search

Place1 / wg-access-server

An all-in-one WireGuard VPN solution with a web ui for connecting devices
MIT License
1.77k stars 223 forks source link

feature request: postgres #35

Closed halkeye closed 4 years ago

halkeye commented 4 years ago

This one won't be as detailed as I'm on the phone.

Use case: I don't like persistent volumes in k8s. More things to backup. My postgres instance is already backed up and maintained.

I see there's already storage contracts which is ❤️ , so just add another for postgres

halkeye commented 4 years ago

I'm on board doing the work, just want the idea vetted

Place1 commented 4 years ago

yeah this is an awesome idea.

i'd love to see a ./internal/storage/sql.go implementation. it might be possible to support all of postgresql, sqlite and mysql using the standard library or sqlx.

i'd happily review, test and accept a PR for this :D

halkeye commented 4 years ago

Awesome. I can be lazy and reuse lots of https://github.com/XanderStrike/goplaxt/blob/master/lib/store/postgresql.go

I'll try to have a pr for you tomorrow (I think your opposite of me in ru timezone)

Place1 commented 4 years ago

this is now in 0.2.1

kolesaev commented 2 years ago

Hi, i see there is the migrating manual https://place1.github.io/wg-access-server/3-storage/#example-file-to-sqlite3 Is there a way to deploy it with postgres backend via Helm chart? I deploy it with Terraform 

resource "helm_release" "wireguard" {
  name             = "wireguard"
  repository       = "https://place1.github.io/wg-access-server"
  chart            = "wg-access-server"
  version          = "v0.4.6"
  namespace        = "vpn-wireguard"
  create_namespace = false
  recreate_pods    = false
  force_update     = false 

  values = [
    <<EOF

config:
  loglevel: info
  externalHost: "vpn.${var.dns_zone}"
  wireguard:
    externalHost: "vpn.${var.dns_zone}"
  vpn:
    cidr: 192.168.48.0/24
    allowedIPs: 
      - ${var.vpc_cidr[0]}
      - ${var.vpc_cidr[1]}
  dns:
    enabled: true

web:
  config:
    adminUsername: "admin"
    adminPassword: "${random_password.wg_pass.result}"
  service:
    type: ClusterIP

wireguard:
  config:
    privateKey: "${random_id.prv_key.b64_std}"
  service:
    type: ClusterIP
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
      service.beta.kubernetes.io/aws-load-balancer-type: nlb
      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'

persistence:
  enabled: false

ingress:
  enabled: true
  annotations:
    kubernetes.io/ingress.class: "nginx"
    kubernetes.io/tls-acme: "true"
    acme.cert-manager.io/http01-edit-in-place: "true"
    cert-manager.io/cluster-issuer: "${var.acme_issuer}"
  hosts:
    - vpn-admin.${var.dns_zone}
  tls:
    - secretName: tls-key-wireguard-web
      hosts:
        - vpn-admin.${var.dns_zone}

nameOverride: "wireguard"

fullnameOverride: "wireguard"

imagePullSecrets: []

image:
  repository: place1/wg-access-server
  pullPolicy: IfNotPresent

# multiple replicas is only supported when using
# a supported highly-available storage backend (i.e. postgresql)
replicas: 1

strategy: {}
  # the deployment strategy type will default to "Recreate" when persistence is enabled
  # or "RollingUpdate" when persistence is not enabled.
  # type: Recreate

resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi

nodeSelector: {}

tolerations: []

affinity: {}

EOF
    ,
  ]

  depends_on = [
    kubernetes_namespace.vpn,
    random_password.wg_pass
  ]
}
kolesaev commented 2 years ago

Hello @Place1 Hello @halkeye

Can anybody say if adding into Helm chart's deployment template env block the following code, will it give us an ability to deploy Helms with different storage backends?

            {{- if .Values.wireguard.config.storage}}
            - name: WG_STORAGE
              valueFrom:
                secretKeyRef:
                  name: "{{ $fullName }}"
                  key: storage
            {{- end }}

If it might be a solution, could you please implement it?

halkeye commented 2 years ago

I recommend you making a PR to the fork - https://github.com/freifunkMUC/wg-access-server place1 version isn't really updated anymore.

kolesaev commented 2 years ago

I recommend you making a PR to the fork - https://github.com/freifunkMUC/wg-access-server place1 version isn't really updated anymore.

Thanks. Fortunately there is already included. https://github.com/freifunkMUC/wg-access-server-chart/blob/main/charts/wg-access-server/values.yaml