garbash-config

etc files for garbash tilde
git clone git://git.alexkarle.com.com/garbash-config
Log | Files | Refs | README | LICENSE
commit 53eb50d2c60dc6b9987ac972bb602d3bc60db63c (patch)
parent a2f07d9676ded6098f7af6294b2909821a16d708
Author: alex <alex@garbash.com>
Date:   Tue, 28 Sep 2021 21:47:18 -0400

wg: Add wggen to generate and manage wg-quick configs

What a fun setup with ~anthony!

We should look into copying the file to the user... I guess
we could just `mail -s "Your WG Config" USER < client.conf`

Diffstat:

MMakefile | 3++-


Ausr/local/bin/wggen | 54++++++++++++++++++++++++++++++++++++++++++++++++++++++


2 files changed, 56 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
@@ -3,7 +3,8 @@ FILES = /etc/httpd.conf \
 	/etc/acme-client.conf \
 	/etc/mail/smtpd.conf \
 	/var/git/stagit-post-receive \
-	/usr/local/bin/newrepo
+	/usr/local/bin/newrepo \
+	/usr/local/bin/wggen
 
 .PHONY: pull
 pull:
diff --git a/usr/local/bin/wggen b/usr/local/bin/wggen
@@ -0,0 +1,54 @@
+#!/bin/sh
+set -e
+
+die() {
+	echo "$*" 1>&2
+	exit 1
+}
+
+[ -z "$1" ] && die "usage: $0 HOST"
+
+NAME="$1"
+DATADIR=${DATADIR:-/etc/wg}
+HOSTFILE=${HOSTFILE:-${DATADIR}/hosts}
+
+# Detect if name in use
+if grep -q "^$NAME[[:space:]]" "$HOSTFILE"; then
+	die "hostname $NAME taken"
+fi
+
+# Get public and private keys
+CONF="$DATADIR/$NAME"
+mkdir -p "$CONF"
+openssl rand -base64 32 > "$CONF/private.key"
+openssl rand -base64 32 > "$CONF/private.key"
+
+ifconfig wg9 destroy 2>/dev/null   || true
+ifconfig wg9 create wgport 13421 wgkey "$(cat "$CONF/private.key")"
+ifconfig wg9 | grep wgpubkey | cut -d ' ' -f 2 > "$CONF/public.key"
+ifconfig wg9 destroy 2>/dev/null   || true
+
+# Assign an IP
+CUR=$(tail -n 1 "$HOSTFILE" | cut -d. -f 4)
+NEXT=$((CUR + 1))
+echo "$NAME	10.6.6.$NEXT" >> "$HOSTFILE"
+
+# Generate the config
+cat <<EOM > "$CONF/client.conf"
+# public key: $(cat "$CONF/public.key")
+[Interface]
+PrivateKey = $(cat "$CONF/private.key")
+Address = 10.6.6.$NEXT/24
+
+[Peer]
+PublicKey = JpsSfrcrhCcTR5bybV9YQaAV60A12heinyAiSbMK3ng=
+AllowedIPs = 10.6.6.1/32
+Endpoint = 45.79.221.98:7149
+EOM
+
+# Lastly, append to /etc/hostname.wg0 and restart it
+cat <<EOM > /etc/hostname.wg0
+wgpeer $(cat "$CONF/public.key") wgaip 10.6.6.$NEXT/32
+EOM
+
+sh /etc/netstart