Add integration for setting up wireguard tunnel for logs and metrics

With !75 (merged) we are adding a rudimentary image-based OS, with a read-only rootfs.

As pointed out in #57 (comment 205279) we have the requirement for a dedicated wireguard setup, which is to be used for connecting to a logs and metrics server.

As this is nothing we can hardcode during build time in the context of the rootfs (due to the added secrets), we need to create a tool, that creates a TPM-2.0 backed credential to be used for the PrivateKey= option of a pre-defined wireguard network device configuration.

Additionally, we require a tool, that can provide the public key of the generated private key over SSH. This will allow administrators to use the public key to configure a wireguard tunnel as required.

Edited Sep 21, 2024 by David Runge

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

Add integration for setting up wireguard tunnel for logs and metrics