Add Dependabot configuration and adjust WireGuard spelling

Added a new `.github/dependabot.yml` file to enable automated dependency updates for gomod and GitHub Actions on a weekly schedule.

Corrected the spelling of "Wireguard" to "WireGuard" in multiple files for consistency:
- `.goreleaser.yaml`
- `README.md`
- `cmd/wush/cp.go`
- `cmd/wush/serve.go`
- `cmd/wush/ssh.go`

Simplified `install.sh` by removing the `pipefail` option.

Updated license and import statements, cleaned up `server.go` in the `tsserver` package, and refactored peer management to use `xsync.MapOf` for better concurrency handling.

Author: coadler

.github/dependabot.yml

@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.goreleaser.yaml

@@ -31,7 +31,7 @@ nfpms:
     maintainer: Colin Adler <[email protected]>
     description: |-
       Wush installer package.
-      Wush creates secure Wireguard tunnels between two devices.
+      Wush creates secure WireGuard tunnels between two devices.
     license: CC0-1.0
     contents:
       - src: LICENSE

README.md

@@ -3,11 +3,11 @@
 [![Go Reference](https://pkg.go.dev/badge/github.com/coder/wush.svg)](https://pkg.go.dev/github.com/coder/wush)
 
 `wush` is a command line tool that lets you easily transfer files and open
-shells over a peer-to-peer wireguard connection. It's similar to
+shells over a peer-to-peer WireGuard connection. It's similar to
 [magic-wormhole](https://github.com/magic-wormhole/magic-wormhole) but:
 
 1. No requirement to set up or trust a relay server for authentication.
-1. Powered by Wireguard for secure, fast, and reliable connections.
+1. Powered by WireGuard for secure, fast, and reliable connections.
 1. Automatic peer-to-peer connections over UDP.
 1. Endless possibilities; rsync, ssh, etc.
 
