Move scripts into dedicated directory

2025-07-01 15:22:55 +00:00 · 2022-11-29 07:22:58 +01:00
parent f3dbcf0515
commit e9e9839e64
4 changed files with 6 additions and 4 deletions
--- a/scripts/add-client.sh
+++ b/scripts/add-client.sh
@ -0,0 +1,54 @@
+#!/bin/bash
+
+SERVER_PUB_KEY=$(cat $DEVICE.conf | grep PrivateKey | sed 's/PrivateKey = //g' | wg pubkey)
+NETWORK=$(cat $DEVICE.conf | grep Address | sed 's/Address = //g; s/\.[0-9\/]*$//g')
+
+for i in {1..240}; do
+  if [ ! -f "$DEVICE-client_$i.conf" ]; then
+    CLIENT_ID=$i
+    break
+  fi
+done
+
+if [ -z $CLIENT_ID ]; then
+  echo "Adding a new client not possible: No IP address available"
+  exit 1
+fi
+
+CLIENT_SEC_KEY=$(wg genkey)
+CLIENT_PUB_KEY=$(echo $CLIENT_SEC_KEY | wg pubkey)
+
+# Add peer config
+cat << EOF >> $DEVICE.conf
+# Client $CLIENT_ID
+[Peer]
+PublicKey = ${CLIENT_PUB_KEY}
+AllowedIPs = $NETWORK.$(($CLIENT_ID+10))/32
+# <- $(date)
+EOF
+
+# Print out client configs
+cat <<EOF > $DEVICE-client_$CLIENT_ID.conf
+##############
+# CLIENT $CLIENT_ID
+#
+# <- $(date)
+##############
+
+[Interface]
+Address = $NETWORK.$(($CLIENT_ID+10))/24
+ListenPort = $SERVER_PORT
+PrivateKey = ${CLIENT_SEC_KEY}
+
+[Peer]
+PublicKey = $SERVER_PUB_KEY
+AllowedIPs = 0.0.0.0/0, ::/0
+Endpoint = $SERVER_HOST:$SERVER_PORT
+EOF
+
+# Create QR-codes for clients
+if [ ! -z "$(which qrencode 2>/dev/null)" ]; then
+  qrencode -t png -o "$DEVICE-client_$CLIENT_ID.png" < $DEVICE-client_$CLIENT_ID.conf
+fi
+
+echo "Added Client # $CLIENT_ID"
--- a/scripts/create-config.sh
+++ b/scripts/create-config.sh
@ -0,0 +1,104 @@
+#!/bin/bash
+
+# Remove leftover config files
+rm *.conf 2>/dev/null
+rm *-client_*.png 2>/dev/null
+
+while [[ -z $DEVICE ]]; do
+  echo -n "Device (eg tun0):  "
+  read DEVICE
+done
+echo " - Writing config to file $DEVICE.conf"
+
+while [[ -z $SERVER_HOST ]]; do
+  echo -n "Endpoint hostname: "
+  read SERVER_HOST
+done
+echo " - Using endpoint hostname $SERVER_HOST"
+
+if [[ -z $SERVER_PORT ]]; then
+  echo -n "Endpoint port:     "
+  read SERVER_PORT
+fi
+echo " - Using port $SERVER_PORT"
+
+if [[ -z $NETWORK ]]; then
+  echo -n "Network (/24):     "
+  read NETWORK
+fi
+echo " - Using network $NETWORK/24"
+NETWORK=$(echo -n $NETWORK | sed -r "s/\.[0-9]+$//")
+
+while [[ -z $CLIENTS ]]; do
+  echo -n "Number of clients: "
+  read CLIENTS
+done
+echo " - Generating $CLIENTS client configs and client QR codes"
+
+SERVER_SEC_KEY=$(wg genkey)
+SERVER_PUB_KEY=$(echo $SERVER_SEC_KEY | wg pubkey)
+
+declare -a CLIENT_SEC_KEYS
+declare -a CLIENT_PUB_KEYS
+
+# Generate client keys
+for (( i=1; i<=$CLIENTS; i++ )); do
+  CLIENT_SEC_KEY=$(wg genkey)
+  CLIENT_PUB_KEY=$(echo $CLIENT_SEC_KEY | wg pubkey)
+
+  CLIENT_SEC_KEYS[$i]=$CLIENT_SEC_KEY
+  CLIENT_PUB_KEYS[$i]=$CLIENT_PUB_KEY
+done
+
+cat <<EOF >> $DEVICE.conf
+##############
+# SERVER
+##############
+
+[Interface]
+Address = $NETWORK.1/24
+ListenPort = $SERVER_PORT
+PrivateKey = $SERVER_SEC_KEY
+
+PostUp   = iptables -A FORWARD -i $DEVICE -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+PostDown = iptables -D FORWARD -i $DEVICE -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+
+EOF
+
+# Print out client peers
+for (( i=1; i<=$CLIENTS; i++ )); do
+cat << EOF >> $DEVICE.conf
+# Client $i
+[Peer]
+PublicKey = ${CLIENT_PUB_KEYS[$i]}
+AllowedIPs = $NETWORK.$(($i+10))/32
+
+EOF
+done
+
+# Print out client configs
+
+for (( i=1; i<=$CLIENTS; i++ )); do
+cat <<EOF >> $DEVICE-client_$i.conf
+##############
+# CLIENT $i
+##############
+
+[Interface]
+Address = $NETWORK.$(($i+10))/24
+ListenPort = $SERVER_PORT
+PrivateKey = ${CLIENT_SEC_KEYS[$i]}
+
+[Peer]
+PublicKey = $SERVER_PUB_KEY
+AllowedIPs = 0.0.0.0/0, ::/0
+Endpoint = $SERVER_HOST:$SERVER_PORT
+EOF
+done
+
+# Create QR-codes for clients
+if [ ! -z "$(which qrencode 2>/dev/null)" ]; then
+  for (( i=1; i<=$CLIENTS; i++ )); do
+    qrencode -t png -o "$DEVICE-client_$i.png" < $DEVICE-client_$i.conf
+  done
+fi
--- a/scripts/entrypoint.sh
+++ b/scripts/entrypoint.sh
@ -0,0 +1,26 @@
+#!/bin/sh
+
+set -e
+
+if [ -z $DEVICE ]; then
+  DEVICE="tun0"
+fi
+
+if [ ! -f "/etc/wireguard/$DEVICE.conf" ]; then
+  cd /etc/wireguard
+  /create-config.sh
+  exit 0
+fi
+
+if [ "add-client" == "$1" ]; then
+  cd /etc/wireguard
+  /add-client.sh
+  exit 0
+fi
+
+echo "Starting wg-quick on $DEVICE"
+touch "${WG_LOG_FILE}"
+wg-quick up $DEVICE
+echo "done!"
+
+tail -f "${WG_LOG_FILE}"