Xefir/linuxserver-mods
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d35ed19360
linuxserver-mods/wireguard-ipv6/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run

195 lines
8.0 KiB
Plaintext
Raw Normal View History

feat: :tada: initial commit
2024-05-15 18:36:19 +00:00
#!/usr/bin/with-contenv bash
# https://github.com/arankaren/docker-wireguard/blob/master/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run
# prepare symlinks
rm -rf /etc/wireguard
mkdir -p /etc/wireguard
ln -s /config/wg0.conf /etc/wireguard/wg0.conf
# prepare templates
[[ ! -f /config/templates/server.conf ]] && \
cp /defaults/server.conf /config/templates/server.conf
[[ ! -f /config/templates/peer.conf ]] && \
cp /defaults/peer.conf /config/templates/peer.conf
# add preshared key to user templates (backwards compatibility)
if ! grep -q 'PresharedKey' /config/templates/peer.conf; then
sed -i 's|^Endpoint|PresharedKey = \$\(cat /config/\${PEER_ID}/presharedkey-\${PEER_ID}\)\nEndpoint|' /config/templates/peer.conf
fi
generate_confs () {
mkdir -p /config/server
if [ ! -f /config/server/privatekey-server ]; then
umask 077
wg genkey | tee /config/server/privatekey-server | wg pubkey > /config/server/publickey-server
fi
eval "`printf %s`
cat <<DUDE > /config/wg0.conf
`cat /config/templates/server.conf`
DUDE"
for i in ${PEERS_ARRAY[@]}; do
if [[ ! "${i}" =~ ^[[:alnum:]]+$ ]]; then
echo "**** Peer ${i} contains non-alphanumeric characters and thus will be skipped. No config for peer ${i} will be generated. ****"
else
if [[ "${i}" =~ ^[0-9]+$ ]]; then
PEER_ID="peer${i}"
else
PEER_ID="peer_${i}"
fi
mkdir -p /config/${PEER_ID}
if [ ! -f "/config/${PEER_ID}/privatekey-${PEER_ID}" ]; then
umask 077
wg genkey | tee /config/${PEER_ID}/privatekey-${PEER_ID} | wg pubkey > /config/${PEER_ID}/publickey-${PEER_ID}
wg genpsk > /config/${PEER_ID}/presharedkey-${PEER_ID}
fi
if [ -f "/config/${PEER_ID}/${PEER_ID}.conf" ]; then
CLIENT_IPV4=$(cat /config/${PEER_ID}/${PEER_ID}.conf | grep "Address" | awk '{print substr($3, 1, length($3)-1)}')
if [ -n "${ORIG_INTERFACE_IPV4}" ] && [ "${INTERFACE_IPV4}" != "${ORIG_INTERFACE_IPv4}" ]; then
CLIENT_IPV4=$(echo "${CLIENT_IPV4}" | sed "s|${ORIG_INTERFACE_IPV4}|${INTERFACE_IPV4}|")
fi
CLIENT_IPV6=$(cat /config/${PEER_ID}/${PEER_ID}.conf | grep "Address" | awk '{print $NF}')
if [ -n "${ORIG_INTERFACE_IPV6}" ] && [ "${INTERFACE_IPV6}" != "${ORIG_INTERFACE_IPV6}" ]; then
CLIENT_IPV6=$(echo "${CLIENT_IPV6}" | sed "s|${ORIG_INTERFACE_IPV6}|${INTERFACE_IPV6}|")
fi
else
for idx in {2..254}; do
PROPOSED_IPV4="${INTERFACE_IPV4}.${idx}"
if ! grep -q -R "${PROPOSED_IPV4}" /config/peer*/*.conf 2>/dev/null && ([ -z "${ORIG_INTERFACE}" ] || ! grep -q -R "${ORIG_INTERFACE}.${idx}" /config/peer*/*.conf 2>/dev/null); then
CLIENT_IPV4="${PROPOSED_IPV4}"
break
fi
done
for idx in {2..254}; do
PROPOSED_IPV6="${INTERFACE_IPV6}.${idx}"
if ! grep -q -R "${PROPOSED_IPV6}" /config/peer*/*.conf 2>/dev/null && ([ -z "${ORIG_INTERFACE}" ] || ! grep -q -R "${ORIG_INTERFACE}.${idx}" /config/peer*/*.conf 2>/dev/null); then
CLIENT_IPV6="${PROPOSED_IPV6}"
break
fi
done
fi
if [ -f "/config/${PEER_ID}/presharedkey-${PEER_ID}" ]; then
# create peer conf with presharedkey
eval "`printf %s`
cat <<DUDE > /config/${PEER_ID}/${PEER_ID}.conf
`cat /config/templates/peer.conf`
DUDE"
# add peer info to server conf with presharedkey
cat <<DUDE >> /config/wg0.conf
[Peer]
# ${PEER_ID}
PublicKey = $(cat /config/${PEER_ID}/publickey-${PEER_ID})
PresharedKey = $(cat /config/${PEER_ID}/presharedkey-${PEER_ID})
DUDE
else
echo "**** Existing keys with no preshared key found for ${PEER_ID}, creating confs without preshared key for backwards compatibility ****"
# create peer conf without presharedkey
eval "`printf %s`
cat <<DUDE > /config/${PEER_ID}/${PEER_ID}.conf
`cat /config/templates/peer.conf | sed '/PresharedKey/d'`
DUDE"
# add peer info to server conf without presharedkey
cat <<DUDE >> /config/wg0.conf