@@ -47,7 +47,7 @@ Picked DERP region Toronto as overlay home
 Your auth key is:
     >  112v1RyL5KPzsbMbhT7fkEGrcfpygxtnvwjR5kMLGxDHGeLTK1BvoPqsUcjo7xyMkFn46KLTdedKuPCG5trP84mz9kx
 Use this key to authenticate other wush commands to this instance.
-05:18:59 Wireguard is ready
+05:18:59 WireGuard is ready
 05:18:59 SSH server listening
 ```
 
@@ -61,8 +61,8 @@ Auth information:
     > Server overlay DERP home:     Toronto
     > Server overlay public key:    [NFWN0]
     > Server overlay auth key:      [mTbpN]
-Bringing Wireguard up..
-Wireguard is ready!
+Bringing WireGuard up..
+WireGuard is ready!
 Received peer
 Peer active with relay  nyc
 Peer active over p2p  172.20.0.8:53768
@@ -77,8 +77,8 @@ Auth information:
     > Server overlay DERP home:     Toronto
     > Server overlay public key:    [sEIS1]
     > Server overlay auth key:      [w/sYF]
-Bringing Wireguard up..
-Wireguard is ready!
+Bringing WireGuard up..
+WireGuard is ready!
 Received peer
 Peer active with relay  nyc
 Peer active over p2p  172.20.0.8:44483
@@ -106,10 +106,10 @@ runs over one of two currently implemented mediums; UDP or DERP. Each message
 over the relay is encrypted with the sender's private key.
 
 **UDP**: The receiver creates a NAT holepunch to allow senders to connect
-directly. Wireguard nodes are exchanged peer-to-peer. This mode will only work
+directly. WireGuard nodes are exchanged peer-to-peer. This mode will only work
 if the receiver doesn't have hard NAT.
 
-**DERP**: The receiver connects to the closet DERP relay server. Wireguard nodes
+**DERP**: The receiver connects to the closet DERP relay server. WireGuard nodes
 are exchanged through the relay.
 
 In both cases auth is handled the same way. The receiver will only accept
@@ -131,4 +131,4 @@ way more functionality.
 
 1. [Tailscale](https://tailscale.com)
 1. [Headscale](https://github.com/juanfont/headscale)
-1. [Wireguard-go](https://github.com/WireGuard/wireguard-go)
+1. [WireGuard-go](https://github.com/WireGuard/wireguard-go)

cmd/wush/cp.go

@@ -145,9 +145,9 @@ func cpCmd() *serpent.Command {
 			ts.Logf = func(string, ...any) {}
 			ts.UserLogf = func(string, ...any) {}
 
-			logf("Bringing Wireguard up..")
+			logf("Bringing WireGuard up..")
 			ts.Up(ctx)
-			logf("Wireguard is ready!")
+			logf("WireGuard is ready!")
 
 			lc, err := ts.LocalClient()
 			if err != nil {

cmd/wush/serve.go

@@ -87,7 +87,7 @@ func serveCmd() *serpent.Command {
 			ts.Up(ctx)
 			fs := afero.NewOsFs()
 
-			fmt.Println(cliui.Timestamp(time.Now()), "Wireguard is ready")
+			fmt.Println(cliui.Timestamp(time.Now()), "WireGuard is ready")
 
 			sshSrv, err := agentssh.NewServer(ctx,
 				cslog.Make(csloghuman.Sink(logSink)),

cmd/wush/ssh.go

@@ -64,9 +64,9 @@ func sshCmd() *serpent.Command {
 			ts.Logf = func(string, ...any) {}
 			ts.UserLogf = func(string, ...any) {}
 
-			logf("Bringing Wireguard up..")
+			logf("Bringing WireGuard up..")
 			ts.Up(ctx)
-			logf("Wireguard is ready!")
+			logf("WireGuard is ready!")
 
 			lc, err := ts.LocalClient()
 			if err != nil {

go.mod

@@ -14,7 +14,6 @@ require (
 	github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0
 	github.com/coder/serpent v0.8.0
 	github.com/go-chi/chi/v5 v5.1.0
-	github.com/google/uuid v1.6.0
 	github.com/klauspost/compress v1.17.9
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mitchellh/go-wordwrap v1.0.1
@@ -107,6 +106,7 @@ require (
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/nftables v0.2.1-0.20240414091927-5e242ec57806 // indirect
 	github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/csrf v1.7.2 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect

install.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-set -euo pipefail
+set -eu
 
 GITHUB_REPO="coder/wush"
 BINARY_NAME="wush"

tsserver/server.go

@@ -1,5 +1,7 @@
+// SPDX-License-Identifier: BSD-3-Clause, CC0-1.0
 // Package tsserver implements the Tailscale coordination protocol for a single
-// client. Heavy inspiration was taken from https://github.com/juanfont/headscale
+// client. Heavy inspiration and code was taken from https://github.com/juanfont/headscale.
+// As such, this file is dual licensed under BSD-3-Clause and CC0-1.0.
 package tsserver
 
 import (
@@ -22,9 +24,7 @@ import (
 	"sync/atomic"
 	"time"
 
-	"github.com/coder/wush/overlay"
 	"github.com/go-chi/chi/v5"
-	"github.com/google/uuid"
 	"github.com/klauspost/compress/zstd"
 	"github.com/puzpuzpuz/xsync/v3"
 	"github.com/valyala/fasthttp/fasthttputil"
@@ -39,6 +39,8 @@ import (
 	"tailscale.com/types/key"
