You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
55 lines
1.6 KiB
55 lines
1.6 KiB
#!/bin/bash
|
|
set -euo pipefail
|
|
|
|
if [[ $# -lt 1 || $# -gt 2 ]]; then
|
|
echo "Usage: $(basename $0) IP [Port]"
|
|
exit 1
|
|
fi
|
|
wireguard_ip="$1"
|
|
if [[ -z $2 ]]; then
|
|
wireguard_port=9271
|
|
else
|
|
wireguard_port="$2"
|
|
fi
|
|
|
|
sudo apt install -y wireguard
|
|
|
|
cd /etc/wireguard/
|
|
echo "Configuring wireguard ..."
|
|
(umask 077 && printf "[Interface]\nPrivateKey = " | sudo tee wg0.conf > /dev/null)
|
|
wg genkey | sudo tee -a wg0.conf | wg pubkey | sudo tee wg0.pubkey > /dev/null
|
|
echo "ListenPort = ${wireguard_port:?}
|
|
SaveConfig = true
|
|
Address = ${wireguard_ip:?}/24" | sudo tee -a wg0.conf > /dev/null
|
|
|
|
if [[ -e /etc/nftables.firewall ]]; then
|
|
echo "detected firewall config: nftables.firewall"
|
|
echo "opening port $wireguard_port on firewall ..."
|
|
line="tcp dport 9271 accept"
|
|
regex="$line"
|
|
sed -E -e "/$regex/{s/.*/$line/;:a;n;ba;q}" -e "\$a $line" /etc/nftables.firewall | sudo tee nftables.firewall >/dev/null
|
|
sudo /etc/nftables.conf
|
|
else
|
|
echo "No firewall detected."
|
|
echo "If you are using a firewall, make sure port $wireguard_port is open."
|
|
fi
|
|
|
|
echo "Starting wireguard ..."
|
|
sudo systemctl start wg-quick@wg0
|
|
read -p "Enable wireguard to automatically start on boot? [Y/n] " tmp
|
|
while true; do
|
|
case tmp in
|
|
''|y|Y|yes|Yes)
|
|
sudo systemctl enable wg-quick@wg0
|
|
echo "Wireguard will now automatically start on boot."
|
|
echo "To disable, run 'sudo systemctl disable wg-quick@wg0'"
|
|
break
|
|
;;
|
|
n|N|no|No)
|
|
echo "Wireguard will not start on boot."
|
|
echo "To enable auto-start, run 'sudo systemctl enable wg-quick@wg0'"
|
|
break
|
|
;;
|
|
*) echo "error: unrecognized input";;
|
|
esac
|
|
done
|
|
|