Merge pull request #566 from mattkasun/develop

Update to use wg-quick config file.

netclient/cli_options/cmds.go

@@ -21,11 +21,11 @@ func GetCommands(cliFlags []cli.Flag) []*cli.Command {
 					return err
 				}
 				if cfg.Network == "all" {
-					err = errors.New("No network provided.")
+					err = errors.New("no network provided")
 					return err
 				}
 				if cfg.Server.GRPCAddress == "" {
-					err = errors.New("No server address provided.")
+					err = errors.New("no server address provided")
 					return err
 				}
 				err = command.Join(cfg, pvtKey)

netclient/command/commands.go

@@ -7,22 +7,13 @@ import (
 	"strings"
 	"time"
 
-	nodepb "github.com/gravitl/netmaker/grpc"
 	"github.com/gravitl/netmaker/netclient/config"
 	"github.com/gravitl/netmaker/netclient/daemon"
 	"github.com/gravitl/netmaker/netclient/functions"
 	"github.com/gravitl/netmaker/netclient/ncutils"
-	"golang.zx2c4.com/wireguard/wgctrl"
-)
-
-var (
-	wgclient *wgctrl.Client
-)
-
-var (
-	wcclient nodepb.NodeServiceClient
 )
 
+// Join - join command to run from cli
 func Join(cfg config.ClientConfig, privateKey string) error {
 
 	var err error
@@ -83,6 +74,7 @@ func getWindowsInterval() int {
 	return interval
 }
 
+// RunUserspaceDaemon - runs continual checkins
 func RunUserspaceDaemon() {
 
 	cfg := config.ClientConfig{
@@ -91,14 +83,15 @@ func RunUserspaceDaemon() {
 	interval := getWindowsInterval()
 	dur := time.Duration(interval) * time.Second
 	for {
-		if err := CheckIn(cfg); err != nil {
-			// pass
-		}
+		CheckIn(cfg)
 		time.Sleep(dur)
 	}
 }
 
+// CheckIn - runs checkin command from cli
 func CheckIn(cfg config.ClientConfig) error {
+	//log.Println("checkin --- diabled for now")
+	//return nil
 	var err error
 	var errN error
 	if cfg.Network == "" {
@@ -139,6 +132,7 @@ func CheckIn(cfg config.ClientConfig) error {
 	return err
 }
 
+// Leave - runs the leave command from cli
 func Leave(cfg config.ClientConfig) error {
 	err := functions.LeaveNetwork(cfg.Network)
 	if err != nil {
@@ -149,6 +143,7 @@ func Leave(cfg config.ClientConfig) error {
 	return err
 }
 
+// Push - runs push command
 func Push(cfg config.ClientConfig) error {
 	var err error
 	if cfg.Network == "all" || ncutils.IsWindows() {
@@ -175,6 +170,7 @@ func Push(cfg config.ClientConfig) error {
 	return err
 }
 
+// Pull - runs pull command from cli
 func Pull(cfg config.ClientConfig) error {
 	var err error
 	if cfg.Network == "all" {
@@ -201,11 +197,13 @@ func Pull(cfg config.ClientConfig) error {
 	return err
 }
 
+// List - runs list command from cli
 func List(cfg config.ClientConfig) error {
 	err := functions.List(cfg.Network)
 	return err
 }
 
+// Uninstall - runs uninstall command from cli
 func Uninstall() error {
 	ncutils.PrintLog("uninstalling netclient", 0)
 	err := functions.Uninstall()

netclient/functions/checkin.go

@@ -82,14 +82,15 @@ func checkIP(node *models.Node, servercfg config.ServerConfig, cliconf config.Cl
 	return ipchange && err == nil
 }
 
