init
This commit is contained in:
56
bootstrap/wireguard-bootstrap.sh
Executable file
56
bootstrap/wireguard-bootstrap.sh
Executable file
@ -0,0 +1,56 @@
|
||||
#!/bin/bash
|
||||
set -eux
|
||||
|
||||
ip_address="$1"; shift
|
||||
vpn_ip_address="$1"; shift
|
||||
|
||||
# configure the motd.
|
||||
# NB this was generated at http://patorjk.com/software/taag/#p=display&f=Big&t=WireGuard.
|
||||
# it could also be generated with figlet.org.
|
||||
cat >/etc/motd <<'EOF'
|
||||
|
||||
__ ___ _____ _
|
||||
\ \ / (_) / ____| | |
|
||||
\ \ /\ / / _ _ __ ___| | __ _ _ __ _ _ __ __| |
|
||||
\ \/ \/ / | | '__/ _ \ | |_ | | | |/ _` | '__/ _` |
|
||||
\ /\ / | | | | __/ |__| | |_| | (_| | | | (_| |
|
||||
\/ \/ |_|_| \___|\_____|\__,_|\__,_|_| \__,_|
|
||||
|
||||
|
||||
EOF
|
||||
|
||||
# install wireguard.
|
||||
# see https://www.wireguard.com/install/
|
||||
apt-get install -y wireguard
|
||||
|
||||
# create the configuration file.
|
||||
# see https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
|
||||
umask 077
|
||||
wg genkey >"$(hostname).key"
|
||||
cat >/etc/wireguard/wg0.conf <<EOF
|
||||
[Interface]
|
||||
PrivateKey = $(cat "$(hostname).key")
|
||||
Address = $vpn_ip_address/24
|
||||
ListenPort = 51820
|
||||
EOF
|
||||
cp /etc/wireguard/wg0.conf{,.head}
|
||||
umask 022
|
||||
|
||||
# save this peer configuration in the host.
|
||||
mkdir -p /vagrant/wg-conf
|
||||
cat >>"/vagrant/wg-conf/wg-peer-$(hostname).conf" <<EOF
|
||||
[Peer]
|
||||
PublicKey = $(wg pubkey <"$(hostname).key")
|
||||
Endpoint = $ip_address:51820
|
||||
AllowedIPs = $vpn_ip_address/32
|
||||
EOF
|
||||
|
||||
# delete the keypair.
|
||||
rm "$(hostname).key"
|
||||
|
||||
# bring up the interface.
|
||||
systemctl enable wg-quick@wg0
|
||||
systemctl start wg-quick@wg0
|
||||
|
||||
# show info.
|
||||
wg show
|
||||
30
bootstrap/wireguard-update-peers.sh
Executable file
30
bootstrap/wireguard-update-peers.sh
Executable file
@ -0,0 +1,30 @@
|
||||
#!/bin/bash
|
||||
set -eux
|
||||
|
||||
# add the interface configuration.
|
||||
cp /etc/wireguard/wg0.conf{.head,}
|
||||
|
||||
# add the peers public keys.
|
||||
for peer_config_path in /vagrant/wg-conf/wg-peer-*.conf; do
|
||||
[ ! -f "$peer_config_path" ] && continue
|
||||
cat >>/etc/wireguard/wg0.conf <<EOF
|
||||
|
||||
$(cat "$peer_config_path")
|
||||
EOF
|
||||
done
|
||||
|
||||
# restart wireguard.
|
||||
systemctl restart wg-quick@wg0
|
||||
|
||||
# show info.
|
||||
wg show
|
||||
|
||||
# show listening ports.
|
||||
ss -n --tcp --listening --processes
|
||||
ss -n --udp --listening --processes
|
||||
|
||||
# show network interfaces.
|
||||
ip addr
|
||||
|
||||
# show network routes.
|
||||
ip route
|
||||
Reference in New Issue
Block a user