From bff22cffbed3afe5eb9246d8e4e28a4106cea41b Mon Sep 17 00:00:00 2001
From: Hugo Duksis <duksis@gmail.com>
Date: Fri, 6 Dec 2019 21:49:47 +0100
Subject: [PATCH] Working implementation

---
 .circleci/config.yml | 45 +++++++++++++++++++++++++++++++++
 LICENSE              | 21 ++++++++++++++++
 README.md            | 52 ++++++++++++++++++++++++++++++++++++--
 orb.yml              | 60 ++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 176 insertions(+), 2 deletions(-)
 create mode 100644 .circleci/config.yml
 create mode 100644 LICENSE
 create mode 100644 orb.yml

diff --git a/.circleci/config.yml b/.circleci/config.yml
new file mode 100644
index 0000000..8243122
--- /dev/null
+++ b/.circleci/config.yml
@@ -0,0 +1,45 @@
+version: 2.1
+
+orbs:
+  cli: circleci/circleci-cli@0.1.4
+
+executors:
+  cibuilds:
+    docker:
+      - image: cibuilds/base:2019.06
+
+workflows:
+  main:
+    jobs:
+      - test:
+          filters:
+            tags:
+              # Simplified SemVer regex
+              only: /^\d+\.\d+\.\d+$/
+      - publish:
+          requires:
+            - test
+          filters:
+            branches:
+              ignore: /.*/
+            tags:
+              # Simplified SemVer regex
+              only: /^\d+\.\d+\.\d+$/
+          context: orb-publishing
+
+jobs:
+  test:
+    executor: cibuilds
+    steps:
+      - checkout
+      - cli/install
+      - run:
+          name: "Validate Orb config"
+          command: circleci orb validate orb.yml
+  publish:
+    executor: cli/default
+    steps:
+      - checkout
+      - run:
+          name: "Publish orb via the CircleCI CLI"
+          command: circleci orb publish orb.yml titel-media/wireguard@${CIRCLE_TAG}
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..e8ef744
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Title Media GmbH.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
index 83c3d6f..c44cb01 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,53 @@
-# wireguard-orb
+# wireguard-orb [![CircleCI Build Status](https://circleci.com/gh/titel-media/wireguard-orb.svg?style=shield "CircleCI Build Status")](https://circleci.com/gh/titel-media/wireguard-orb) [![CircleCI Orb Version](https://img.shields.io/badge/endpoint.svg?url=https://badges.circleci.io/orb/titel-media/wireguard)][reg-page] [![GitHub License](https://img.shields.io/badge/license-MIT-lightgrey.svg)](https://raw.githubusercontent.com/titel-media/wireguard-orb/master/LICENSE)
 
-> CircleCI orb for connecting to a wireguard VPN
+> CircleCI orb for connecting to a WireGuard VPN
 
+It allows you to establish a WireGuard VPN connection from within a CircleCI build job.
 
+
+## Prerequisites
+
+The following environment variables need to be set in CircleCI either directly or via a context:
+
+- WIREGUARD_CONFIG
+
+Variable has to contain a Base64 encoded WireGuard VPN config file
+
+```shell
+$ cat <<EOF | base64
+> [Interface]
+> PrivateKey = <private-key>=
+> Address = 192.0.0.1/32
+> DNS = 10.0.0.13
+>
+> [Peer]
+> PublicKey = <public-key>=
+> AllowedIPs = 0.0.0.0/0
+> Endpoint = 50.210.50.3:51820
+> EOF
+```
+
+`AllowedIPs` has to be "0.0.0.0/0" as it will be replaces of the public IP of the current job while execution.`
+
+See [CircleCI Documentation](https://circleci.com/docs/2.0/env-vars) for instructions on how you would set this up.
+
+
+## Usage
+
+Example use as well as a list of available executors, commands, and jobs are available on this orb's [registry page][reg-page].
+
+
+## Resources
+
+[CircleCI Orb Registry Page][reg-page] - The official registry page for this orb will all versions, executors, commands, and jobs described.
+[CircleCI Orb Docs](https://circleci.com/docs/2.0/orb-intro/#section=configuration) - Docs for using and creating CircleCI Orbs.
+
+
+## Contributing
+We welcome [issues](https://github.com/titel-media/wireguard-orb/issues) to and [pull requests](https://github.com/titel-media/wireguard-orb/pulls) against this repository!
+
+### Publishing
+
+New versions of this orb are published by pushing a SemVer git tag by the Community & Partner Engineering Team.
+
+[reg-page]: https://circleci.com/orbs/registry/orb/titel-media/wireguard
diff --git a/orb.yml b/orb.yml
new file mode 100644
index 0000000..b613ef6
--- /dev/null
+++ b/orb.yml
@@ -0,0 +1,60 @@
+version: 2.1
+description: WireGuard VPN client Orb
+
+executors:
+  default:
+    machine: true
+
+commands:
+  install:
+    description: "Install WireGuard VPN client"
+    steps:
+      - run:
+          name: Install WireGuard Client
+          command: |
+            sudo add-apt-repository ppa:wireguard/wireguard -y
+            sudo apt-get update
+            sudo apt-get install wireguard-dkms wireguard-tools linux-headers-$(uname -r)
+  connect:
+    description: "Connect to WireGuard VPN"
+    parameters:
+      config:
+        description: "ENV var name containing WireGuard client config file content"
+        type: env_var_name
+        default: WIREGUARD_CONFIG
+    steps:
+      - run:
+          name: Generate WireGuard VPN client config file
+          command: |
+            echo -n "${<<parameters.config>>:?}" | base64 --decode | sed "s/0.0.0.0\/0/$(curl -s https://ifconfig.me)/g" > wg0.conf
+            sudo mv wg0.conf /etc/wireguard/wg0.conf
+      - run:
+          name: Connect to VPN
+          command: |
+            sudo /bin/bash -c 'echo "nameserver 10.255.0.2" > /run/resolvconf/resolv.conf'
+            sudo wg-quick up wg0
+  disconnect:
+    description: "Disconnect from WireGuard VPN"
+    steps:
+      - run:
+          name: Connect to VPN
+          command: sudo wg-quick down wg0
+      - run:
+          name: remove WireGuard config
+          command: sudo rm /etc/wireguard/wg0.conf
+
+example:
+  secure-ping:
+    description: "Establish VPN connection and execute a command within it"
+    usage:
+      version: 2.1
+      orbs:
+        wg: titel-media/terraform@0.0.1
+      jobs:
+        ping:
+          executor: wg/default
+          steps:
+            - wg/install
+            - wg/connect
+            - run: ping -c 5 192.0.2.1
+            - wg/disconnect