[Peer]
# ${PEER_ID}
PublicKey = $(cat /config/${PEER_ID}/publickey-${PEER_ID})
DUDE
fi
SERVER_ALLOWEDIPS=SERVER_ALLOWEDIPS_PEER_${i}
# add peer's allowedips to server conf
if [ -n "${!SERVER_ALLOWEDIPS}" ]; then
echo "Adding ${!SERVER_ALLOWEDIPS} to wg0.conf's AllowedIPs for peer ${i}"
cat <<DUDE >> /config/wg0.conf
AllowedIPs = ${CLIENT_IPV4}/32,${!SERVER_ALLOWEDIPS}
DUDE
else
cat <<DUDE >> /config/wg0.conf
AllowedIPs = ${CLIENT_IPV4}/32,${CLIENT_IPV6}/128
DUDE
fi
if [ -z "${LOG_CONFS}" ] || [ "${LOG_CONFS}" = "true" ]; then
echo "PEER ${i} QR code:"
qrencode -t ansiutf8 < /config/${PEER_ID}/${PEER_ID}.conf
else
echo "PEER ${i} conf and QR code png saved in /config/${PEER_ID}"
fi
qrencode -o /config/${PEER_ID}/${PEER_ID}.png < /config/${PEER_ID}/${PEER_ID}.conf
fi
done
}
save_vars () {
cat <<DUDE > /config/.donoteditthisfile
ORIG_SERVERURL="$SERVERURL"
ORIG_SERVERPORT="$SERVERPORT"
ORIG_PEERDNS="$PEERDNS"
ORIG_PEERS="$PEERS"
ORIG_INTERFACE_IPV4="$INTERFACE_IPV4"
ORIG_INTERFACE_IPV6="$INTERFACE_IPV6"
ORIG_ALLOWEDIPS="$ALLOWEDIPS"
DUDE
}
if [ -n "$PEERS" ]; then
echo "**** Server mode is selected ****"
if [[ "$PEERS" =~ ^[0-9]+$ ]] && ! [[ "$PEERS" =~ *,* ]]; then
PEERS_ARRAY=($(seq 1 $PEERS))
else
PEERS_ARRAY=($(echo "$PEERS" | tr ',' ' '))
fi
PEERS_COUNT=$(echo "${#PEERS_ARRAY[@]}")
if [ -z "$SERVERURL" ] || [ "$SERVERURL" = "auto" ]; then
SERVERURL=$(curl -s icanhazip.com)
echo "**** SERVERURL var is either not set or is set to \"auto\", setting external IP to auto detected value of $SERVERURL ****"
else
echo "**** External server address is set to $SERVERURL ****"
fi
SERVERPORT=${SERVERPORT:-51820}
echo "**** External server port is set to ${SERVERPORT}. Make sure that port is properly forwarded to port 51820 inside this container ****"
INTERNAL_SUBNET_IPV4=${INTERNAL_SUBNET_IPV4:-10.13.13.0}
echo "**** Internal subnet is set to $INTERNAL_SUBNET_IPV4 ****"
INTERFACE_IPV4=$(echo "$INTERNAL_SUBNET_IPV4" | awk 'BEGIN{FS=OFS="."} NF--')
INTERNAL_SUBNET_IPV6=${INTERNAL_SUBNET_IPV6:-fd42:42:42::0}
echo "**** Internal subnet is set to $INTERNAL_SUBNET_IPV6 ****"
INTERFACE_IPV6=$(echo "$INTERNAL_SUBNET_IPV6" | awk 'BEGIN{FS=OFS="::"} NF--')
ALLOWEDIPS=${ALLOWEDIPS:-0.0.0.0/0, ::/0}
echo "**** AllowedIPs for peers $ALLOWEDIPS ****"
if [ -z "$PEERDNS" ] || [ "$PEERDNS" = "auto" ]; then
PEERDNS="${INTERFACE_IPV4}.1, ${INTERFACE_IPV6}::1"
echo "**** PEERDNS var is either not set or is set to \"auto\", setting peer DNS to ${INTERFACE_IPV4}.1 and ${INTERFACE_IPV6}::1 to use wireguard docker host's DNS. ****"
else
echo "**** Peer DNS servers will be set to $PEERDNS ****"
fi
if [ ! -f /config/wg0.conf ]; then
echo "**** No wg0.conf found (maybe an initial install), generating 1 server and ${PEERS} peer/client confs ****"
generate_confs
save_vars
else
echo "**** Server mode is selected ****"
[[ -f /config/.donoteditthisfile ]] && \
. /config/.donoteditthisfile
if [ "$SERVERURL" != "$ORIG_SERVERURL" ] || [ "$SERVERPORT" != "$ORIG_SERVERPORT" ] || [ "$PEERDNS" != "$ORIG_PEERDNS" ] || [ "$PEERS" != "$ORIG_PEERS" ] || [ "$INTERFACE_IPV4" != "$ORIG_INTERFACE_IPV4" ] || [ "$INTERFACE_IPV6" != "$ORIG_INTERFACE_IPV6" ] || [ "$ALLOWEDIPS" != "$ORIG_ALLOWEDIPS" ]; then
echo "**** Server related environment variables changed, regenerating 1 server and ${PEERS} peer/client confs ****"
generate_confs
save_vars
else
echo "**** No changes to parameters. Existing configs are used. ****"
fi
fi
else
echo "**** Client mode selected. ****"
if [ ! -f /config/wg0.conf ]; then
echo "**** No client conf found. Provide your own client conf as \"/config/wg0.conf\" and restart the container. ****"
sleep infinity
fi
printf "false" > /run/s6/container_environment/USE_COREDNS
fi
# set up CoreDNS
[[ ! -f /config/coredns/Corefile ]] && \
cp /defaults/Corefile /config/coredns/Corefile
# permissions
chown -R abc:abc \
/config
Reference in New Issue Copy Permalink