From 4cda7ee59302fe55afdd915ce5ed1fe4a2577054 Mon Sep 17 00:00:00 2001
From: Paul-Christian Volkmer <code@pcvolkmer.de>
Date: Sun, 27 Nov 2022 18:00:49 +0100
Subject: [PATCH] Added script to add new clients

---
 Dockerfile    |  1 +
 README.md     | 18 ++++++++++++++----
 add-client.sh | 42 ++++++++++++++++++++++++++++++++++++++++++
 entrypoint.sh |  6 ++++++
 4 files changed, 63 insertions(+), 4 deletions(-)
 create mode 100755 add-client.sh

diff --git a/Dockerfile b/Dockerfile
index c371660..25afd01 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -16,5 +16,6 @@ ENV WG_SUDO 1
 RUN apk --update add iproute2 wireguard-tools-wg-quick libqrencode
 COPY --from=build /usr/local/cargo/bin/boringtun-cli /usr/local/bin/boringtun
 COPY create-config.sh entrypoint.sh ./
+COPY add-client.sh entrypoint.sh ./
 
 ENTRYPOINT ["./entrypoint.sh"]
diff --git a/README.md b/README.md
index 80913a7..7f75a15 100644
--- a/README.md
+++ b/README.md
@@ -48,10 +48,6 @@ wg_1  |  - Generating 5 client configs and client QR codes
 wireguard_wg_1 exited with code 0
 ```
 
-### Remove old and create new config files
-
-Remove existing config files or rename device in `docker-compose.yml`. Run command `docker-compose up` again.
-
 ### Run the service
 
 Start the service in detached mode.
@@ -60,6 +56,20 @@ Start the service in detached mode.
 $ docker-compose up -d
 ```
 
+### Add new client
+
+Stop the service and run
+
+```
+$ docker-compose run wg add-client
+```
+
+This will create new client configuration and adds peer configuration to server config file.
+
+### Remove configuration and create new one from scratch
+
+Remove existing config files or rename device in `docker-compose.yml`. Run command `docker-compose up` again.
+
 ## Client configurations
 
 You will find client configuration files for each client as config file and PNG file containing a QR code with
diff --git a/add-client.sh b/add-client.sh
new file mode 100755
index 0000000..8afc84f
--- /dev/null
+++ b/add-client.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+SERVER_PUB_KEY=$(cat $DEVICE.conf | grep PrivateKey | sed 's/PrivateKey = //g' | wg pubkey)
+NETWORK=$(cat $DEVICE.conf | grep Address | sed 's/Address = //g; s/\.[0-9\/]*$//g')
+
+CLIENT_ID=$(($(ls $DEVICE-client_*.conf | grep ".conf" | tail -1 | sed "s/$DEVICE-client_//g; s/\.conf$//g")+1))
+
+CLIENT_SEC_KEY=$(wg genkey)
+CLIENT_PUB_KEY=$(echo $CLIENT_SEC_KEY | wg pubkey)
+
+# Add peer config
+cat << EOF >> $DEVICE.conf
+# Client $CLIENT_ID
+[Peer]
+PublicKey = ${CLIENT_PUB_KEY}
+AllowedIPs = $NETWORK.$(($CLIENT_ID+10))/32
+
+EOF
+
+# Print out client configs
+cat <<EOF > $DEVICE-client_$CLIENT_ID.conf
+##############
+# CLIENT $CLIENT_ID
+##############
+
+[Interface]
+Address = $NETWORK.$(($CLIENT_ID+10))/24
+ListenPort = $SERVER_PORT
+PrivateKey = ${CLIENT_SEC_KEY}
+
+[Peer]
+PublicKey = $SERVER_PUB_KEY
+AllowedIPs = 0.0.0.0/0, ::/0
+Endpoint = $SERVER_HOST:$SERVER_PORT
+EOF
+
+# Create QR-codes for clients
+if [ ! -z "$(which qrencode 2>/dev/null)" ]; then
+  qrencode -t png -o "$DEVICE-client_$CLIENT_ID.png" < $DEVICE-client_$CLIENT_ID.conf
+fi
+
+echo "Added Client # $CLIENT_ID"
\ No newline at end of file
diff --git a/entrypoint.sh b/entrypoint.sh
index eb5a320..3cf1d77 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -12,6 +12,12 @@ if [ ! -f "/etc/wireguard/$DEVICE.conf" ]; then
   exit 0
 fi
 
+if [ "add-client" == "$1" ]; then
+  cd /etc/wireguard
+  /add-client.sh
+  exit 0
+fi
+
 echo "Starting wg-quick on $DEVICE"
 touch "${WG_LOG_FILE}"
 wg-quick up $DEVICE