forked from linuxserver/docker-wireguard
-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
split up kernel module and conf generation
- Loading branch information
Showing
4 changed files
with
156 additions
and
150 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,148 @@ | ||
#!/usr/bin/with-contenv bash | ||
|
||
# prepare symlinks | ||
rm -rf /etc/wireguard | ||
mkdir -p /etc/wireguard | ||
ln -s /config/wg0.conf /etc/wireguard/wg0.conf | ||
# prepare templates | ||
[[ ! -f /config/templates/server.conf ]] && \ | ||
cp /defaults/server.conf /config/templates/server.conf | ||
[[ ! -f /config/templates/peer.conf ]] && \ | ||
cp /defaults/peer.conf /config/templates/peer.conf | ||
|
||
generate_confs () { | ||
mkdir -p /config/server | ||
if [ ! -f /config/server/privatekey-server ]; then | ||
umask 077 | ||
wg genkey | tee /config/server/privatekey-server | wg pubkey > /config/server/publickey-server | ||
fi | ||
eval "`printf %s` | ||
cat <<DUDE > /config/wg0.conf | ||
`cat /config/templates/server.conf` | ||
|
||
DUDE" | ||
for i in ${PEERS_ARRAY[@]}; do | ||
if [[ "${i}" =~ ^[0-9]+$ ]]; then | ||
PEER_ID="peer${i}" | ||
else | ||
PEER_ID="peer_${i//[^[:alnum:]_-]/}" | ||
fi | ||
mkdir -p /config/${PEER_ID} | ||
if [ ! -f "/config/${PEER_ID}/privatekey-${PEER_ID}" ]; then | ||
umask 077 | ||
wg genkey | tee /config/${PEER_ID}/privatekey-${PEER_ID} | wg pubkey > /config/${PEER_ID}/publickey-${PEER_ID} | ||
fi | ||
if [ -f "/config/${PEER_ID}/${PEER_ID}.conf" ]; then | ||
CLIENT_IP=$(cat /config/${PEER_ID}/${PEER_ID}.conf | grep "Address" | awk '{print $NF}') | ||
if [ -n "${ORIG_INTERFACE}" ] && [ "${INTERFACE}" != "${ORIG_INTERFACE}" ]; then | ||
CLIENT_IP=$(echo "${CLIENT_IP}" | sed "s|${ORIG_INTERFACE}|${INTERFACE}|") | ||
fi | ||
else | ||
for idx in {2..254}; do | ||
PROPOSED_IP="${INTERFACE}.${idx}" | ||
if ! grep -q -R "${PROPOSED_IP}" /config/peer*/*.conf && ([ -z "${ORIG_INTERFACE}" ] || ! grep -q -R "${ORIG_INTERFACE}.${idx}" /config/peer*/*.conf); then | ||
CLIENT_IP="${PROPOSED_IP}" | ||
break | ||
fi | ||
done | ||
fi | ||
eval "`printf %s` | ||
cat <<DUDE > /config/${PEER_ID}/${PEER_ID}.conf | ||
`cat /config/templates/peer.conf` | ||
DUDE" | ||
SERVER_ALLOWEDIPS=SERVER_ALLOWEDIPS_PEER_${i} | ||
if [ -n "${!SERVER_ALLOWEDIPS}" ]; then | ||
echo "Adding ${!SERVER_ALLOWEDIPS} to wg0.conf's AllowedIPs for peer ${i}" | ||
cat <<DUDE >> /config/wg0.conf | ||
[Peer] | ||
# ${PEER_ID} | ||
PublicKey = $(cat /config/${PEER_ID}/publickey-${PEER_ID}) | ||
AllowedIPs = ${CLIENT_IP}/32,${!SERVER_ALLOWEDIPS} | ||
|
||
DUDE | ||
else | ||
cat <<DUDE >> /config/wg0.conf | ||
[Peer] | ||
# ${PEER_ID} | ||
PublicKey = $(cat /config/${PEER_ID}/publickey-${PEER_ID}) | ||
AllowedIPs = ${CLIENT_IP}/32 | ||
|
||
DUDE | ||
fi | ||
echo "PEER ${i} QR code:" | ||
qrencode -t ansiutf8 < /config/${PEER_ID}/${PEER_ID}.conf | ||
qrencode -o /config/${PEER_ID}/${PEER_ID}.png < /config/${PEER_ID}/${PEER_ID}.conf | ||
done | ||
} | ||
|
||
save_vars () { | ||
