with "wg genkey"
+PrivateKey = UBwwUjHGJzFM6dt4d20ADvTNHlIcZgFfiBgSxtTpmnI=
+
+# Same network as server above
+Address = 192.168.10.2/32
+
+# Set this to a reachable DNS server through the tunnel
+# Important: Set this properly to avoid leaking
+DNS = 1.1.1.1
+
+[Peer]
+# Server's public key
+PublicKey = MW7uvigH6bTAZf6UuuJ5wttYGU4R04RP5K/sLCJN2F8=
+
+# The IPs you want to route through the tunnel
+AllowedIPs = 0.0.0.0/0, ::/0
+
+# IP address and port of the server -- localhost if using Vagrant
+Endpoint = 127.0.0.1:51820

sample_conf/wg-server.conf

@@ -0,0 +1,21 @@
+# SERVER -- place this in /etc/wireguard/wg0.conf or similar
+[Interface]
+# Generate with "wg genkey"
+PrivateKey = 8N/cWwL0awtz/fhjexGKFXMvweAdQohTG6rWCJfh9Ek=
+
+# This should be an unused address / network
+Address = 192.168.10.1/24
+
+# UDP port to listen on
+ListenPort = 51820
+
+# These are for NAT'ing the traffic in and out of the server properly
+PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+
+[Peer]
+# PubKey of client you want to allow to connect
+PublicKey = oflqThjCEPOP/mpkfn+T+hLpKmMdmcMF2PkJmD9ILxk=
+
+# Private IP the client has configured (same network as the Address above)
+AllowedIPs = 192.168.10.2/32