internal ip ending

2025-04-07 11:12:16 +01:00
parent 319520c650
commit 629d19a682
4 changed files with 37 additions and 0 deletions
--- a/app/Models/Server.php
+++ b/app/Models/Server.php
@@ -25,6 +25,22 @@ class Server extends Model
        ];
    }

+    public static function boot(): void
+    {
+        parent::boot();
+
+        static::creating(function (self $server) {
+            // $server->internal_ip_ending = random_int(2, 254);
+            $existingServer = Server::whereOrganisationId($server->organisation_id)
+                ->orderByDesc('internal_ip_ending')
+                ->first();
+            
+            $server->internal_ip_ending = $existingServer
+                ? $existingServer->internal_ip_ending + 1
+                : 2;
+        });
+    }
+
    public function externalNetwork(): BelongsTo
    {
        return $this->belongsTo(Network::class, 'external_network_id');
--- a/database/migrations/2025_03_27_120552_create_servers_table.php
+++ b/database/migrations/2025_03_27_120552_create_servers_table.php
@@ -22,6 +22,8 @@ return new class extends Migration
            $table->string('ipv6');
            $table->string('private_ip');
            $table->string('provider_status');
+            $table->string('internal_ip');
+            $table->integer('internal_ip_ending');
            $table->string('status');
            $table->string('region');
            $table->string('os');
--- a/provision.sh
+++ b/provision.sh
@@ -51,6 +51,11 @@ if [ ! -d /root/.ssh ]; then
    touch /root/.ssh/authorized_keys
 fi

+# Create the wireguard directory
+if [ ! -d /root/.wg ]; then
+    mkdir -p /root/.wg
+fi
+
 # Set The Hostname If Necessary
 echo "[!hostname!]" > /etc/hostname sed -i 's/127\.0\.0\.1.*localhost/127.0.0.1 [!hostname!].localdomain [!hostname!] localhost/' /etc/hosts
 hostname [!hostname!]
@@ -59,6 +64,7 @@ hostname [!hostname!]
 useradd keystone
 mkdir -p /home/keystone/.ssh
 mkdir -p /home/keystone/.keystone
+mkdir -p /home/keystone/.wg
 adduser keystone sudo

 # Setup Bash For Keystone User
@@ -84,6 +90,18 @@ ssh-keygen -f /home/keystone/.ssh/id_ed25519 -t ed25519 -N ''
 # Restart SSH
 service ssh restart

+# Create the wireguard key pairs
+wg genkey > /root/.wg/privatekey
+wg pubkey < /root/.wg/privatekey > /root/.wg/publickey
+
+# Configure wireguard
+ip link add dev wg0 type wireguard
+ip address add dev wg0 192.168.2.1/24
+wg set wg0 listen-port 51820 private-key /root/.wg/privatekey
+ip link set up dev wg0
+
+# wg set wg0 peer <PEER_PUBLIC_KEY> allowed-ips <PEER_VPN_IP>/32
+
 # Setup Keystone Home Directory Permissions
 chown -R keystone:keystone /home/keystone
 chmod -R 755 /home/keystone
--- a/readme.md
+++ b/readme.md
@@ -12,3 +12,4 @@ Every application has a gateway (just a load balancer), regardless of how many a
 We're going to install wireguard on each server to provide a secure connection between every server and manage internal connections via the firewall with ufw.
 For each server provider, we should create a private network on that provider to get the lowest latency, which means allocating the wireguard connections needs to be done intelligently. If the server provider is not the same, we should use the public IP, otherwise use the private one internally.
 If a server is created on a provider, we should create the 'keystone' network. Maybe search to see if it already exists first.
+