mar
/
sysadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
How to set up/manage services on a computer
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
48 Commits
1 Branch
0 Tags
179 KiB
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
sysadmin/bin/wg-peer

101 lines
2.7 KiB
Raw Permalink Blame History

#!/bin/bash
set -euo pipefail
# hardcoded constants
wg_domain="wg.alemor.org"
wg_dev="wg0"
# functions
usage() {
echo "Usage: $(basename $0) [COMMAND] [DESTINATION]"
case $1 in
main)
echo "Automatically configure WireGuard peer connection to a given destination that you are able to SSH to and are a sudoer on."
echo "Commands:"
echo " add"
echo " del"
;;
add)
echo "Add a peer connection."
;;
del)
echo "Delete a peer connection."
;;
esac
exit 1
}
cmd_add() {
# add peer on dest
sshp sudo wg set $wg_dev peer "'${host_key}'" endpoint $host_fqdn:$host_port allowed-ips $host_wgip/32
line="$host_wgip\t$host_name.$wg_domain"
regex="^[0-9.]+\s+$host_name.$wg_domain\$"
sshp "sed -E -e '/$regex/{s/.*/$line/;:a;n;ba;q}' -e '\$a $line' /etc/hosts | sudo tee /etc/hosts > /dev/null"
# add peer on host
sudo wg set $wg_dev peer "${dest_key}" endpoint $dest_fqdn:$dest_port allowed-ips $dest_wgip/32
line="$dest_wgip\t$dest_name.$wg_domain"
regex="^[0-9.]+\s+$dest_name.$wg_domain\$"
sed -E -e "/$regex/{s/.*/$line/;:a;n;ba;q}" -e "\$a $line" /etc/hosts | sudo tee /etc/hosts > /dev/null
echo "Peer $dest_name.$wg_domain added with internal IP $dest_wgip"
}
cmd_del() {
# delete peer on dest
regex="^[0-9.]+\s+$host_name.$wg_domain\$"
sshp "sed -E -e '/$regex/D' /etc/hosts | sudo tee /etc/hosts > /dev/null"
sshp wg set $wg_dev peer "${host_key}" remove
# delete peer on host
regex="^[0-9.]+\s+$dest_name.$wg_domain\$"
sed -E -e "/$regex/D" /etc/hosts | sudo tee /etc/hosts > /dev/null
sudo wg set $wg_dev peer "${dest_key}" remove
echo "Peer $dest_name.$wg_domain deleted."
}
# Main
# Check args
if [[ $# -lt 1 ]]; then
usage main
fi
case $1 in
add)
cmd=add
;;
del|delete)
cmd=del
;;
*)
usage main
;;
esac
if [[ $# -lt 2 ]]; then
usage $cmd
else
dest=$2
fi
# ask for local sudo password
sudo -p '[sudo] password for %u@%h: ' true
# connect to remote
# script expects ssh-persist to be either in the same directory as script itself, or in the path
. ssh-persist.sh "$dest" || . $(dirname $0)/ssh-persist.sh "$dest"
# gather host info
host_name=$(hostname)
host_fqdn=$(hostname --fqdn)
host_wgip=$(ip -4 addr show $wg_dev | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
host_port=$(sudo wg show $wg_dev listen-port)
host_key=$(sudo wg show $wg_dev public-key)
# gather dest info
dest_name=$(sshp hostname)
dest_fqdn=$(sshp hostname --fqdn)
dest_wgip=$(sshp "ip -4 addr show $wg_dev | grep -oP '(?<=inet\s)\d+(\.\d+){3}'")
dest_port=$(sshp sudo wg show $wg_dev listen-port)
dest_key=$(sshp sudo wg show $wg_dev public-key)
cmd_${cmd}