2021-10-28 18:59:11 +00:00
|
|
|
#!/usr/bin/with-contenv bash
|
2023-02-09 16:56:47 +00:00
|
|
|
# shellcheck shell=bash
|
|
|
|
# shellcheck disable=SC2016,SC1091,SC2183
|
2021-10-28 18:59:11 +00:00
|
|
|
|
|
|
|
# prepare symlinks
|
|
|
|
rm -rf /etc/wireguard
|
|
|
|
mkdir -p /etc/wireguard
|
|
|
|
ln -s /config/wg0.conf /etc/wireguard/wg0.conf
|
|
|
|
# prepare templates
|
2023-02-09 16:56:47 +00:00
|
|
|
if [[ ! -f /config/templates/server.conf ]]; then
|
|
|
|
cp /defaults/server.conf /config/templates/server.conf
|
|
|
|
fi
|
|
|
|
if [[ ! -f /config/templates/peer.conf ]]; then
|
|
|
|
cp /defaults/peer.conf /config/templates/peer.conf
|
|
|
|
fi
|
2022-04-23 18:43:05 +00:00
|
|
|
# add preshared key to user templates (backwards compatibility)
|
|
|
|
if ! grep -q 'PresharedKey' /config/templates/peer.conf; then
|
2023-02-09 16:56:47 +00:00
|
|
|
sed -i 's|^Endpoint|PresharedKey = \$\(cat /config/\${PEER_ID}/presharedkey-\${PEER_ID}\)\nEndpoint|' /config/templates/peer.conf
|
2022-04-23 18:43:05 +00:00
|
|
|
fi
|
2021-10-28 18:59:11 +00:00
|
|
|
|
|
|
|
generate_confs () {
|
2023-02-09 16:56:47 +00:00
|
|
|
mkdir -p /config/server
|
|
|
|
if [[ ! -f /config/server/privatekey-server ]]; then
|
|
|
|
umask 077
|
|
|
|
wg genkey | tee /config/server/privatekey-server | wg pubkey > /config/server/publickey-server
|
|
|
|
fi
|
|
|
|
eval "$(printf %s)
|
|
|
|
cat <<DUDE > /config/wg0.conf
|
|
|
|
$(cat /config/templates/server.conf)
|
2021-10-28 18:59:11 +00:00
|
|
|
|
|
|
|
DUDE"
|
2023-02-09 16:56:47 +00:00
|
|
|
for i in "${PEERS_ARRAY[@]}"; do
|
2022-10-18 01:30:16 +00:00
|
|
|
if [[ ! "${i}" =~ ^[[:alnum:]]+$ ]]; then
|
|
|
|
echo "**** Peer ${i} contains non-alphanumeric characters and thus will be skipped. No config for peer ${i} will be generated. ****"
|
2021-10-28 18:59:11 +00:00
|
|
|
else
|
2022-10-18 01:30:16 +00:00
|
|
|
if [[ "${i}" =~ ^[0-9]+$ ]]; then
|
|
|
|
PEER_ID="peer${i}"
|
|
|
|
else
|
|
|
|
PEER_ID="peer_${i}"
|
2021-10-28 18:59:11 +00:00
|
|
|
fi
|
2023-02-09 16:56:47 +00:00
|
|
|
mkdir -p "/config/${PEER_ID}"
|
|
|
|
if [[ ! -f "/config/${PEER_ID}/privatekey-${PEER_ID}" ]]; then
|
2022-10-18 01:30:16 +00:00
|
|
|
umask 077
|
2023-02-09 16:56:47 +00:00
|
|
|
wg genkey | tee "/config/${PEER_ID}/privatekey-${PEER_ID}" | wg pubkey > "/config/${PEER_ID}/publickey-${PEER_ID}"
|
|
|
|
wg genpsk > "/config/${PEER_ID}/presharedkey-${PEER_ID}"
|
2022-10-18 01:30:16 +00:00
|
|
|
fi
|
2023-02-09 16:56:47 +00:00
|
|
|
if [[ -f "/config/${PEER_ID}/${PEER_ID}.conf" ]]; then
|
|
|
|
CLIENT_IP=$(grep "Address" "/config/${PEER_ID}/${PEER_ID}.conf" | awk '{print $NF}')
|
|
|
|
if [[ -n "${ORIG_INTERFACE}" ]] && [[ "${INTERFACE}" != "${ORIG_INTERFACE}" ]]; then
|
|
|