 	"tailscale.com/types/opt"
 	"tailscale.com/types/ptr"
+
+	"github.com/coder/wush/overlay"
 )
 
 func DERPMapTailscale(ctx context.Context) (*tailcfg.DERPMap, error) {
@@ -242,7 +244,8 @@ func (s *server) NoiseUpgradeHandler(w http.ResponseWriter, r *http.Request) {
 		logger:     s.logger,
 		derpMap:    s.derpMap,
 		challenge:  key.NewChallenge(),
-		updates:    s.peerMapUpdate,
+		peers:      xsync.NewMapOf[tailcfg.NodeID, *tailcfg.Node](),
+		peerUpdate: s.peerMapUpdate,
 		node:       &s.node,
 		nodeUpdate: s.nodeUpdate,
 		getIP:      s.overlay.IP,
@@ -332,7 +335,9 @@ type noiseServer struct {
 	derpMap        *tailcfg.DERPMap
 	getIP          func() netip.Addr
 
-	updates    chan update
+	peers      *xsync.MapOf[tailcfg.NodeID, *tailcfg.Node]
+	peerUpdate chan update
+
 	node       *atomic.Pointer[tailcfg.Node]
 	nodeUpdate chan struct{}
 
@@ -341,37 +346,6 @@ type noiseServer struct {
 	protocolVersion int
 }
 
-func maskUUID(uid uuid.UUID) uuid.UUID {
-	// This is Tailscale's ephemeral service prefix. This can be changed easily
-	// later-on, because all of our nodes are ephemeral.
-	// fd7a:115c:a1e0
-	uid[0] = 0xfd
-	uid[1] = 0x7a
-	uid[2] = 0x11
-	uid[3] = 0x5c
-	uid[4] = 0xa1
-	uid[5] = 0xe0
-	return uid
-}
-
-// IP generates a random IP with a static service prefix.
-func IP() netip.Addr {
-	uid := maskUUID(uuid.New())
-	return netip.AddrFrom16(uid)
-}
-
-// func IP4r() netip.Addr {
-// 	return netip.AddrFrom4([4]byte{100, 64, 1, 1})
-// }
-// func IP4s() netip.Addr {
-// 	return netip.AddrFrom4([4]byte{100, 64, 2, 2})
-// }
-
-// IP generates a new IP from a UUID.
-func IPFromUUID(uid uuid.UUID) netip.Addr {
-	return netip.AddrFrom16(maskUUID(uid))
-}
-
 func (ns *noiseServer) notifyUpdate() {
 	ns.nodeUpdate <- struct{}{}
 }
@@ -389,17 +363,6 @@ func (ns *noiseServer) NoiseRegistrationHandler(w http.ResponseWriter, r *http.R
 	sp := strings.SplitN(registerRequest.Auth.AuthKey, "-", 2)
 
 	ip := ns.getIP()
-	// var ip netip.Addr
-	// switch registerRequest.Auth.AuthKey {
-	// case "receive":
-	// 	ip = IP4r()
-	// case "send":
-	// 	ip = IP4s()
-	// default:
-	// 	http.Error(w, fmt.Sprintf("unknown authkey: %q", registerRequest.Auth.AuthKey), http.StatusBadRequest)
-	// 	return
-	// }
-	// try insecureskipverify
 
 	resp := tailcfg.RegisterResponse{}
 	resp.MachineAuthorized = true
@@ -506,17 +469,21 @@ func (ns *noiseServer) NoisePollNetMapHandler(
 func (ns *noiseServer) peerMap() []*tailcfg.Node {
 	peers := []*tailcfg.Node{}
 
-	// TOOD: get peers
+	ns.peers.Range(func(key tailcfg.NodeID, value *tailcfg.Node) bool {
+		peers = append(peers, value.Clone())
+		return true
+	})
+	xslices.SortFunc(peers, func(a, b *tailcfg.Node) int {
+		return cmp.Compare(a.ID, b.ID)
+	})
 
 	return peers
 }
 
 func (ns *noiseServer) handleStreaming(ctx context.Context, w http.ResponseWriter, req *tailcfg.MapRequest) {
-	// Upgrade the writer to a ResponseController
 	rc := http.NewResponseController(w)
-
-	// Longpolling will break if there is a write timeout,
-	// so it needs to be disabled.
+	// Longpolling will break if there is a write timeout, so it needs to be
+	// disabled.
 	rc.SetWriteDeadline(time.Time{})
 
 	node := ns.getSelfNode()
@@ -552,13 +519,14 @@ func (ns *noiseServer) handleStreaming(ctx context.Context, w http.ResponseWrite
 		select {
 		case <-ctx.Done():
 			return
-		case upd := <-ns.updates:
+		case upd := <-ns.peerUpdate:
 			res := &tailcfg.MapResponse{
 				KeepAlive:   false,
 				ControlTime: ptr.To(time.Now()),
 			}
 			if upd.ty == updateTypeNewPeer {
-				res.Peers = []*tailcfg.Node{upd.node}
+				ns.peers.Store(upd.node.ID, upd.node.Clone())
+				res.Peers = ns.peerMap()
 			} else if upd.ty == updateTypePeerUpdate {
 				res.PeersChangedPatch = []*tailcfg.PeerChange{upd.update}
 			}
@@ -590,7 +558,6 @@ func (ns *noiseServer) handleStreaming(ctx context.Context, w http.ResponseWrite
 			}
 		}
 	}
-
 }
 
 func writeMapResponse(w http.ResponseWriter, req *tailcfg.MapRequest, res *tailcfg.MapResponse) error {
@@ -751,7 +718,6 @@ func peerChange(req *tailcfg.MapRequest, node *tailcfg.Node) tailcfg.PeerChange
 		}
 	}
 
-	// TODO(kradalby): Find a good way to compare updates
 	ret.Endpoints = req.Endpoints
 
 	ret.LastSeen = ptr.To(time.Now())
@@ -831,6 +797,8 @@ const (
 	earlyPayloadMagic           = "\xff\xff\xffTS"
 )
 
+var _ = (*noiseServer)(nil).earlyNoise
+
 func (ns *noiseServer) earlyNoise(protocolVersion int, writer io.Writer) error {
 	ns.logger.Info("early noise")
 	if protocolVersion < earlyNoiseCapabilityVersion {