|
|
|
|
@ -2,6 +2,15 @@
|
|
|
|
|
# shellcheck shell=bash
|
|
|
|
|
# shellcheck disable=SC2016,SC1091,SC2183
|
|
|
|
|
|
|
|
|
|
mkdir -p /config/wg_confs
|
|
|
|
|
|
|
|
|
|
# migration to subfolder for wg confs
|
|
|
|
|
if [[ -z "$(ls -A /config/wg_confs)" ]] && [[ -f /config/wg0.conf ]]; then
|
|
|
|
|
echo "**** Performing migration to new folder structure for confs. Please see the image changelog 2023-10-03 entry for more details. ****"
|
|
|
|
|
cp /config/wg0.conf /config/wg_confs/wg0.conf
|
|
|
|
|
rm -rf /config/wg0.conf || :
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# prepare templates
|
|
|
|
|
if [[ ! -f /config/templates/server.conf ]]; then
|
|
|
|
|
cp /defaults/server.conf /config/templates/server.conf
|
|
|
|
|
@ -21,7 +30,7 @@ generate_confs () {
|
|
|
|
|
wg genkey | tee /config/server/privatekey-server | wg pubkey > /config/server/publickey-server
|
|
|
|
|
fi
|
|
|
|
|
eval "$(printf %s)
|
|
|
|
|
cat <<DUDE > /config/wg0.conf
|
|
|
|
|
cat <<DUDE > /config/wg_confs/wg0.conf
|
|
|
|
|
$(cat /config/templates/server.conf)
|
|
|
|
|
|
|
|
|
|
DUDE"
|
|
|
|
|
@ -61,7 +70,7 @@ DUDE"
|
|
|
|
|
$(cat /config/templates/peer.conf)
|
|
|
|
|
DUDE"
|
|
|
|
|
# add peer info to server conf with presharedkey
|
|
|
|
|
cat <<DUDE >> /config/wg0.conf
|
|
|
|
|
cat <<DUDE >> /config/wg_confs/wg0.conf
|
|
|
|
|
[Peer]
|
|
|
|
|
# ${PEER_ID}
|
|
|
|
|
PublicKey = $(cat "/config/${PEER_ID}/publickey-${PEER_ID}")
|
|
|
|
|
@ -75,7 +84,7 @@ DUDE
|
|
|
|
|
$(sed '/PresharedKey/d' "/config/templates/peer.conf")
|
|
|
|
|
DUDE"
|
|
|
|
|
# add peer info to server conf without presharedkey
|
|
|
|
|
cat <<DUDE >> /config/wg0.conf
|
|
|
|
|
cat <<DUDE >> /config/wg_confs/wg0.conf
|
|
|
|
|
[Peer]
|
|
|
|
|
# ${PEER_ID}
|
|
|
|
|
PublicKey = $(cat "/config/${PEER_ID}/publickey-${PEER_ID}")
|
|
|
|
|
@ -85,22 +94,22 @@ DUDE
|
|
|
|
|
# add peer's allowedips to server conf
|
|
|
|
|
if [[ -n "${!SERVER_ALLOWEDIPS}" ]]; then
|
|
|
|
|
echo "Adding ${!SERVER_ALLOWEDIPS} to wg0.conf's AllowedIPs for peer ${i}"
|
|
|
|
|
cat <<DUDE >> /config/wg0.conf
|
|
|
|
|
cat <<DUDE >> /config/wg_confs/wg0.conf
|
|
|
|
|
AllowedIPs = ${CLIENT_IP}/32,${!SERVER_ALLOWEDIPS}
|
|
|
|
|
DUDE
|
|
|
|
|
else
|
|
|
|
|
cat <<DUDE >> /config/wg0.conf
|
|
|
|
|
cat <<DUDE >> /config/wg_confs/wg0.conf
|
|
|
|
|
AllowedIPs = ${CLIENT_IP}/32
|
|
|
|
|
DUDE
|
|
|
|
|
fi
|
|
|
|
|
# add PersistentKeepalive if the peer is specified
|
|
|
|
|
if [[ -n "${PERSISTENTKEEPALIVE_PEERS_ARRAY}" ]] && ([[ "${PERSISTENTKEEPALIVE_PEERS_ARRAY[0]}" = "all" ]] || printf '%s\0' "${PERSISTENTKEEPALIVE_PEERS_ARRAY[@]}" | grep -Fxqz -- "${i}"); then
|
|
|
|
|
cat <<DUDE >> /config/wg0.conf
|
|
|
|
|
cat <<DUDE >> /config/wg_confs/wg0.conf
|
|
|
|
|
PersistentKeepalive = 25
|
|
|
|
|
|
|
|
|
|
DUDE
|
|
|
|
|
else
|
|
|
|
|
cat <<DUDE >> /config/wg0.conf
|
|
|
|
|
cat <<DUDE >> /config/wg_confs/wg0.conf
|
|
|
|
|
|
|
|
|
|
DUDE
|
|
|
|
|
fi
|
|
|
|
|
@ -157,7 +166,7 @@ if [[ -n "$PEERS" ]]; then
|
|
|
|
|
else
|
|
|
|
|
echo "**** Peer DNS servers will be set to $PEERDNS ****"
|
|
|
|
|
fi
|
|
|
|
|
if [[ ! -f /config/wg0.conf ]]; then
|
|
|
|
|
if [[ ! -f /config/wg_confs/wg0.conf ]]; then
|
|
|
|
|
echo "**** No wg0.conf found (maybe an initial install), generating 1 server and ${PEERS} peer/client confs ****"
|
|
|
|
|
generate_confs
|
|
|
|
|
save_vars
|
|
|
|
|
|
aptalca
8 months ago