|
CLIENT_IP="${CLIENT_IP//${ORIG_INTERFACE}/${INTERFACE}}"
|
2021-10-28 18:59:11 +00:00
|
|
|
fi
|
2022-10-18 01:30:16 +00:00
|
|
|
else
|
|
|
|
for idx in {2..254}; do
|
|
|
|
PROPOSED_IP="${INTERFACE}.${idx}"
|
2023-02-09 16:56:47 +00:00
|
|
|
if ! grep -q -R "${PROPOSED_IP}" /config/peer*/*.conf 2>/dev/null && ([[ -z "${ORIG_INTERFACE}" ]] || ! grep -q -R "${ORIG_INTERFACE}.${idx}" /config/peer*/*.conf 2>/dev/null); then
|
2022-10-18 01:30:16 +00:00
|
|
|
CLIENT_IP="${PROPOSED_IP}"
|
|
|
|
break
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
fi
|
2023-02-09 16:56:47 +00:00
|
|
|
if [[ -f "/config/${PEER_ID}/presharedkey-${PEER_ID}" ]]; then
|
2022-10-18 01:30:16 +00:00
|
|
|
# create peer conf with presharedkey
|
2023-02-09 16:56:47 +00:00
|
|
|
eval "$(printf %s)
|
2022-10-18 01:30:16 +00:00
|
|
|
cat <<DUDE > /config/${PEER_ID}/${PEER_ID}.conf
|
2023-02-09 16:56:47 +00:00
|
|
|
$(cat /config/templates/peer.conf)
|
2021-10-28 18:59:11 +00:00
|
|
|
DUDE"
|
2022-10-18 01:30:16 +00:00
|
|
|
# add peer info to server conf with presharedkey
|
|
|
|
cat <<DUDE >> /config/wg0.conf
|
2021-10-28 18:59:11 +00:00
|
|
|
[Peer]
|
|
|
|
# ${PEER_ID}
|
2023-02-09 16:56:47 +00:00
|
|
|
PublicKey = $(cat "/config/${PEER_ID}/publickey-${PEER_ID}")
|
|
|
|
PresharedKey = $(cat "/config/${PEER_ID}/presharedkey-${PEER_ID}")
|
2021-10-28 18:59:11 +00:00
|
|
|
DUDE
|
2022-10-18 01:30:16 +00:00
|
|
|
else
|
|
|
|
echo "**** Existing keys with no preshared key found for ${PEER_ID}, creating confs without preshared key for backwards compatibility ****"
|
|
|
|
# create peer conf without presharedkey
|
2023-02-09 16:56:47 +00:00
|
|
|
eval "$(printf %s)
|
2022-10-18 01:30:16 +00:00
|
|
|
cat <<DUDE > /config/${PEER_ID}/${PEER_ID}.conf
|
2023-02-09 16:56:47 +00:00
|
|
|
$(sed '/PresharedKey/d' "/config/templates/peer.conf")
|
2022-04-23 18:43:05 +00:00
|
|
|
DUDE"
|
2022-10-18 01:30:16 +00:00
|
|
|
# add peer info to server conf without presharedkey
|
|
|
|
cat <<DUDE >> /config/wg0.conf
|
2021-10-28 18:59:11 +00:00
|
|
|
[Peer]
|
|
|
|
# ${PEER_ID}
|
2023-02-09 16:56:47 +00:00
|
|
|
PublicKey = $(cat "/config/${PEER_ID}/publickey-${PEER_ID}")
|
2022-04-23 18:43:05 +00:00
|
|
|
DUDE
|
2022-10-18 01:30:16 +00:00
|
|
|
fi
|
|
|
|
SERVER_ALLOWEDIPS=SERVER_ALLOWEDIPS_PEER_${i}
|
|
|
|
# add peer's allowedips to server conf
|
2023-02-09 16:56:47 +00:00
|
|
|
if [[ -n "${!SERVER_ALLOWEDIPS}" ]]; then
|
2022-10-18 01:30:16 +00:00
|
|
|
echo "Adding ${!SERVER_ALLOWEDIPS} to wg0.conf's AllowedIPs for peer ${i}"
|
|
|
|
cat <<DUDE >> /config/wg0.conf
|
2022-04-23 18:43:05 +00:00
|
|
|
AllowedIPs = ${CLIENT_IP}/32,${!SERVER_ALLOWEDIPS}
|
|
|
|
DUDE
|
2023-01-10 01:14:25 +00:00
|
|
|
else
|
|
|
|
