From b787c506f94563a2030a4c3d2df9bb0e7a61200e Mon Sep 17 00:00:00 2001
From: Mario Alegre <mario@git.alemor.org>
Date: Sun, 20 Dec 2020 05:35:38 -0500
Subject: [PATCH] updates to wireguard scripts

---
 bin/wg-addpeer                  | 12 ++++++------
 docs/linux/wireguard/install.sh | 33 +++++++++++++++++++++++++++++++--
 2 files changed, 37 insertions(+), 8 deletions(-)

diff --git a/bin/wg-addpeer b/bin/wg-addpeer
index ed1066d..c299e78 100755
--- a/bin/wg-addpeer
+++ b/bin/wg-addpeer
@@ -33,12 +33,12 @@ dest_key=$(sshp sudo wg show $wg_dev public-key)
 
 # add peer on host
 sudo wg set $wg_dev peer "${dest_key}" endpoint $dest_fqdn:$dest_port allowed-ips $dest_wgip/32
-search="^[0-9.]+\s+$dest_name.$wg_domain\$"
-replace="$dest_wgip\t$dest_name.$wg_domain"
-eval "(grep -qE '$search' /etc/hosts && sed -E 's/$search/$replace/' /etc/hosts || echo -e '$replace' | cat /etc/hosts -) | sudo tee /etc/hosts >/dev/null"
+line="$dest_wgip\t$dest_name.$wg_domain"
+regex="^[0-9.]+\s+$dest_name.$wg_domain\$"
+sed -E -e "/$regex/{s/.*/$line/;:a;n;ba;q}" -e "\$a $line" /etc/hosts | sudo tee /etc/hosts >/dev/null
 
 # add peer on dest
 sshp sudo wg set $wg_dev peer "'${host_key}'" endpoint $host_fqdn:$host_port allowed-ips $host_wgip/32
-search="^[0-9.]+\s+$host_name.$wg_domain"
-replace="$host_wgip\t$host_name.$wg_domain"
-sshp "(grep -qE '$search' /etc/hosts && sed -E 's/$search/$replace/' /etc/hosts || echo -e '$replace' | cat /etc/hosts -) | sudo tee /etc/hosts >/dev/null"
+line="$host_wgip\t$host_name.$wg_domain"
+regex="^[0-9.]+\s+$host_name.$wg_domain"
+sshp "sed -E -e '/$regex/{s/.*/$line/;:a;n;ba;q}' -e '\$a $line' /etc/hosts | sudo tee /etc/hosts >/dev/null"
diff --git a/docs/linux/wireguard/install.sh b/docs/linux/wireguard/install.sh
index 6997996..a565bbb 100755
--- a/docs/linux/wireguard/install.sh
+++ b/docs/linux/wireguard/install.sh
@@ -15,12 +15,41 @@ fi
 sudo apt install -y wireguard
 
 cd /etc/wireguard/
+echo "Configuring wireguard ..."
 (umask 077 && printf "[Interface]\nPrivateKey = " | sudo tee wg0.conf > /dev/null)
 wg genkey | sudo tee -a wg0.conf | wg pubkey | sudo tee wg0.pubkey > /dev/null
 echo "ListenPort = ${wireguard_port:?}
 SaveConfig = true
 Address = ${wireguard_ip:?}/24" | sudo tee -a wg0.conf > /dev/null
 
+if [[ -e /etc/nftables.firewall ]]; then
+    echo "detected firewall config: nftables.firewall"
+    echo "opening port $wireguard_port on firewall ..."
+    line="tcp dport 9271 accept"
+    regex="$line"
+    sed -E -e "/$regex/{s/.*/$line/;:a;n;ba;q}" -e "\$a $line" /etc/nftables.firewall | sudo tee nftables.firewall >/dev/null
+    sudo /etc/nftables.conf
+else
+    echo "No firewall detected."
+    echo "If you are using a firewall, make sure port $wireguard_port is open."
+fi
+
+echo "Starting wireguard ..."
 sudo systemctl start wg-quick@wg0
-#sudo systemctl enable wg-quick@wg0
-wg
+read -p "Enable wireguard to automatically start on boot? [Y/n] " tmp
+while true; do
+    case tmp in
+	''|y|Y|yes|Yes)
+	    sudo systemctl enable wg-quick@wg0
+	    echo "Wireguard will now automatically start on boot."
+	    echo "To disable, run 'sudo systemctl disable wg-quick@wg0'"
+	    break
+	    ;;
+	n|N|no|No)
+	    echo "Wireguard will not start on boot."
+	    echo "To enable auto-start, run 'sudo systemctl enable wg-quick@wg0'"
+	    break
+	    ;;
+	*) echo "error: unrecognized input";;
+    esac
+done