-func setDNS(node *models.Node, servercfg config.ServerConfig, nodecfg *models.Node) {
-	if nodecfg.DNSOn == "yes" {
-		ifacename := node.Interface
-		nameserver := servercfg.CoreDNSAddr
-		network := node.Network
-		local.UpdateDNS(ifacename, network, nameserver)
-	}
-}
+// DEPRECATED
+// func setDNS(node *models.Node, servercfg config.ServerConfig, nodecfg *models.Node) {
+// 	if nodecfg.DNSOn == "yes" {
+// 		ifacename := node.Interface
+// 		nameserver := servercfg.CoreDNSAddr
+// 		network := node.Network
+// 		local.UpdateDNS(ifacename, network, nameserver)
+// 	}
+// }
 
 func checkNodeActions(node *models.Node, networkName string, servercfg config.ServerConfig, localNode *models.Node, cfg *config.ClientConfig) string {
 	if (node.Action == models.NODE_UPDATE_KEY || localNode.Action == models.NODE_UPDATE_KEY) &&
@@ -156,7 +157,7 @@ func Pull(network string, manual bool) (*models.Node, error) {
 	}
 
 	node := cfg.Node
-	servercfg := cfg.Server
+	//servercfg := cfg.Server
 
 	if cfg.Node.IPForwarding == "yes" && !ncutils.IsWindows() {
 		if err = local.SetIPForwarding(); err != nil {
@@ -241,9 +242,9 @@ func Pull(network string, manual bool) (*models.Node, error) {
 			}
 		}
 	}
-	if ncutils.IsLinux() {
-		setDNS(&resNode, servercfg, &cfg.Node)
-	}
+	//if ncutils.IsLinux() {
+	//	setDNS(&resNode, servercfg, &cfg.Node)
+	//}
 	var bkupErr = config.SaveBackup(network)
 	if bkupErr != nil {
 		ncutils.Log("unable to update backup file")

netclient/functions/common.go

@@ -1,15 +1,11 @@
 package functions
 
 import (
-	"context"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"log"
 	"net"
 	"os"
-	"os/exec"
-	"strings"
 
 	nodepb "github.com/gravitl/netmaker/grpc"
 	"github.com/gravitl/netmaker/models"
@@ -23,10 +19,6 @@ import (
 	"google.golang.org/grpc/metadata"
 )
 
-var (
-	wcclient nodepb.NodeServiceClient
-)
-
 // ListPorts - lists ports of WireGuard devices
 func ListPorts() error {
 	wgclient, err := wgctrl.New()
@@ -103,30 +95,31 @@ func getPrivateAddrBackup() (string, error) {
 		}
 	}
 	if !found {
-		err := errors.New("Local Address Not Found.")
+		err := errors.New("local ip address not found")
 		return "", err
 	}
 	return local, err
 }
 
-func needInterfaceUpdate(ctx context.Context, mac string, network string, iface string) (bool, string, error) {
-	var header metadata.MD
-	req := &nodepb.Object{
-		Data: mac + "###" + network,
-		Type: nodepb.STRING_TYPE,
-	}
-	readres, err := wcclient.ReadNode(ctx, req, grpc.Header(&header))
-	if err != nil {
-		return false, "", err
-	}
-	var resNode models.Node
-	if err := json.Unmarshal([]byte(readres.Data), &resNode); err != nil {
-		return false, iface, err
-	}
-	oldiface := resNode.Interface
+// DEPRECATED
+// func needInterfaceUpdate(ctx context.Context, mac string, network string, iface string) (bool, string, error) {
+// 	var header metadata.MD
+// 	req := &nodepb.Object{
+// 		Data: mac + "###" + network,
+// 		Type: nodepb.STRING_TYPE,
+// 	}
+// 	readres, err := wcclient.ReadNode(ctx, req, grpc.Header(&header))
+// 	if err != nil {
+// 		return false, "", err
+// 	}
+// 	var resNode models.Node
+// 	if err := json.Unmarshal([]byte(readres.Data), &resNode); err != nil {
+// 		return false, iface, err
+// 	}
+// 	oldiface := resNode.Interface
 
-	return iface != oldiface, oldiface, err
-}
+// 	return iface != oldiface, oldiface, err
+// }
 
 // GetNode - gets node locally
 func GetNode(network string) models.Node {
@@ -244,22 +237,7 @@ func RemoveLocalInstance(cfg *config.ClientConfig, networkName string) error {
 
 // DeleteInterface - delete an interface of a network
 func DeleteInterface(ifacename string, postdown string) error {
-	var err error
-	if !ncutils.IsKernel() {
-		err = wireguard.RemoveConf(ifacename, true)
-	} else {
-		ipExec, errN := exec.LookPath("ip")
-		err = errN
-		if err != nil {
-			ncutils.PrintLog(err.Error(), 1)
-		}
-		_, err = ncutils.RunCmd(ipExec+" link del "+ifacename, false)
-		if postdown != "" {
-			runcmds := strings.Split(postdown, "; ")
-			err = ncutils.RunCmds(runcmds, true)
-		}
-	}
-	return err
+	return wireguard.RemoveConf(ifacename, true)
 }
 
