120 lines
2.9 KiB
Bash
120 lines
2.9 KiB
Bash
#!/bin/bash
|
|
|
|
set -x
|
|
|
|
#re-exec as root (via sudo)
|
|
test "$(id -u)" = 0 || exec sudo "$0"
|
|
|
|
|
|
# if needed install
|
|
dpkg -l | grep wireguard-tools || { apt-get update; apt-get install -y wireguard-tools; }
|
|
dpkg -l | grep python3-qrcodegen || { apt-get update; apt-get install -y python3-qrcodegen; }
|
|
test -f /bin/qrcode || {
|
|
cat >/bin/qrcode << 'PYTHON'
|
|
#!/usr/bin/python3
|
|
from qrcodegen import QrCode, QrSegment
|
|
import sys;
|
|
|
|
def print_qr(qrcode: QrCode) -> None:
|
|
border = 4
|
|
for y in range(-border, qrcode.get_size() + border):
|
|
for x in range(-border, qrcode.get_size() + border):
|
|
print("\u2588 "[1 if qrcode.get_module(x,y) else 0] * 2, end="")
|
|
print()
|
|
print()
|
|
|
|
data = sys.stdin.read();
|
|
# Make and print the QR Code symbol
|
|
print_qr(QrCode.encode_text( data , QrCode.Ecc.MEDIUM))
|
|
print( data);
|
|
PYTHON
|
|
chmod a+rx /bin/qrcode
|
|
}
|
|
test -f /etc/sysctl.d/ipv4.forward|| {
|
|
cat > /etc/sysctl.d/ipv4.forward << SYSCTL
|
|
net.ipv4.ip_forward=1
|
|
net.ipv6.conf.all.forwarding=1
|
|
SYSCTL
|
|
}
|
|
|
|
wg-quick down wg0
|
|
|
|
test -f /etc/wireguard/privatekey || {
|
|
wg genkey > /etc/wireguard/privatekey
|
|
chmod 0600 /etc/wireguard/privatekey
|
|
}
|
|
test -f /etc/wireguard/publickey || {
|
|
wg pubkey < /etc/wireguard/privatekey > /etc/wireguard/publickey
|
|
chmod 0600 /etc/wireguard/publickey
|
|
}
|
|
|
|
|
|
test -d /etc/wireguard/peers || {
|
|
mkdir /etc/wireguard/peers
|
|
}
|
|
|
|
NUM=1
|
|
for PEERNAME in user1 user2 user3
|
|
do
|
|
PEERINFO="/etc/wireguard/peers/peer.$NUM.$PEERNAME.txt"
|
|
test -f "$PEERINFO" || {
|
|
PRIVATEKEY="$(wg genkey | tee "$PEERINFO")"
|
|
wg pubkey >> "$PEERINFO" <<< "$PRIVATEKEY"
|
|
}
|
|
NUM=$((NUM+1))
|
|
done
|
|
|
|
INTENRNET_NIC="$(ip route get 8.8.8.8 | head -n 1 | sed 's/.*dev //;s/src.*//')";
|
|
|
|
rm /etc/wireguard/wg0.conf
|
|
test -f /etc/wireguard/wg0.conf || {
|
|
cat > /etc/wireguard/wg0.conf << WGCONF
|
|
[Interface]
|
|
Address = 10.1.1.1/24
|
|
Address = fdaa::1/24
|
|
SaveConfig = true
|
|
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o $INTENRNET_NIC -j MASQUERADE
|
|
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o $INTENRNET_NIC -j MASQUERADE
|
|
ListenPort = 78
|
|
PrivateKey = $(cat /etc/wireguard/privatekey)
|
|
|
|
$(
|
|
cd /etc/wireguard/peers
|
|
for PEER in peer*.txt
|
|
do
|
|
NUM="${PEER#peer.}"
|
|
NUM="${NUM%.*.txt}"
|
|
cat << PEERINFO
|
|
[Peer]
|
|
PublicKey = $(tail -n 1 "$PEER")
|
|
AllowedIPs = 10.1.1.$((NUM + 1))/32
|
|
PEERINFO
|
|
done
|
|
)
|
|
WGCONF
|
|
}
|
|
|
|
(
|
|
cd /etc/wireguard/peers
|
|
for PEER in peer*.txt
|
|
do
|
|
NUM="${PEER#peer.}"
|
|
NUM="${NUM%.*.txt}"
|
|
tee "$PEER".conf << PEERINFO | qrcode | tee "$PEER".qrcode
|
|
[Interface]
|
|
PrivateKey = $(head -n 1 "$PEER")
|
|
Address = 10.1.1.$((NUM + 1))/32,fdaa::$((NUM + 1))/64
|
|
DNS = 8.8.8.8
|
|
|
|
[Peer]
|
|
PublicKey = $(cat /etc/wireguard/publickey)
|
|
AllowedIPs = 0.0.0.0/0
|
|
Endpoint = $(ip -br a s | grep -e '^en' | sed 's/\/32 metric.*//;s/.* //'):78
|
|
PEERINFO
|
|
done
|
|
)
|
|
|
|
wg-quick up wg0
|
|
sleep 1
|
|
wg show
|
|
systemctl enable 'wg-quick@wg0'
|