cat <<DUDE >> /config/wg0.conf
|
2021-10-28 18:59:11 +00:00
|
|
|
AllowedIPs = ${CLIENT_IP}/32
|
2023-01-10 01:14:25 +00:00
|
|
|
DUDE
|
|
|
|
fi
|
|
|
|
# add PersistentKeepalive if the peer is specified
|
2023-02-09 16:56:47 +00:00
|
|
|
if [[ -n "${PERSISTENTKEEPALIVE_PEERS_ARRAY}" ]] && ([[ "${PERSISTENTKEEPALIVE_PEERS_ARRAY[0]}" = "all" ]] || printf '%s\0' "${PERSISTENTKEEPALIVE_PEERS_ARRAY[@]}" | grep -Fxqz -- "${i}"); then
|
2023-01-10 01:14:25 +00:00
|
|
|
cat <<DUDE >> /config/wg0.conf
|
|
|
|
PersistentKeepalive = 25
|
|
|
|
|
|
|
|
DUDE
|
|
|
|
else
|
|
|
|
cat <<DUDE >> /config/wg0.conf
|
2021-10-28 18:59:11 +00:00
|
|
|
|
|
|
|
DUDE
|
2022-10-18 01:30:16 +00:00
|
|
|
fi
|
2023-02-09 16:56:47 +00:00
|
|
|
if [[ -z "${LOG_CONFS}" ]] || [[ "${LOG_CONFS}" = "true" ]]; then
|
2023-01-10 01:14:25 +00:00
|
|
|
echo "PEER ${i} QR code (conf file is saved under /config/${PEER_ID}):"
|
2023-02-09 16:56:47 +00:00
|
|
|
qrencode -t ansiutf8 < "/config/${PEER_ID}/${PEER_ID}.conf"
|
2022-10-18 01:30:16 +00:00
|
|
|
else
|
|
|
|
echo "PEER ${i} conf and QR code png saved in /config/${PEER_ID}"
|
|
|
|
fi
|
2023-02-09 16:56:47 +00:00
|
|
|
qrencode -o "/config/${PEER_ID}/${PEER_ID}.png" < "/config/${PEER_ID}/${PEER_ID}.conf"
|
2021-10-28 18:59:11 +00:00
|
|
|
fi
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
|
|
|
save_vars () {
|
2023-02-09 16:56:47 +00:00
|
|
|
cat <<DUDE > /config/.donoteditthisfile
|
2021-10-28 18:59:11 +00:00
|
|
|
ORIG_SERVERURL="$SERVERURL"
|
|
|
|
ORIG_SERVERPORT="$SERVERPORT"
|
|
|
|
ORIG_PEERDNS="$PEERDNS"
|
|
|
|
ORIG_PEERS="$PEERS"
|
|
|
|
ORIG_INTERFACE="$INTERFACE"
|
|
|
|
ORIG_ALLOWEDIPS="$ALLOWEDIPS"
|
2023-01-10 01:14:25 +00:00
|
|
|
ORIG_PERSISTENTKEEPALIVE_PEERS="$PERSISTENTKEEPALIVE_PEERS"
|
2021-10-28 18:59:11 +00:00
|
|
|
DUDE
|
|
|
|
}
|
|
|
|
|
2023-02-09 16:56:47 +00:00
|
|
|
if [[ -n "$PEERS" ]]; then
|
2021-10-28 18:59:11 +00:00
|
|
|
echo "**** Server mode is selected ****"
|
2023-02-09 16:56:47 +00:00
|
|
|
if [[ "$PEERS" =~ ^[0-9]+$ ]] && ! [[ "$PEERS" = *,* ]]; then
|
|
|
|
mapfile -t PEERS_ARRAY < <(seq 1 "${PEERS}")
|
2021-10-28 18:59:11 +00:00
|
|
|
else
|
2023-02-09 16:56:47 +00:00
|
|
|
mapfile -t PEERS_ARRAY < <(echo "${PEERS}" | tr ',' '\n')
|
|
|
|
fi
|
|
|
|
if [[ -n "${PERSISTENTKEEPALIVE_PEERS}" ]]; then
|
|
|
|
echo "**** PersistentKeepalive will be set for: ${PERSISTENTKEEPALIVE_PEERS/,/ } ****"
|
|
|
|
mapfile -t PERSISTENTKEEPALIVE_PEERS_ARRAY < <(echo "${PERSISTENTKEEPALIVE_PEERS}" | tr ',' '\n')
|
|
|
|
fi
|
|
|
|
if [[ -z "$SERVERURL" ]] || [[ "$SERVERURL" = "auto" ]]; then
|
|
|
|
SERVERURL=$(curl -s icanhazip.com)
|
|
|
|
echo "**** SERVERURL var is either not set or is set to \"auto\", setting external IP to auto detected value of $SERVERURL ****"
