diff --git a/wireguard/assets/root/Makefile b/wireguard/assets/root/Makefile index c565673..0e78674 100644 --- a/wireguard/assets/root/Makefile +++ b/wireguard/assets/root/Makefile @@ -11,13 +11,14 @@ SERVER_PUBLIC_KEY := $(SERVER_DIR)/server_id.pub CLIENT_TPL := templates/client.conf CLIENT_DIR := $(SERVER_DIR)/clients/ -ENDPOINT_PORT := 51820 -ENDPOINT := 1.2.3.4 +CLIENT_IPS ?= 10.42.0.0/16 +ENDPOINT_PORT ?= 51820 +ENDPOINT ?= 1.2.3.4 + # XXX need to generate this... -CLIENT_IP := 10.42.0.1/32 -CLIENT_IPS := 10.42.0.0/16 -DNS := 10.1.1.1 -ALLOWED_IPS := 0.0.0.0/0 +CLIENT_IP ?= 10.42.0.1/32 +DNS ?= 10.1.1.1 +ALLOWED_IPS ?= 0.0.0.0/0 %_id: diff --git a/wireguard/make.sh b/wireguard/make.sh index 468be9d..2bbbbab 100755 --- a/wireguard/make.sh +++ b/wireguard/make.sh @@ -69,26 +69,32 @@ echo "# Creating CT..." pctCreateAlpine $ID "${OPTS_STAGE_1}" "$PASS" echo "# Installing dependencies..." -@ lxc-attach $ID apk add iptables wireguard-tools-wg-quick +@ lxc-attach $ID apk add iptables wireguard-tools-wg-quick make echo "# Copying assets..." @ pct-push-r $ID ./assets / #echo "# Setup: wireguard server..." -#@ lxc-attach $ID -- bash -c 'wg genkey | tee server.privatekey | wg pubkey > server.publickey' +@ lxc-attach $ID -- make server -# XXX move this into a script on the CT side... -echo "# Setup: wireguard user..." -xread "profile name: " WG_PROFILE -xread "allowed ips: " ALLOWED_IPs +echo "# Setup: wireguard default profile..." +@ lxc-attach $ID -- bash -c "\ + ENDPOINT_PORT=51820 + ENDPOINT=${DOMAIN} + CLIENT_IP=10.42.0.1/32 + DNS=${NS_LAN_IP} + ALLOWED_IPS=0.0.0.0/0 + make default.client" -# XXX client: -# - generate keys -# - add to wg0.conf -# - add to $WG_PROFILE.conf +echo "# client config:" +@ mkdir -p clients +@ lxc pull $ID /etc/wireguard/clients/default.conf clients/default.conf +echo "# ---" +@ lxc-attach $ID -- cat /etc/wireguard/client/default.conf +echo "# ---" #echo "# Setup: bridge device..." -#@ lxc-attach $ID wg up wg0 +@ lxc-attach $ID wg-quick up wg0 echo "# Post config..." pctSet $ID "${OPTS_STAGE_2}" $REBOOT