 // WipeLocal - wipes local instance
@@ -271,27 +249,11 @@ func WipeLocal(network string) error {
 	nodecfg := cfg.Node
 	ifacename := nodecfg.Interface
 	if ifacename != "" {
-		if !ncutils.IsKernel() {
-			if err = wireguard.RemoveConf(ifacename, true); err == nil {
-				ncutils.PrintLog("removed WireGuard interface: "+ifacename, 1)
-			}
-		} else {
-			ipExec, err := exec.LookPath("ip")
-			if err != nil {
-				return err
-			}
-			out, err := ncutils.RunCmd(ipExec+" link del "+ifacename, false)
-			dontprint := strings.Contains(out, "does not exist") || strings.Contains(out, "Cannot find device")
-			if err != nil && !dontprint {
-				ncutils.PrintLog("error running command: "+ipExec+" link del "+ifacename, 1)
-				ncutils.PrintLog(out, 1)
-			}
-			if nodecfg.PostDown != "" {
-				runcmds := strings.Split(nodecfg.PostDown, "; ")
-				_ = ncutils.RunCmds(runcmds, false)
-			}
+		if err = wireguard.RemoveConf(ifacename, true); err == nil {
+			ncutils.PrintLog("removed WireGuard interface: "+ifacename, 1)
 		}
 	}
+
 	home := ncutils.GetNetclientPathSpecific()
 	if ncutils.FileExists(home + "netconfig-" + network) {
 		_ = os.Remove(home + "netconfig-" + network)

netclient/functions/join.go

@@ -83,9 +83,9 @@ func JoinNetwork(cfg config.ClientConfig, privateKey string) error {
 		}
 	}
 	if ncutils.IsLinux() {
-		_, err := exec.LookPath("resolvectl")
+		_, err := exec.LookPath("resolveconf")
 		if err != nil {
-			ncutils.PrintLog("resolvectl not present", 2)
+			ncutils.PrintLog("resolveconf not present", 2)
 			ncutils.PrintLog("unable to configure DNS automatically, disabling automated DNS management", 2)
 			cfg.Node.DNSOn = "no"
 		}

netclient/local/local.go

@@ -25,7 +25,7 @@ func SetIPForwarding() error {
 	case "darwin":
 		err = SetIPForwardingMac()
 	default:
-		err = errors.New("This OS is not supported")
+		err = errors.New("this OS is not currently supported")
 	}
 	return err
 }

netclient/ncutils/netclientutils_linux.go

@@ -2,7 +2,6 @@ package ncutils
 
 import (
 	"fmt"
-	"log"
 	"os/exec"
 	"strconv"
 	"strings"
@@ -17,8 +16,8 @@ func RunCmd(command string, printerr bool) (string, error) {
 	cmd.Wait()
 	out, err := cmd.CombinedOutput()
 	if err != nil && printerr {
-		log.Println("error running command:", command)
-		log.Println(strings.TrimSuffix(string(out), "\n"))
+		Log(fmt.Sprintf("error running command: %s", command))
+		Log(strings.TrimSuffix(string(out), "\n"))
 	}
 	return string(out), err
 }
@@ -33,8 +32,8 @@ func GetEmbedded() error {
 	return nil
 }
 
-// CreateUserSpaceConf - creates a user space WireGuard conf
-func CreateUserSpaceConf(address string, privatekey string, listenPort string, mtu int32, perskeepalive int32, peers []wgtypes.PeerConfig) (string, error) {
+// CreateWireGuardConf - creates a user space WireGuard conf
+func CreateWireGuardConf(address string, privatekey string, listenPort string, mtu int32, dns string, perskeepalive int32, peers []wgtypes.PeerConfig) (string, error) {
 	peersString, err := parsePeers(perskeepalive, peers)
 	var listenPortString string
 	if mtu <= 0 {
@@ -48,6 +47,7 @@ func CreateUserSpaceConf(address string, privatekey string, listenPort string, m
 	}
 	config := fmt.Sprintf(`[Interface]
 Address = %s
+DNS = %s
 PrivateKey = %s
 MTU = %s
 %s
@@ -56,6 +56,7 @@ MTU = %s
 
