wireguard almost done...

Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com>

wireguard/assets/root/Makefile

@@ -11,13 +11,14 @@ SERVER_PUBLIC_KEY := $(SERVER_DIR)/server_id.pub
 CLIENT_TPL := templates/client.conf
 CLIENT_DIR := $(SERVER_DIR)/clients/
 
-ENDPOINT_PORT := 51820
+CLIENT_IPS ?= 10.42.0.0/16
-ENDPOINT := 1.2.3.4
+ENDPOINT_PORT ?= 51820
+ENDPOINT ?= 1.2.3.4
+
 # XXX need to generate this...
-CLIENT_IP := 10.42.0.1/32
+CLIENT_IP ?= 10.42.0.1/32
-CLIENT_IPS := 10.42.0.0/16
+DNS ?= 10.1.1.1
-DNS := 10.1.1.1
+ALLOWED_IPS ?= 0.0.0.0/0
-ALLOWED_IPS := 0.0.0.0/0
 
 
 %_id:

wireguard/make.sh

@@ -69,26 +69,32 @@ echo "# Creating CT..."
 pctCreateAlpine $ID "${OPTS_STAGE_1}" "$PASS"
 
 echo "# Installing dependencies..."
-@ lxc-attach $ID apk add iptables wireguard-tools-wg-quick
+@ lxc-attach $ID apk add iptables wireguard-tools-wg-quick make
 
 echo "# Copying assets..."
 @ pct-push-r $ID ./assets /
 
 #echo "# Setup: wireguard server..."
-#@ lxc-attach $ID -- bash -c 'wg genkey | tee server.privatekey | wg pubkey > server.publickey' 
+@ lxc-attach $ID -- make server 
 
-# XXX move this into a script on the CT side...
+echo "# Setup: wireguard default profile..."
-echo "# Setup: wireguard user..."
+@ lxc-attach $ID -- bash -c "\
-xread "profile name: " WG_PROFILE
+	ENDPOINT_PORT=51820
-xread "allowed ips: " ALLOWED_IPs
+	ENDPOINT=${DOMAIN}
+	CLIENT_IP=10.42.0.1/32
+	DNS=${NS_LAN_IP}
+	ALLOWED_IPS=0.0.0.0/0
+		make default.client" 
 
-# XXX client:
+echo "# client config:"
-# 	- generate keys
+@ mkdir -p clients
-# 	- add to wg0.conf
+@ lxc pull $ID /etc/wireguard/clients/default.conf clients/default.conf
-# 	- add to $WG_PROFILE.conf
+echo "# ---"
+@ lxc-attach $ID -- cat /etc/wireguard/client/default.conf
+echo "# ---"
 
 #echo "# Setup: bridge device..."
-#@ lxc-attach $ID wg up wg0 
+@ lxc-attach $ID wg-quick up wg0 
 
 echo "# Post config..."
 pctSet $ID "${OPTS_STAGE_2}" $REBOOT