added add-vpn-user.sh

chrisjsimpson · chrisjsimpson · commit 35ea990ed8e2 · 2023-09-01T16:19:02.000+01:00
diff --git a/vpn-client/playbooks/deploy-vpn-client.yml b/vpn-client/playbooks/deploy-vpn-client.yml
@@ -214,3 +214,12 @@
     - name: Start the wg0 wireguard tunnel
       command: wg-quick up wg0
       tags: [ wireguard ]
+
+    - name: Template add-vpn-user.sh to {{ wireguard_dir }}
+      ansible.builtin.template:
+        src: add-vpn-user.sh
+        dest: "{{ wireguard_dir }}add-vpn-user.sh"
+        owner: root
+        group: root
+        mode: '0700'
+      tags: [ wireguard ]
diff --git a/vpn-client/playbooks/templates/add-vpn-user.sh b/vpn-client/playbooks/templates/add-vpn-user.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+set -euxo pipefail
+
+# Configuration parameters
+SERVER_PUBLIC_IP=$1
+SERVER_PORT=$2
+SERVER_PUBLIC_KEY=$(wg pubkey < router-private.key)
+DNS=$3
+
+# Generate client keys
+CLIENT_PRIVATE_KEY=$(wg genkey)
+CLIENT_PUBLIC_KEY=$(wg pubkey <<< "${CLIENT_PRIVATE_KEY}")
+
+# Assign the next available IP. This assumes you're using a /24 subnet.
+# You'll have to adjust the logic if your setup is different.
+LAST_IP=$(grep -oE '10\.10\.11\.[0-9]{1,3}' wg0.conf | tail -n1)
+NEXT_IP_INT=$(echo "${LAST_IP}" | awk -F. '{print $4+1}')
+CLIENT_IP="10.10.11.${NEXT_IP_INT}"
+
+# Append the new client to the server configuration
+cat <<EOF >> wg0.conf
+
+[Peer]
+PublicKey = ${CLIENT_PUBLIC_KEY}
+AllowedIPs = ${CLIENT_IP}/32
+EOF
+
+# Generate the client configuration
+cat <<EOF > "client_${CLIENT_IP}.conf"
+[Interface]
+PrivateKey = ${CLIENT_PRIVATE_KEY}
+Address = ${CLIENT_IP}/32
+DNS = ${DNS}
+
+[Peer]
+PublicKey = ${SERVER_PUBLIC_KEY}
+Endpoint = ${SERVER_PUBLIC_IP}:${SERVER_PORT}
+AllowedIPs = 0.0.0.0/0
+PersistentKeepalive = 25
+EOF
+
+echo "Client configuration saved as client_${CLIENT_IP}.conf"
+