 `,
 		address+"/32",
+		dns,
 		privatekey,
 		strconv.Itoa(int(mtu)),
 		listenPortString,

netclient/server/grpc.go

@@ -50,6 +50,9 @@ func CheckIn(network string) (*models.Node, error) {
 		// == run client action ==
 		var header metadata.MD
 		ctx, err := auth.SetJWT(wcclient, network)
+		if err != nil {
+			return nil, err
+		}
 		nodeData, err := json.Marshal(&node)
 		if err != nil {
 			return nil, err
@@ -123,7 +126,7 @@ func GetPeers(macaddress string, network string, server string, dualstack bool,
 	}
 
 	keepalive := nodecfg.PersistentKeepalive
-	keepalivedur, err := time.ParseDuration(strconv.FormatInt(int64(keepalive), 10) + "s")
+	keepalivedur, _ := time.ParseDuration(strconv.FormatInt(int64(keepalive), 10) + "s")
 	keepaliveserver, err := time.ParseDuration(strconv.FormatInt(int64(5), 10) + "s")
 	if err != nil {
 		log.Fatalf("Issue with format of keepalive value. Please update netconfig: %v", err)

netclient/wireguard/common.go

@@ -2,10 +2,8 @@ package wireguard
 
 import (
 	"errors"
-	"fmt"
 	"io/ioutil"
 	"log"
-	"os"
 	"os/exec"
 	"runtime"
 	"strconv"
@@ -138,167 +136,84 @@ func InitWireguard(node *models.Node, privkey string, peers []wgtypes.PeerConfig
 	if node.Address == "" {
 		log.Fatal("no address to configure")
 	}
-
-	nameserver := servercfg.CoreDNSAddr
-	network := node.Network
-	if nodecfg.Network != "" {
-		network = nodecfg.Network
-	} else if node.Network != "" {
-		network = node.Network
+	var nameserver string
+	if ncutils.IsLinux() {
+		if _, err := exec.LookPath("resolvconf"); err != nil {
+			ncutils.PrintLog("resolvconf not present", 2)
+			ncutils.PrintLog("unable to configure DNS automatically, disabling automated DNS management", 2)
+			node.DNSOn = "no"
+		}
 	}
-
-	if ncutils.IsKernel() {
-		setKernelDevice(ifacename, node.Address)
+	if node.DNSOn == "yes" {
+		nameserver = servercfg.CoreDNSAddr
 	}
-
-	nodeport := int(node.ListenPort)
-	conf := wgtypes.Config{}
-	if nodecfg.UDPHolePunch == "yes" &&
-		nodecfg.IsServer == "no" &&
-		nodecfg.IsIngressGateway != "yes" &&
-		nodecfg.IsStatic != "yes" {
-		conf = wgtypes.Config{
-			PrivateKey:   &key,
-			ReplacePeers: true,
-			Peers:        peers,
-		}
+	var newConf string
+	if node.UDPHolePunch != "yes" {
+		newConf, _ = ncutils.CreateWireGuardConf(node.Address, key.String(), strconv.FormatInt(int64(node.ListenPort), 10), node.MTU, nameserver, node.PersistentKeepalive, peers)
 	} else {
-		conf = wgtypes.Config{
-			PrivateKey:   &key,
-			ListenPort:   &nodeport,
-			ReplacePeers: true,
-			Peers:        peers,
-		}
+		newConf, _ = ncutils.CreateWireGuardConf(node.Address, key.String(), "", node.MTU, nameserver, node.PersistentKeepalive, peers)
 	}
-	if !ncutils.IsKernel() {
-		var newConf string
-		if node.UDPHolePunch != "yes" {
-			newConf, _ = ncutils.CreateUserSpaceConf(node.Address, key.String(), strconv.FormatInt(int64(node.ListenPort), 10), node.MTU, node.PersistentKeepalive, peers)
-		} else {
-			newConf, _ = ncutils.CreateUserSpaceConf(node.Address, key.String(), "", node.MTU, node.PersistentKeepalive, peers)
-		}
-		confPath := ncutils.GetNetclientPathSpecific() + ifacename + ".conf"
-		ncutils.PrintLog("writing wg conf file to: "+confPath, 1)
-		err = ioutil.WriteFile(confPath, []byte(newConf), 0644)
+	confPath := ncutils.GetNetclientPathSpecific() + ifacename + ".conf"
