Mario Alegre
5 years ago
3 changed files with 106 additions and 0 deletions
@ -0,0 +1,42 @@ |
|||
#!/bin/bash |
|||
# this file is meant to be sourced, not executed directly |
|||
|
|||
# if destination argument is not provided, fail |
|||
if [[ $# -lt 1 ]]; then |
|||
echo "$(basename $BASH_SOURCE): error: no destination provided!" >&2 |
|||
return 1 |
|||
elif [[ $# -gt 1 ]]; then |
|||
echo "$(basename $BASH_SOURCE): error: too many arguments!" >&2 |
|||
return 1 |
|||
fi |
|||
|
|||
# provide sshp command for executing commands on remote computer |
|||
sshp() { |
|||
echo "$@" >&$_sshp_in |
|||
echo "echo EOF" >&$_sshp_in |
|||
sed '/EOF/Q' <$_sshp_out |
|||
} |
|||
|
|||
# assign dest to variable |
|||
_sshp_dest=$1 |
|||
# create temporary directory |
|||
_sshp_tmpdir=$(mktemp -d) |
|||
mkfifo $tempdir/in $tempdir/out |
|||
_sshp_out=$_sshp_tmpdir/out |
|||
# assign input to a file descriptor so it doesn't get closed |
|||
exec {_sshp_in}<>$tempdir/in |
|||
# trap exit to do cleanup |
|||
trap "{ exec {_sshp_in}>&-; ssh -O exit -S $_sshp_tmpdir/ssh $_sshp_dest &>/dev/null; rm -rf $tempdir; }" EXIT |
|||
# login with master so ssh can ask password if necessary |
|||
ssh -M -Nf -S $tempdir/ssh $_sshp_dest |
|||
# login with redirection for the persistent connection |
|||
ssh -S $tempdir/ssh medusa 0<&$_sshp_in 1>$_sshp_out 2>$_sshp_out & |
|||
# clear output |
|||
sshp true &> /dev/null |
|||
# ask for password and run sudo so password can be cached |
|||
(printf "[sudo] password for $(remote echo \$USER)@$(remote hostname): " |
|||
read -s password; printf '\n' |
|||
echo "sudo -S true" >&3 |
|||
echo $password >&3) |
|||
# clear output |
|||
sshp true &> /dev/null |
|||
@ -0,0 +1,26 @@ |
|||
#!/bin/bash |
|||
set -euo pipefail |
|||
|
|||
if [[ $# -lt 1 || $# -gt 2 ]]; then |
|||
echo "Usage: $(basename $0) IP [Port]" |
|||
exit 1 |
|||
fi |
|||
wireguard_ip="$1" |
|||
if [[ -z $2 ]]; then |
|||
wireguard_port=9271 |
|||
else |
|||
wireguard_port="$2" |
|||
fi |
|||
|
|||
sudo apt install -y wireguard |
|||
|
|||
cd /etc/wireguard/ |
|||
(umask 077 && printf "[Interface]\nPrivateKey = " | sudo tee wg0.conf > /dev/null) |
|||
wg genkey | sudo tee -a wg0.conf | wg pubkey | sudo tee wg0.pubkey > /dev/null |
|||
echo "ListenPort = ${wireguard_port:?} |
|||
SaveConfig = true |
|||
Address = ${wireguard_ip:?}/24" | sudo tee -a wg0.conf > /dev/null |
|||
|
|||
sudo systemctl start wg-quick@wg0 |
|||
#sudo systemctl enable wg-quick@wg0 |
|||
wg |
|||
@ -0,0 +1,38 @@ |
|||
#!/bin/bash |
|||
set -euo pipefail |
|||
|
|||
# hardcoded constants |
|||
wg_domain="wg.alemor.org" |
|||
wg_dev="wg0" |
|||
|
|||
# check for arguments |
|||
if [[ $# -lt 1 || $# -gt 1 ]]; then |
|||
echo "Usage: $(basename $0) ssh_destination" |
|||
exit 1 |
|||
fi |
|||
dest="$1" |
|||
|
|||
. ../ssh/ssh-persist $dest |
|||
|
|||
# gather host info |
|||
host_name=$(hostname) |
|||
host_fqdn=$(hostname --fqdn) |
|||
host_wgip=$(ip -4 addr show $wg_dev | grep -oP '(?<=inet\s)\d+(\.\d+){3}') |
|||
host_port=$(sudo wg show $wg_dev listen-port) |
|||
host_key=$(sudo wg show $wg_dev public-key) |
|||
|
|||
# gather dest info |
|||
sudo -v -p '[sudo] password for %u@%h' |
|||
dest_name=$(sshp hostname) |
|||
dest_fqdn=$(sshp hostname --fqdn) |
|||
dest_wgip=$(sshp ip -4 addr show $wg_dev | grep -oP '(?<=inet\s)\d+(\.\d+){3}') |
|||
dest_port=$(sshp sudo wg show $wg_dev listen-port) |
|||
dest_key=$(sshp sudo wg show $wg_dev public-key) |
|||
|
|||
# add peer on host |
|||
sudo wg set $wg_dev peer "${dest_key}" endpoint $dest_fqdn:$dest_port allowed-ips $dest_wgip/32 |
|||
echo -e "$dest_wgip\t$dest_name.$wg_domain" | sudo tee -a /etc/hosts >/dev/null |
|||
|
|||
# add peer on dest |
|||
sshp sudo wg set $wg_dev peer "'${host_key}'" endpoint $host_fqdn:$host_port allowed-ips $host_wgip/32 |
|||
sshp echo -e "$host_wgip\t$host_name.$wg_domain" | sudo tee -a /etc/hosts >/dev/null |
|||
Loading…
Reference in new issue