Added script to add new clients

Dockerfile

@@ -16,5 +16,6 @@ ENV WG_SUDO 1
 RUN apk --update add iproute2 wireguard-tools-wg-quick libqrencode
 COPY --from=build /usr/local/cargo/bin/boringtun-cli /usr/local/bin/boringtun
 COPY create-config.sh entrypoint.sh ./
+COPY add-client.sh entrypoint.sh ./
 
 ENTRYPOINT ["./entrypoint.sh"]

README.md

@@ -48,10 +48,6 @@ wg_1  |  - Generating 5 client configs and client QR codes
 wireguard_wg_1 exited with code 0
 ```
 
-### Remove old and create new config files
-
-Remove existing config files or rename device in `docker-compose.yml`. Run command `docker-compose up` again.
-
 ### Run the service
 
 Start the service in detached mode.
@@ -60,6 +56,20 @@ Start the service in detached mode.
 $ docker-compose up -d
 ```
 
+### Add new client
+
+Stop the service and run
+
+```
+$ docker-compose run wg add-client
+```
+
+This will create new client configuration and adds peer configuration to server config file.
+
+### Remove configuration and create new one from scratch
+
+Remove existing config files or rename device in `docker-compose.yml`. Run command `docker-compose up` again.
+
 ## Client configurations
 
 You will find client configuration files for each client as config file and PNG file containing a QR code with

add-client.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+
+SERVER_PUB_KEY=$(cat $DEVICE.conf | grep PrivateKey | sed 's/PrivateKey = //g' | wg pubkey)
+NETWORK=$(cat $DEVICE.conf | grep Address | sed 's/Address = //g; s/\.[0-9\/]*$//g')
+
+CLIENT_ID=$(($(ls $DEVICE-client_*.conf | grep ".conf" | tail -1 | sed "s/$DEVICE-client_//g; s/\.conf$//g")+1))
+
+CLIENT_SEC_KEY=$(wg genkey)
+CLIENT_PUB_KEY=$(echo $CLIENT_SEC_KEY | wg pubkey)
+
+# Add peer config
+cat << EOF >> $DEVICE.conf
+# Client $CLIENT_ID
+[Peer]
+PublicKey = ${CLIENT_PUB_KEY}
+AllowedIPs = $NETWORK.$(($CLIENT_ID+10))/32
+
+EOF
+
+# Print out client configs
+cat <<EOF > $DEVICE-client_$CLIENT_ID.conf
+##############
+# CLIENT $CLIENT_ID
+##############
+
+[Interface]
+Address = $NETWORK.$(($CLIENT_ID+10))/24
+ListenPort = $SERVER_PORT
+PrivateKey = ${CLIENT_SEC_KEY}
+
+[Peer]
+PublicKey = $SERVER_PUB_KEY
+AllowedIPs = 0.0.0.0/0, ::/0
+Endpoint = $SERVER_HOST:$SERVER_PORT
+EOF
+
+# Create QR-codes for clients
+if [ ! -z "$(which qrencode 2>/dev/null)" ]; then
+  qrencode -t png -o "$DEVICE-client_$CLIENT_ID.png" < $DEVICE-client_$CLIENT_ID.conf
+fi
+
+echo "Added Client # $CLIENT_ID"

entrypoint.sh

@@ -12,6 +12,12 @@ if [ ! -f "/etc/wireguard/$DEVICE.conf" ]; then
   exit 0
 fi
 
+if [ "add-client" == "$1" ]; then
+  cd /etc/wireguard
+  /add-client.sh
+  exit 0
+fi
+
 echo "Starting wg-quick on $DEVICE"
 touch "${WG_LOG_FILE}"
 wg-quick up $DEVICE