+	ncutils.PrintLog("writing wg conf file to: "+confPath, 1)
+	err = ioutil.WriteFile(confPath, []byte(newConf), 0644)
+	if err != nil {
+		ncutils.PrintLog("error writing wg conf file to "+confPath+": "+err.Error(), 1)
+		return err
+	}
+	if ncutils.IsWindows() {
+		wgConfPath := ncutils.GetWGPathSpecific() + ifacename + ".conf"
+		err = ioutil.WriteFile(wgConfPath, []byte(newConf), 0644)
 		if err != nil {
-			ncutils.PrintLog("error writing wg conf file to "+confPath+": "+err.Error(), 1)
+			ncutils.PrintLog("error writing wg conf file to "+wgConfPath+": "+err.Error(), 1)
 			return err
 		}
-		if ncutils.IsWindows() {
-			wgConfPath := ncutils.GetWGPathSpecific() + ifacename + ".conf"
-			err = ioutil.WriteFile(wgConfPath, []byte(newConf), 0644)
+		confPath = wgConfPath
+	}
+	// spin up userspace / windows interface + apply the conf file
+	var deviceiface string
+	if ncutils.IsMac() {
+		deviceiface, err = local.GetMacIface(node.Address)
+		if err != nil || deviceiface == "" {
+			deviceiface = ifacename
+		}
+	}
+	if syncconf {
+		err = SyncWGQuickConf(ifacename, confPath)
+	} else {
+		d, _ := wgclient.Device(deviceiface)
+		for d != nil && d.Name == deviceiface {
+			_ = RemoveConf(ifacename, false) // remove interface first
+			time.Sleep(time.Second >> 2)
+			d, _ = wgclient.Device(deviceiface)
+		}
+		if !ncutils.IsWindows() {
+			err = ApplyConf(confPath)
 			if err != nil {
-				ncutils.PrintLog("error writing wg conf file to "+wgConfPath+": "+err.Error(), 1)
+				ncutils.PrintLog("failed to create wireguard interface", 1)
 				return err
 			}
-			confPath = wgConfPath
-		}
-		// spin up userspace / windows interface + apply the conf file
-		var deviceiface string
-		if ncutils.IsMac() {
-			deviceiface, err = local.GetMacIface(node.Address)
-			if err != nil || deviceiface == "" {
-				deviceiface = ifacename
-			}
-		}
-		if syncconf {
-			log.Println("syncing conf")
-			err = SyncWGQuickConf(ifacename, confPath)
 		} else {
-			d, _ := wgclient.Device(deviceiface)
-			for d != nil && d.Name == deviceiface {
-				_ = RemoveConf(ifacename, false) // remove interface first
-				time.Sleep(time.Second >> 2)
-				d, _ = wgclient.Device(deviceiface)
-			}
-			if !ncutils.IsWindows() {
+			var output string
+			starttime := time.Now()
+			RemoveConf(ifacename, false)
+			time.Sleep(time.Second >> 2)
+			ncutils.PrintLog("waiting for interface...", 1)
+			for !strings.Contains(output, ifacename) && !(time.Now().After(starttime.Add(time.Duration(10) * time.Second))) {
+				output, _ = ncutils.RunCmd("wg", false)
 				err = ApplyConf(confPath)
-				if err != nil {
-					ncutils.PrintLog("failed to create wireguard interface", 1)
-					return err
-				}
-			} else {
-				var output string
-				starttime := time.Now()
-				RemoveConf(ifacename, false)
-				time.Sleep(time.Second >> 2)
-				ncutils.PrintLog("waiting for interface...", 1)
-				for !strings.Contains(output, ifacename) && !(time.Now().After(starttime.Add(time.Duration(10) * time.Second))) {
-					output, _ = ncutils.RunCmd("wg", false)
-					err = ApplyConf(confPath)
-					time.Sleep(time.Second)
-				}
-				if !strings.Contains(output, ifacename) {
-					return errors.New("could not create wg interface for " + ifacename)
-				}
-				ip, mask, err := ncutils.GetNetworkIPMask(nodecfg.NetworkSettings.AddressRange)
