setup shellscript to config wireguard

2024-10-26 12:14:30 +02:00 · 2024-10-26 12:14:30 +02:00 · dfd9637db5
commit dfd9637db5
2 changed files with 141 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,21 @@
+# shell script to bootstrap wireguard on ubuntu 22.04
+
+despite installing the wireguard-tools package there is much more to be done
+
+* private-public-keypairs for the wireguard-server and
+* private-public-keypairs for the wireguard-clients (user1, user2 ..)
+
+need to be generated 
+* the setup needs to setup the correct ip addreses 
+
+ideally a qrcode for porting the generated wireguard-user conifguration is desired to 
+quickly setup the clients
+
+
+* lastly the package forwarding 
+* a systemd service should be setup
+
+
+
+
+
--- a/wireguard.sh
+++ b/wireguard.sh
@ -0,0 +1,120 @@
+#!/bin/bash
+
+set -x
+
+#re-exec as root (via sudo)
+test "$(id -u)" = 0 || exec sudo "$0"
+
+
+# if needed install
+dpkg -l | grep wireguard-tools || apt-get install -y wireguard-tools
+dpkg -l | grep python3-qrcodegen || apt-get install -y python3-qrcodegen
+test -f /bin/qrcode || {
+  cat >/bin/qrcode << 'PYTHON'
+#!/usr/bin/python3
+from qrcodegen import QrCode, QrSegment
+import sys;
+
+def print_qr(qrcode: QrCode) -> None:
+        border = 4
+        for y in range(-border, qrcode.get_size() + border):
+                for x in range(-border, qrcode.get_size() + border):
+                        print("\u2588 "[1 if qrcode.get_module(x,y) else 0] * 2, end="")
+                print()
+        print()
+
+data = sys.stdin.read();
+# Make and print the QR Code symbol
+print_qr(QrCode.encode_text( data , QrCode.Ecc.MEDIUM))
+print( data);
+PYTHON
+  chmod a+rx /bin/qrcode
+}
+test -f /etc/sysctl.d/ipv4.forward|| {
+cat > /etc/sysctl.d/ipv4.forward << SYSCTL
+net.ipv4.ip_forward=1
+net.ipv6.conf.all.forwarding=1
+SYSCTL
+}
+
+wg-quick down wg0
+
+test -f /etc/wireguard/privatekey || {
+  wg genkey > /etc/wireguard/privatekey
+  chmod 0600 /etc/wireguard/privatekey
+}
+test -f /etc/wireguard/publickey || {
+  wg pubkey < /etc/wireguard/privatekey > /etc/wireguard/publickey
+  chmod 0600 /etc/wireguard/publickey
+}
+
+
+test -d /etc/wireguard/peers || {
+  mkdir /etc/wireguard/peers
+}
+
+NUM=1
+for PEERNAME in user1 user2 user3 
+do
+  PEERINFO="/etc/wireguard/peers/peer.$NUM.$PEERNAME.txt"
+  test -f "$PEERINFO" || {
+    PRIVATEKEY="$(wg genkey | tee "$PEERINFO")"
+    wg pubkey >> "$PEERINFO" <<< "$PRIVATEKEY"
+  }
+  NUM=$((NUM+1))
+done
+
+INTENRNET_NIC="$(ip route get 8.8.8.8 | head -n 1 | sed 's/.*dev //;s/src.*//')";
+
+rm /etc/wireguard/wg0.conf
+test -f /etc/wireguard/wg0.conf || {
+  cat > /etc/wireguard/wg0.conf << WGCONF
+[Interface]
+Address = 10.1.1.1/24
+Address = fdaa::1/24
+SaveConfig = true
+PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o $INTENRNET_NIC -j MASQUERADE
+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o $INTENRNET_NIC -j MASQUERADE
+ListenPort = 78
+PrivateKey = $(cat /etc/wireguard/privatekey)
+
+$(
+  cd /etc/wireguard/peers
+  for PEER in peer*.txt
+  do
+    NUM="${PEER#peer.}"
+    NUM="${NUM%.*.txt}"
+    cat << PEERINFO
+[Peer]
+PublicKey = $(tail -n 1 "$PEER")
+AllowedIPs = 10.1.1.$((NUM + 1))/32
+PEERINFO
+  done
+)
+WGCONF
+}
+
+(
+  cd /etc/wireguard/peers
+  for PEER in peer*.txt
+  do
+    NUM="${PEER#peer.}"
+    NUM="${NUM%.*.txt}"
+    tee "$PEER".conf << PEERINFO | qrcode | tee "$PEER".qrcode
+[Interface]
+PrivateKey = $(head -n 1 "$PEER")
+Address = 10.1.1.$((NUM + 1))/32,fdaa::$((NUM + 1))/64
+DNS = 8.8.8.8
+
+[Peer]
+PublicKey = $(cat /etc/wireguard/publickey)
+AllowedIPs = 0.0.0.0/0
+Endpoint = $(ip -br a s | grep -e '^en' | sed 's/\/32 metric.*//;s/.* //'):78
+PEERINFO
+  done
+)
+
+wg-quick up wg0
+sleep 1
+wg show
+systemctl enable 'wg-quick@wg0'