add ci-runner script

controllers/middleware.go

@@ -71,7 +71,7 @@ func userMiddleWare(handler http.Handler) http.Handler {
 		if strings.Contains(route, "tags") {
 			r.Header.Set("TARGET_RSRC", models.TagRsrc.String())
 		}
-		if strings.Contains(route, "extclients") {
+		if strings.Contains(route, "extclients") || strings.Contains(route, "client_conf") {
 			r.Header.Set("TARGET_RSRC", models.ExtClientsRsrc.String())
 		}
 		if strings.Contains(route, "enrollment-keys") {

scripts/ci-runner.sh

@@ -0,0 +1,89 @@
+#!/usr/bin/env bash
+# Fetch WireGuard config from Netmaker via /api/v1/client_conf/{network} and bring it up.
+# Required env:
+#   NETMAKER_BASE_URL, NETMAKER_API_JWT, NETMAKER_NETWORK
+#   WG_IFACE (default: netmaker), WG_CONF_DIR (default: /etc/wireguard)
+
+set -euo pipefail
+
+# --- Fail fast if mandatory variables missing ---
+: "${NETMAKER_BASE_URL:?ERROR: NETMAKER_BASE_URL not set}"
+: "${NETMAKER_NETWORK:?ERROR: NETMAKER_NETWORK not set}"
+: "${NETMAKER_API_JWT:?ERROR: NETMAKER_API_JWT not set}"
+
+# --- Ensure required packages are present ---
+echo "[*] Checking dependencies ..."
+DEPS=(curl jq wg-quick ip)
+MISSING=()
+for bin in "${DEPS[@]}"; do
+  if ! command -v "$bin" >/dev/null 2>&1; then
+    MISSING+=("$bin")
+  fi
+done
+
+if [[ ${#MISSING[@]} -gt 0 ]]; then
+  echo "[*] Installing missing deps: ${MISSING[*]} ..."
+  if command -v apt-get >/dev/null 2>&1; then
+    sudo apt-get update -y
+    sudo apt-get install -y wireguard-tools jq curl iproute2 resolvconf
+  elif command -v yum >/dev/null 2>&1; then
+    sudo yum install -y wireguard-tools jq curl iproute iproute-tc
+  elif command -v dnf >/dev/null 2>&1; then
+    sudo dnf install -y wireguard-tools jq curl iproute
+  else
+    echo "ERROR: Package manager not found. Install ${MISSING[*]} manually." >&2
+    exit 1
+  fi
+else
+  echo "[*] All dependencies found."
+fi
+
+# --- Inputs & defaults ---
+BASE_URL="${NETMAKER_BASE_URL:?NETMAKER_BASE_URL not set}"
+NETWORK="${NETMAKER_NETWORK:?NETMAKER_NETWORK not set}"
+JWT="${NETMAKER_API_JWT:?NETMAKER_API_JWT not set}"
+WG_IFACE="${WG_IFACE:-netmaker}"
+WG_CONF_DIR="${WG_CONF_DIR:-/etc/wireguard}"
+TMP_CONF="/tmp/${WG_IFACE}.conf"
+
+EP="${BASE_URL}/api/v1/client_conf/${NETWORK}"
+
+echo "[*] Requesting client configuration from: ${EP}"
+
+HDRS=(-H "Authorization: Bearer ${JWT}")
+[[ -n "${NM_CLIENT_LABEL:-}" ]]    && HDRS+=(-H "X-NM-Client-Label: ${NM_CLIENT_LABEL}")
+[[ -n "${NM_REQUESTED_NAME:-}" ]]  && HDRS+=(-H "X-NM-Requested-Name: ${NM_REQUESTED_NAME}")
+
+# --- Fetch config ---
+HTTP_STATUS="$(curl -sS -L -w '%{http_code}' -o "${TMP_CONF}" "${HDRS[@]}" "${EP}")"
+
+if [[ "${HTTP_STATUS}" != "200" ]]; then
+  echo "ERROR: client_conf returned HTTP ${HTTP_STATUS}" >&2
+  curl -sS -L "${HDRS[@]}" "${EP}" | head -c 400 >&2 || true
+  exit 1
+fi
+
+# --- Sanity check ---
+if ! grep -q "^\[Interface\]" "${TMP_CONF}"; then
+  echo "ERROR: Response does not look like a WireGuard config." >&2
+  head -n 20 "${TMP_CONF}" >&2 || true
+  exit 1
+fi
+
+# --- Add interface-name for traceability ---
+if ! grep -q "^#interface-name=" "${TMP_CONF}"; then
+  echo "#interface-name=${WG_IFACE}" | cat - "${TMP_CONF}" > "${TMP_CONF}.tmp" && mv "${TMP_CONF}.tmp" "${TMP_CONF}"
+fi
+
+# --- Move into place ---
+sudo mkdir -p "${WG_CONF_DIR}"
+sudo mv "${TMP_CONF}" "${WG_CONF_DIR}/${WG_IFACE}.conf"
+sudo chmod 600 "${WG_CONF_DIR}/${WG_IFACE}.conf"
+
+# --- Bring it up ---
+echo "[*] Bringing up ${WG_IFACE} ..."
+sudo wg-quick up "${WG_IFACE}"
+
+echo "==== ${WG_IFACE} is up ===="
+ip addr show "${WG_IFACE}" || true
+wg show "${WG_IFACE}" || true