setup shellscript to config wireguard

2024-10-26 12:14:30 +02:00 · 2024-10-26 12:14:30 +02:00 · dfd9637db5
commit dfd9637db5
2 changed files with 141 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,21 @@
 # shell script to bootstrap wireguard on ubuntu 22.04
 despite installing the wireguard-tools package there is much more to be done
 * private-public-keypairs for the wireguard-server and
 * private-public-keypairs for the wireguard-clients (user1, user2 ..)
 need to be generated 
 * the setup needs to setup the correct ip addreses 
 ideally a qrcode for porting the generated wireguard-user conifguration is desired to 
 quickly setup the clients
 * lastly the package forwarding 
 * a systemd service should be setup
--- a/wireguard.sh
+++ b/wireguard.sh
@ -0,0 +1,120 @@
 #!/bin/bash
 set -x
 #re-exec as root (via sudo)
 test "$(id -u)" = 0 || exec sudo "$0"
 # if needed install
 dpkg -l | grep wireguard-tools || apt-get install -y wireguard-tools
 dpkg -l | grep python3-qrcodegen || apt-get install -y python3-qrcodegen
 test -f /bin/qrcode || {
  cat >/bin/qrcode << 'PYTHON'
 #!/usr/bin/python3
 from qrcodegen import QrCode, QrSegment
 import sys;
 def print_qr(qrcode: QrCode) -> None:
        border = 4
        for y in range(-border, qrcode.get_size() + border):
                for x in range(-border, qrcode.get_size() + border):
                        print("\u2588 "[1 if qrcode.get_module(x,y) else 0] * 2, end="")
                print()
        print()
 data = sys.stdin.read();
 # Make and print the QR Code symbol
 print_qr(QrCode.encode_text( data , QrCode.Ecc.MEDIUM))
 print( data);
 PYTHON
  chmod a+rx /bin/qrcode
 }
 test -f /etc/sysctl.d/ipv4.forward|| {
 cat > /etc/sysctl.d/ipv4.forward << SYSCTL
 net.ipv4.ip_forward=1
 net.ipv6.conf.all.forwarding=1
 SYSCTL
 }
 wg-quick down wg0
 test -f /etc/wireguard/privatekey || {
  wg genkey > /etc/wireguard/privatekey
  chmod 0600 /etc/wireguard/privatekey
 }
 test -f /etc/wireguard/publickey || {
  wg pubkey < /etc/wireguard/privatekey > /etc/wireguard/publickey
  chmod 0600 /etc/wireguard/publickey
 }
 test -d /etc/wireguard/peers || {
  mkdir /etc/wireguard/peers
 }
 NUM=1
 for PEERNAME in user1 user2 user3 
 do
  PEERINFO="/etc/wireguard/peers/peer.$NUM.$PEERNAME.txt"
  test -f "$PEERINFO" || {
    PRIVATEKEY="$(wg genkey | tee "$PEERINFO")"
    wg pubkey >> "$PEERINFO" <<< "$PRIVATEKEY"
  }
  NUM=$((NUM+1))
 done
 INTENRNET_NIC="$(ip route get 8.8.8.8 | head -n 1 | sed 's/.*dev //;s/src.*//')";
 rm /etc/wireguard/wg0.conf
 test -f /etc/wireguard/wg0.conf || {
  cat > /etc/wireguard/wg0.conf << WGCONF
 [Interface]
 Address = 10.1.1.1/24
 Address = fdaa::1/24
 SaveConfig = true
 PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o $INTENRNET_NIC -j MASQUERADE
 PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o $INTENRNET_NIC -j MASQUERADE
 ListenPort = 78
 PrivateKey = $(cat /etc/wireguard/privatekey)
 $(
  cd /etc/wireguard/peers
  for PEER in peer*.txt
  do
    NUM="${PEER#peer.}"
    NUM="${NUM%.*.txt}"
    cat << PEERINFO
 [Peer]
 PublicKey = $(tail -n 1 "$PEER")
 AllowedIPs = 10.1.1.$((NUM + 1))/32
 PEERINFO
  done
 )
 WGCONF
 }
 (
  cd /etc/wireguard/peers
  for PEER in peer*.txt
  do
    NUM="${PEER#peer.}"
    NUM="${NUM%.*.txt}"
    tee "$PEER".conf << PEERINFO | qrcode | tee "$PEER".qrcode
 [Interface]
 PrivateKey = $(head -n 1 "$PEER")
 Address = 10.1.1.$((NUM + 1))/32,fdaa::$((NUM + 1))/64
 DNS = 8.8.8.8
 [Peer]
 PublicKey = $(cat /etc/wireguard/publickey)
 AllowedIPs = 0.0.0.0/0
 Endpoint = $(ip -br a s | grep -e '^en' | sed 's/\/32 metric.*//;s/.* //'):78
 PEERINFO
  done
 )
 wg-quick up wg0
 sleep 1
 wg show
 systemctl enable 'wg-quick@wg0'