cat <<DUDE > /config/.donoteditthisfile | ||
ORIG_SERVERURL="$SERVERURL" | ||
ORIG_SERVERPORT="$SERVERPORT" | ||
ORIG_PEERDNS="$PEERDNS" | ||
ORIG_PEERS="$PEERS" | ||
ORIG_INTERFACE="$INTERFACE" | ||
ORIG_ALLOWEDIPS="$ALLOWEDIPS" | ||
DUDE | ||
} | ||
|
||
if [ -n "$PEERS" ]; then | ||
echo "**** Server mode is selected ****" | ||
if [[ "$PEERS" =~ ^[0-9]+$ ]] && ! [[ "$PEERS" =~ *,* ]]; then | ||
PEERS_ARRAY=($(seq 1 $PEERS)) | ||
else | ||
PEERS_ARRAY=($(echo "$PEERS" | tr ',' ' ')) | ||
fi | ||
PEERS_COUNT=$(echo "${#PEERS_ARRAY[@]}") | ||
if [ -z "$SERVERURL" ] || [ "$SERVERURL" = "auto" ]; then | ||
SERVERURL=$(curl -s icanhazip.com) | ||
echo "**** SERVERURL var is either not set or is set to \"auto\", setting external IP to auto detected value of $SERVERURL ****" | ||
else | ||
echo "**** External server address is set to $SERVERURL ****" | ||
fi | ||
SERVERPORT=${SERVERPORT:-51820} | ||
echo "**** External server port is set to ${SERVERPORT}. Make sure that port is properly forwarded to port 51820 inside this container ****" | ||
INTERNAL_SUBNET=${INTERNAL_SUBNET:-10.13.13.0} | ||
echo "**** Internal subnet is set to $INTERNAL_SUBNET ****" | ||
INTERFACE=$(echo "$INTERNAL_SUBNET" | awk 'BEGIN{FS=OFS="."} NF--') | ||
ALLOWEDIPS=${ALLOWEDIPS:-0.0.0.0/0, ::/0} | ||
echo "**** AllowedIPs for peers $ALLOWEDIPS ****" | ||
if [ -z "$PEERDNS" ] || [ "$PEERDNS" = "auto" ]; then | ||
PEERDNS="${INTERFACE}.1" | ||
echo "**** PEERDNS var is either not set or is set to \"auto\", setting peer DNS to ${INTERFACE}.1 to use wireguard docker host's DNS. ****" | ||
else | ||
echo "**** Peer DNS servers will be set to $PEERDNS ****" | ||
fi | ||
if [ ! -f /config/wg0.conf ]; then | ||
echo "**** No wg0.conf found (maybe an initial install), generating 1 server and ${PEERS} peer/client confs ****" | ||
generate_confs | ||
save_vars | ||
else | ||
echo "**** Server mode is selected ****" | ||
[[ -f /config/.donoteditthisfile ]] && \ | ||
. /config/.donoteditthisfile | ||
if [ "$SERVERURL" != "$ORIG_SERVERURL" ] || [ "$SERVERPORT" != "$ORIG_SERVERPORT" ] || [ "$PEERDNS" != "$ORIG_PEERDNS" ] || [ "$PEERS" != "$ORIG_PEERS" ] || [ "$INTERFACE" != "$ORIG_INTERFACE" ] || [ "$ALLOWEDIPS" != "$ORIG_ALLOWEDIPS" ]; then | ||
echo "**** Server related environment variables changed, regenerating 1 server and ${PEERS} peer/client confs ****" | ||
generate_confs | ||
save_vars | ||
else | ||
echo "**** No changes to parameters. Existing configs are used. ****" | ||
fi | ||
fi | ||
else | ||
echo "**** Client mode selected. ****" | ||
if [ ! -f /config/wg0.conf ]; then | ||
echo "**** No client conf found. Provide your own client conf as \"/config/wg0.conf\" and restart the container. ****" | ||
sleep infinity | ||
fi | ||
echo "**** Disabling CoreDNS ****" | ||
rm -rf /etc/services.d/coredns | ||
fi | ||
|
||
# set up CoreDNS | ||
[[ ! -f /config/coredns/Corefile ]] && \ | ||
cp /defaults/Corefile /config/coredns/Corefile | ||
|
||
# permissions | ||
chown -R abc:abc \ | ||
/config |