|
|
|
|
else
|
|
|
|
echo "**** External server address is set to $SERVERURL ****"
|
|
|
|
fi
|
|
|
|
SERVERPORT=${SERVERPORT:-51820}
|
|
|
|
echo "**** External server port is set to ${SERVERPORT}. Make sure that port is properly forwarded to port 51820 inside this container ****"
|
|
|
|
INTERNAL_SUBNET=${INTERNAL_SUBNET:-10.13.13.0}
|
|
|
|
echo "**** Internal subnet is set to $INTERNAL_SUBNET ****"
|
|
|
|
INTERFACE=$(echo "$INTERNAL_SUBNET" | awk 'BEGIN{FS=OFS="."} NF--')
|
|
|
|
ALLOWEDIPS=${ALLOWEDIPS:-0.0.0.0/0, ::/0}
|
|
|
|
echo "**** AllowedIPs for peers $ALLOWEDIPS ****"
|
|
|
|
if [[ -z "$PEERDNS" ]] || [[ "$PEERDNS" = "auto" ]]; then
|
|
|
|
PEERDNS="${INTERFACE}.1"
|
|
|
|
echo "**** PEERDNS var is either not set or is set to \"auto\", setting peer DNS to ${INTERFACE}.1 to use wireguard docker host's DNS. ****"
|
|
|
|
else
|
|
|
|
echo "**** Peer DNS servers will be set to $PEERDNS ****"
|
|
|
|
fi
|
|
|
|
if [[ ! -f /config/wg0.conf ]]; then
|
|
|
|
echo "**** No wg0.conf found (maybe an initial install), generating 1 server and ${PEERS} peer/client confs ****"
|
|
|
|
generate_confs
|
|
|
|
save_vars
|
|
|
|
else
|
|
|
|
echo "**** Server mode is selected ****"
|
|
|
|
if [[ -f /config/.donoteditthisfile ]]; then
|
|
|
|
. /config/.donoteditthisfile
|
|
|
|
fi
|
|
|
|
if [[ "$SERVERURL" != "$ORIG_SERVERURL" ]] || [[ "$SERVERPORT" != "$ORIG_SERVERPORT" ]] || [[ "$PEERDNS" != "$ORIG_PEERDNS" ]] || [[ "$PEERS" != "$ORIG_PEERS" ]] || [[ "$INTERFACE" != "$ORIG_INTERFACE" ]] || [[ "$ALLOWEDIPS" != "$ORIG_ALLOWEDIPS" ]] || [[ "$PERSISTENTKEEPALIVE_PEERS" != "$ORIG_PERSISTENTKEEPALIVE_PEERS" ]]; then
|
|
|
|
echo "**** Server related environment variables changed, regenerating 1 server and ${PEERS} peer/client confs ****"
|
|
|
|
generate_confs
|
|
|
|
save_vars
|
|
|
|
else
|
|
|
|
echo "**** No changes to parameters. Existing configs are used. ****"
|
|
|
|
fi
|
2021-10-28 18:59:11 +00:00
|
|
|
fi
|
|
|
|
else
|
2023-02-09 16:56:47 +00:00
|
|
|
echo "**** Client mode selected. ****"
|
|
|
|
if [[ ! -f /config/wg0.conf ]]; then
|
|
|
|
echo "**** No client conf found. Provide your own client conf as \"/config/wg0.conf\" and restart the container. ****"
|
|
|
|
sleep infinity
|
|
|
|
fi
|
|
|
|
printf %s "${USE_COREDNS:-false}" > /run/s6/container_environment/USE_COREDNS
|
2021-10-28 18:59:11 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
# set up CoreDNS
|
2023-02-09 16:56:47 +00:00
|
|
|
if [[ ! -f /config/coredns/Corefile ]]; then
|
|
|
|
cp /defaults/Corefile /config/coredns/Corefile
|
|
|
|
fi
|
2021-10-28 18:59:11 +00:00
|
|
|
|
|
|
|
# permissions
|
2023-02-09 16:56:47 +00:00
|
|
|
lsiown -R abc:abc \
|
|
|
|
/config
|