|
|
|
@ -6,53 +6,77 @@ wg_domain="wg.alemor.org" |
|
|
|
wg_dev="wg0" |
|
|
|
|
|
|
|
# functions |
|
|
|
help() { |
|
|
|
usage() { |
|
|
|
echo "Usage: $(basename $0) [COMMAND] [DESTINATION]" |
|
|
|
case $1 in |
|
|
|
main) echo "Usage: $(basename $0) [COMMAND] [DESTINATION]" |
|
|
|
echo "Automatically configure WireGuard peer connection to a given destination that you are able to SSH to and are a sudoer on." |
|
|
|
echo "Commands:" |
|
|
|
echo -e "\tadd" |
|
|
|
;; |
|
|
|
add) echo "Usage: $(basename $0) add [DESTINATION]" |
|
|
|
echo "Add a peer connection." |
|
|
|
;; |
|
|
|
main) |
|
|
|
echo "Automatically configure WireGuard peer connection to a given destination that you are able to SSH to and are a sudoer on." |
|
|
|
echo "Commands:" |
|
|
|
echo " add" |
|
|
|
echo " del" |
|
|
|
;; |
|
|
|
add) |
|
|
|
echo "Add a peer connection." |
|
|
|
;; |
|
|
|
del) |
|
|
|
echo "Delete a peer connection." |
|
|
|
;; |
|
|
|
esac |
|
|
|
exit 1 |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
cmd_add() { |
|
|
|
# add peer on dest |
|
|
|
sshp sudo wg set $wg_dev peer "'${host_key}'" endpoint $host_fqdn:$host_port allowed-ips $host_wgip/32 |
|
|
|
line="$host_wgip\t$host_name.$wg_domain" |
|
|
|
regex="^[0-9.]+\s+$host_name.$wg_domain\$" |
|
|
|
sshp "sed -E -e '/$regex/{s/.*/$line/;:a;n;ba;q}' -e '\$a $line' /etc/hosts | sudo tee /etc/hosts > /dev/null" |
|
|
|
|
|
|
|
# add peer on host |
|
|
|
sudo wg set $wg_dev peer "${dest_key}" endpoint $dest_fqdn:$dest_port allowed-ips $dest_wgip/32 |
|
|
|
line="$dest_wgip\t$dest_name.$wg_domain" |
|
|
|
regex="^[0-9.]+\s+$dest_name.$wg_domain\$" |
|
|
|
sed -E -e "/$regex/{s/.*/$line/;:a;n;ba;q}" -e "\$a $line" /etc/hosts | sudo tee /etc/hosts >/dev/null |
|
|
|
sed -E -e "/$regex/{s/.*/$line/;:a;n;ba;q}" -e "\$a $line" /etc/hosts | sudo tee /etc/hosts > /dev/null |
|
|
|
|
|
|
|
# add peer on dest |
|
|
|
sshp sudo wg set $wg_dev peer "'${host_key}'" endpoint $host_fqdn:$host_port allowed-ips $host_wgip/32 |
|
|
|
line="$host_wgip\t$host_name.$wg_domain" |
|
|
|
regex="^[0-9.]+\s+$host_name.$wg_domain" |
|
|
|
sshp "sed -E -e '/$regex/{s/.*/$line/;:a;n;ba;q}' -e '\$a $line' /etc/hosts | sudo tee /etc/hosts >/dev/null" |
|
|
|
echo "Peer $dest_name.$wg_domain added with internal IP $dest_wgip" |
|
|
|
} |
|
|
|
|
|
|
|
cmd_del() { |
|
|
|
# delete peer on dest |
|
|
|
regex="^[0-9.]+\s+$host_name.$wg_domain\$" |
|
|
|
sshp "sed -E -e '/$regex/D' /etc/hosts | sudo tee /etc/hosts > /dev/null" |
|
|
|
sshp wg set $wg_dev peer "${host_key}" remove |
|
|
|
|
|
|
|
# delete peer on host |
|
|
|
regex="^[0-9.]+\s+$dest_name.$wg_domain\$" |
|
|
|
sed -E -e "/$regex/D" /etc/hosts | sudo tee /etc/hosts > /dev/null |
|
|
|
sudo wg set $wg_dev peer "${dest_key}" remove |
|
|
|
|
|
|
|
echo "Peer $dest_name.$wg_domain deleted." |
|
|
|
} |
|
|
|
|
|
|
|
# Main |
|
|
|
|
|
|
|
# Check args |
|
|
|
if [[ $# -lt 1 ]]; then |
|
|
|
help main |
|
|
|
usage main |
|
|
|
fi |
|
|
|
case $1 in |
|
|
|
add) |
|
|
|
if [[ $# -lt 2 ]]; then |
|
|
|
help add |
|
|
|
fi |
|
|
|
cmd=add |
|
|
|
dest=$2 |
|
|
|
;; |
|
|
|
del|delete) |
|
|
|
cmd=del |
|
|
|
;; |
|
|
|
*) |
|
|
|
help main |
|
|
|
usage main |
|
|
|
;; |
|
|
|
esac |
|
|
|
if [[ $# -lt 2 ]]; then |
|
|
|
usage $cmd |
|
|
|
else |
|
|
|
dest=$2 |
|
|
|
fi |
|
|
|
|
|
|
|
# ask for local sudo password |
|
|
|
sudo -p '[sudo] password for %u@%h: ' true |
|
|
|
@ -70,10 +94,8 @@ host_key=$(sudo wg show $wg_dev public-key) |
|
|
|
# gather dest info |
|
|
|
dest_name=$(sshp hostname) |
|
|
|
dest_fqdn=$(sshp hostname --fqdn) |
|
|
|
dest_wgip="$(sshp ip -4 addr show $wg_dev | grep -oP '(?<=inet\s)\d+(\.\d+){3}')" |
|
|
|
dest_wgip=$(sshp "ip -4 addr show $wg_dev | grep -oP '(?<=inet\s)\d+(\.\d+){3}'") |
|
|
|
dest_port=$(sshp sudo wg show $wg_dev listen-port) |
|
|
|
dest_key=$(sshp sudo wg show $wg_dev public-key) |
|
|
|
|
|
|
|
case $cmd in |
|
|
|
add) cmd_add;; |
|
|
|
esac |
|
|
|
cmd_${cmd} |
|
|
|
|
Mario Alegre
5 years ago