example-provisioner | ||
example-systemd | ||
.gitignore | ||
README.md | ||
wireguard-inject.sh |
wireguard-inject
Provisioning wireguard tunnels between a host and namespaces can be tricky, particularly if the namespaces are dynamically created as when using containers.
wireguard-inject is a small shell script which can create and inject wireguard interfaces in to a namespace using a configuration directory and helper provisioning script.
The provisioning script includes a number of functions to identify actual and required tunnels, together with functions to add and remove tunnels appropriately. As such, the script can be used with arbirary configuration sources or namespace configurations.
The script is intended to run via a systemd path unit so that config changes are picked up immediately, and via a timer unit to validate the actual configuration on a periodic basis (for example, in case the namespace is re-created or a temporary error occurs)