-				if err != nil {
-					log.Println(err.Error())
-					return err
-				}
-				ncutils.RunCmd("route add "+ip+" mask "+mask+" "+node.Address, true)
-				time.Sleep(time.Second >> 2)
-				ncutils.RunCmd("route change "+ip+" mask "+mask+" "+node.Address, true)
+				time.Sleep(time.Second)
 			}
-		}
-	} else {
-		ipExec, err := exec.LookPath("ip")
-		if err != nil {
-			return err
-		}
-
-		_, err = wgclient.Device(ifacename)
-		if err != nil {
-			if os.IsNotExist(err) {
-				fmt.Println("Device does not exist: ")
-				fmt.Println(err)
-			} else {
-				log.Fatalf("Unknown config error: %v", err)
-			}
-		}
-
-		err = wgclient.ConfigureDevice(ifacename, conf)
-		if err != nil {
-			if os.IsNotExist(err) {
-				fmt.Println("Device does not exist: ")
-				fmt.Println(err)
-			} else {
-				fmt.Printf("This is inconvenient: %v", err)
+			if !strings.Contains(output, ifacename) {
+				return errors.New("could not create wg interface for " + ifacename)
 			}
-		}
-
-		//=========DNS Setup==========\\
-		if nodecfg.DNSOn == "yes" {
-			_ = local.UpdateDNS(ifacename, network, nameserver)
-		}
-		//=========End DNS Setup=======\\
-		if _, err := ncutils.RunCmd(ipExec+" link set down dev "+ifacename, false); err != nil {
-			ncutils.Log("attempted to remove interface before editing")
-			return err
-		}
-
-		if nodecfg.PostDown != "" {
-			runcmds := strings.Split(nodecfg.PostDown, "; ")
-			_ = ncutils.RunCmds(runcmds, true)
-		}
-		// set MTU of node interface
-		if _, err := ncutils.RunCmd(ipExec+" link set mtu "+strconv.Itoa(int(nodecfg.MTU))+" up dev "+ifacename, true); err != nil {
-			ncutils.Log("failed to create interface with mtu " + ifacename)
-			return err
-		}
-
-		if nodecfg.PostUp != "" {
-			runcmds := strings.Split(nodecfg.PostUp, "; ")
-			_ = ncutils.RunCmds(runcmds, true)
-		}
-		if hasGateway {
-			for _, gateway := range gateways {
-				_, _ = ncutils.RunCmd(ipExec+" -4 route add "+gateway+" dev "+ifacename, true)
+			ip, mask, err := ncutils.GetNetworkIPMask(nodecfg.NetworkSettings.AddressRange)
+			if err != nil {
+				log.Println(err.Error())
+				return err
 			}
-		}
-		if node.Address6 != "" && node.IsDualStack == "yes" {
-			log.Println("[netclient] adding address: "+node.Address6, 1)
-			_, _ = ncutils.RunCmd(ipExec+" address add dev "+ifacename+" "+node.Address6+"/64", true)
+			ncutils.RunCmd("route add "+ip+" mask "+mask+" "+node.Address, true)
+			time.Sleep(time.Second >> 2)
+			ncutils.RunCmd("route change "+ip+" mask "+mask+" "+node.Address, true)
 		}
 	}
 

netclient/wireguard/kernel.go

@@ -1,21 +0,0 @@
-package wireguard
-
-import (
-	"os/exec"
-
-	"github.com/gravitl/netmaker/netclient/ncutils"
-	//homedir "github.com/mitchellh/go-homedir"
-)
-
-func setKernelDevice(ifacename string, address string) error {
-	ipExec, err := exec.LookPath("ip")
-	if err != nil {
-		return err
-	}
-
-	_, _ = ncutils.RunCmd("ip link delete dev "+ifacename, false)
-	_, _ = ncutils.RunCmd(ipExec+" link add dev "+ifacename+" type wireguard", true)
-	_, _ = ncutils.RunCmd(ipExec+" address add dev "+ifacename+" "+address+"/24", true)
-
-	return nil
-}

scripts/nm-quick.sh

@@ -50,7 +50,7 @@ elif [ -f /etc/fedora-release ]; then
 	dnf update
 fi
 
-dependencies=("docker.io" "docker-compose" "wireguard" "jq")
+dependencies=("docker.io" "docker-compose" "wireguard" "jq" "resolvconf")