WireGuard peer on custom network

Hello. I’m trying to create a wireguard peer on a custom network (fly apps create my-app --network my-custom-network), but I haven’t managed to make it work.
(Use case: I wan’t to have the CI infrastructure isolated from the actual applications)

The feature is not documented, but from sources and other community posts I got some ideas

So far I have

FLY_ORG_ID=$(flyctl orgs show ${FLY_ORG_NAME} --json | jq --raw-output '.InternalNumericID')
FLY_API_TOKEN=$(fly tokens create org ${FLY_ORG_NAME} --name wg_create --expiry=1m)

curl 'https://api.fly.io/graphql' \
  -H 'Content-Type: application/json' \
  -H "Authorization: Bearer ${FLY_API_TOKEN}" \
  --data '{
  "query": "mutation($input: AddWireGuardPeerInput!){ addWireGuardPeer(input: $input){ peerip endpointip pubkey } }",
  "variables": {
    "input": {
      "organizationId": "'${FLY_ORG_ID}'",
      "region": "'iad'",
      "name": "'aaaa1234'",
	  "network": "'my-custom-network'",
      "pubkey": "'R2in3C4C5I1AVyoSrmsOgSkhPDKAegwUg6zwkLrhryk='"

Which fails with the following error

{"data":{"addWireGuardPeer":null},"errors":[{"message":"Could not find Node with id '510775'","locations":[{"line":1,"column":43}],"path":["addWireGuardPeer"],"extensions":{"code":"NOT_FOUND"}}]}

I cannot figure out what’s wrong with the request above.

Fixed. I was using the InternalNumericID instead of the actual ID (which isn’t the org slug, either):

This is the way to obtain the org ID for use with the addWireGuardPeer mutation:

FLY_ORG_ID=$(flyctl orgs show ${FLY_ORG_NAME} --json | jq --raw-output '.ID')


1 Like