RecycledCloud/vpigo
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
51 commits 1 branch 1 tag 2.1 MiB
  • Go 93.7%
  • Shell 5.2%
  • Makefile 1.1%
Find a file
Exact
langonnet 9aefee47f3
 feat(api): On create endpoint, handle SQL error UNIQUE constraint as 409
2026-04-14 12:41:07 +02:00
.forgejo/workflows feat(build): add makefile and ci 2026-04-02 15:18:48 +02:00
cmd feat(api): On create endpoint, handle SQL error UNIQUE constraint as 409 2026-04-14 12:41:07 +02:00
deb test(build): point to langonne instead of RecycledCloud 2026-04-02 16:08:53 +02:00
doc doc: update 2026-04-08 16:49:28 +02:00
posting refactor(type): Set correct request type 2026-04-02 14:32:57 +02:00
.gitignore chore(gitignore): add vpigo 2026-04-02 10:18:30 +02:00
go.mod refactor(config): Remove old config parsing :( for a json one. Use Validator pkg to verify structure fields 2026-04-09 13:09:23 +02:00
go.sum refactor(config): Remove old config parsing :( for a json one. Use Validator pkg to verify structure fields 2026-04-09 13:09:23 +02:00
main.go refactor(config): Remove old config parsing :( for a json one. Use Validator pkg to verify structure fields 2026-04-09 13:09:23 +02:00
Makefile feat(build): add makefile and ci 2026-04-02 15:18:48 +02:00
README.md feat(api): On create endpoint, handle SQL error UNIQUE constraint as 409 2026-04-14 12:41:07 +02:00

README.md

Vpigo

Vpigo is an API written in Go(1.26.1) that expose some endpoints that allow manage Wireguard peers on the server. Peers information are keep in a SQLite database, client private key is stored but encrypt with AES-256-GCM.

Vpigo needs Wireguard installed and must be run as root to manipulate Wireguard interface.

Endpoints

endpoint type HTTP Code result note
/create/{vpn_id} POST 201,400,409,500 wg config Return the client configuration in plaintext format
/delete/{vpn_id} DELETE 204,400,404,500 none
/enable/{vpn_id} PATCH 204,400,404,500 none
/disable/{vpn_id} PATCH 204,400,404,500 none
/config/{vpn_id} GET 200,400,404,500 wg config Return the client configuration in plaintext format

API Configuration

The configuration file is located at /etc/vpigo/vpigo.json. All keys are required.

key type description
log_level str Define log level, case insensitive. Debug|Info|Warn|Error
auth_token str Token that will be used to authenticate with the API.
aes_256_secret_key base64 A 32 bytes encoded base64 string to encode the Wireguard client private key in the database.
api_port port Port that the API will listen on.
network_ipv6 cidrv6 Network that the API will use to generate server and peers IPs.
endpoint fqdn|ip Endpoint that peers will use to connect to the Wireguard server.
wireguard_port port Port that the Wireguard server will listen on.
server_public_key_path filepath Path to the file that contains the Wireguard server public key.
database_path filepath Path to the SQLite database file.

For more details on the type used refer to the Go validator package documentation

Key Rotation

To make a rotation of the AES key, you need to stop the program, then execute the following command :
vpigo --rotate-aes-key "New32BytesKey"
If no error occurs, replace the old key in the configuration file by the new one and start the program.

Example

Example of configuration file :

{
	"log_level":"debug",
	"auth_token" : "supertoken",
	"aes_256_secret_key":"QkJCQkxDTnEzUEFENlZzWFlMPVlGQWFDaVlxbEhxSUE=",
	"api_port":8080,
	"network_ipv6":"2a0d:d9c4:c4:d::/96",
	"endpoint":"vpn.swdn.ch.recycled.cloud",
	"wireguard_port":51820,
	"server_public_key_path": "/etc/wireguard/public_key",
	"database_path":"db.db",
}

Architecture

API Design