added wireguard (untested)...

Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com>

wireguard/assets/root/Makefile

@@ -0,0 +1,64 @@
+
+
+
+SERVER_TPL := templates/wg0.conf
+SERVER_CLIENT_TPL := templates/wg0-client.conf
+SERVER_CONF := /etc/wireguard/wg0.conf
+SERVER_KEY := /etc/wireguard/server_id
+SERVER_PUBLIC_KEY := /etc/wireguard/server_id.pub
+
+CLIENT_TPL := templates/client.conf
+CLIENT_DIR := /etc/wireguard/clients/
+
+ENDPOINT_PORT := 51820
+ENDPOINT := 
+CLIENT_IPS := 10.42.0.0/16
+DNS := 10.1.1.1
+
+
+%_id:
+	wg genkey > $@
+
+%_id.pub: %_id
+	cat $< | wg pubkey > $@
+
+
+$(SERVER_CONF): $(SERVER_TPL) $(SERVER_KEY)
+	cat $< \
+		| sed \
+			-e 's/$${SERVER_PORT}/$(SERVER_PORT)/g' \
+			-e 's/$${CLIENT_IPS}/$(CLIENT_IPS)/g' \
+			-e 's/$${SERVER_PRIVATE_KEY}/'$$(cat "$(SERVER_KEY)")'/g' \
+		> "$@"
+
+$(CLIENT_DIR)/%.conf: $(CLIENT_TPL) $(SERVER_CLIENT_TPL) \
+		$(CLIENT_DIR)/%_id $(CLIENT_DIR)/%_id.pub \
+		$(SERVER_CONF) $(SERVER_PUBLIC_KEY)
+	cat "$<" \
+		| sed \
+			-e 's/$${DNS}/$(DNS)/g' \
+			-e 's/$${ENDPOINT}/$(ENDPOINT)/g' \
+			-e 's/$${ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \
+			-e 's/$${ALLOWED_IPS}/$(ALLOWED_IPS)/g' \
+			-e 's/$${CLIENT_IP}/$(CLIENT_IP)/g' \
+			-e 's/$${CLIENT_PRIVATE_KEY}/'$$(cat "$(CLIENT_DIR)/$%_id")'/g' \
+			-e 's/$${SERVER_PUBLIC_KEY}/'$$(cat "$(SERVER_PUBLIC_KEY)")'/g' \
+		> "$@"
+	cat "$(SERVER_CLIENT_TPL)" \
+		| sed \
+			-e 's/$${CLIENT_IP}/$(CLIENT_IP)/g' \
+			-e 's/$${ENDPOINT}/$(ENDPOINT)/g' \
+			-e 's/$${ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \
+			-e 's/$${CLIENT_PUBLIC_KEY}/'$$(cat "$(CLIENT_DIR)/$%_id.pub")'/g' \
+			-e 's/$${SERVER_PUBLIC_KEY}/'$$(cat "$(SERVER_PUBLIC_KEY)")'/g' \
+		>> "$(SERVER_CONF)"
+
+
+
+server: $(SERVER_CONF)
+
+
+clients:
+
+
+

wireguard/assets/root/make-client

@@ -0,0 +1,8 @@
+#!/usr/bin/bash
+
+SERVER_TEMPLATE=
+CLIENT_TEMPLATE=
+
+PRIVATE_KEY=
+PUBLIC_KEY=
+

wireguard/assets/root/make-server

@@ -0,0 +1,24 @@
+#!/usr/bin/bash
+
+SERVER_TEMPLATE=${SERVER_TEMPLATE:=templates/wg0.conf}
+SERVER_CONF=/etc/wireguard/wg0.conf
+
+PUBLIC_KEY=/etc/wireguard/server_id
+PRIVATE_KEY=/etc/wireguard/server_id.pub
+
+
+if ! [ -e "$PRIVATE_KEY" ] ; then
+	wg genkey > "$PRIVATE_KEY" 
+fi
+if ! [ -e "$PUBLIC_KEY" ] ; then
+	cat "$PRIVATE_KEY" | wg pubkey > "$PUBLIC_KEY"
+fi
+
+PRIVATE_KEY=$(cat "$PRIVATE_KEY")
+cat ${SERVER_TEMPLATE} \
+	| sed \
+		-q 's/\${SERVER_PRIVATE_KEY}/'${PRIVATE_KEY}'/g' \
+	> "${SERVER_CONF}"
+
+./make-client
+

wireguard/assets/root/templates/client.config

@@ -0,0 +1,10 @@
+[Interface]
+PrivateKey = ${CLIENT_PRIVATE_KEY}
+Address = ${CLIENT_IP}/32
+DNS = ${DNS}
+
+[Peer]
+PublicKey = ${SERVER_PUBLIC_KEY}
+AllowedIPs = ${ALLOWED_IPS}
+Endpoint = ${ENDPOINT}:${ENDPOINT_PORT}
+

wireguard/assets/root/templates/wg0-client.tpl

@@ -0,0 +1,6 @@
+
+[Peer]
+PublicKey = ${CLIENT_PUBLIC_KEY} 
+AllowedIPs = ${CLIENT_IP}/32
+Endpoint = ${ENDPOINT}:${ENDPOINT_PORT}
+

wireguard/assets/root/templates/wg0.conf

@@ -0,0 +1,9 @@
+[Interface]
+Address = ${CLIENT_IPS}
+SaveConfig = true
+PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o lan -j MASQUERADE; iptables -t nat -A POSTROUTING -o admin -j MASQUERADE;
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o lan -j MASQUERADE; iptables -t nat -D POSTROUTING -o admin -j MASQUERADE;
+ListenPort = ${ENDPOINT_PORT}
+PrivateKey = ${SERVER_PRIVATE_KEY} 
+
+