.pct-helpers

@@ -317,68 +317,51 @@ readVars(){
 
 
 #
-#	buildAssets [VAR ..]
+#	buildAssets [TEMPLATES [ASSETS]]
 #
 buildAssets(){
-	local template_dir=${TEMPLATE_DIR:-templates}
+	local TEMPLATE_DIR=$1
-	local assets_dir=${ASSETS_DIR:-assets}
+	TEMPLATE_DIR=${TEMPLATE_DIR:=templates}
+	local ASSETS_DIR=$2
+	ASSETS_DIR=${ASSETS_DIR:=assets}
 
-	if ! [ -e $template_dir ] ; then
+	if ! [ -e $TEMPLATE_DIR ] ; then
 		return
 	fi
 
-	local PATTERNS=()
+	local TEMPLATES=($(find "$TEMPLATE_DIR" -type f))
-	local DFL_VARS=(
-		EMAIL
-		DOMAIN
-		CTHOSTNAME
-		GATE_HOSTNAME
-		NS_HOSTNAME
-		GATE_LAN_IP
-		GATE_ADMIN_IP
-		NS_LAN_IP
-		NS_ADMIN_IP
-		WAN_IP
-		WAN_GATE
-		LAN_IP
-		LAN_GATE
-		ADMIN_IP
-		ADMIN_GATE
-	)
-	for var in ${DFL_VARS[@]} ; do
-		local val=${!var}
-		PATTERNS+=("-e 's/\\\${${var}}/${val/\//\\/}/g'")
-	done
-	local IP_VARS=(
-		GATE_LAN_IPn
-		GATE_ADMIN_IPn
-		NS_LAN_IPn
-		NS_ADMIN_IPn
-		WAN_IPn
-		LAN_IPn
-		ADMIN_IPn
-	)
-	for var in ${IP_VARS[@]} ; do
-		local val=${!var}
-		PATTERNS+=("-e 's/\\\${${var}}/${val/\/*}/g'")
-	done
-	# args...
-	for var in $@ ; do
-		local val=${!var}
-		PATTERNS+=("-e 's/\\\${${var}}/${val/\//\\/}/g'")
-	done
-
-	local TEMPLATES=($(find "$template_dir" -type f))
 	for file in "${TEMPLATES[@]}" ; do
-		file=${file#${template_dir}}
+		file=${file#${TEMPLATE_DIR}}
 		echo Generating: ${file}...
 		[ $DRY_RUN ] \
 			&& continue
 		# ensure the directory exists...
-		mkdir -p "$(dirname "${assets_dir}/${file}")"
+		mkdir -p "$(dirname "${ASSETS_DIR}/${file}")"
-		cat "${template_dir}/${file}" \
+		cat "${TEMPLATE_DIR}/${file}" \
-			| eval "sed ${PATTERNS[@]}" \
+			| sed \
-			> "${assets_dir}/${file}"
+				-e 's/\${EMAIL}/'${EMAIL/\//\\/}'/g' \
+				-e 's/\${DOMAIN}/'${DOMAIN/\//\\/}'/g' \
+				-e 's/\${CTHOSTNAME}/'${CTHOSTNAME/\//\\/}'/g' \
+				-e 's/\${GATE_HOSTNAME}/'${GATE_HOSTNAME/\//\\/}'/g' \
+				-e 's/\${NS_HOSTNAME}/'${NS_HOSTNAME/\//\\/}'/g' \
+				-e 's/\${GATE_LAN_IP}/'${GATE_LAN_IP/\//\\/}'/g' \
+				-e 's/\${GATE_LAN_IPn}/'${GATE_LAN_IP/\/*}'/g' \
+				-e 's/\${GATE_ADMIN_IP}/'${GATE_ADMIN_IP/\//\\/}'/g' \
+				-e 's/\${GATE_ADMIN_IPn}/'${GATE_ADMIN_IP/\/*}'/g' \
+				-e 's/\${NS_LAN_IP}/'${NS_LAN_IP/\//\\/}'/g' \
+				-e 's/\${NS_LAN_IPn}/'${NS_LAN_IP/\/*}'/g' \
+				-e 's/\${NS_ADMIN_IP}/'${NS_ADMIN_IP/\//\\/}'/g' \
+				-e 's/\${NS_ADMIN_IPn}/'${NS_ADMIN_IP/\/*}'/g' \
+				-e 's/\${WAN_IP}/'${WAN_IP/\//\\/}'/g' \
+				-e 's/\${WAN_IPn}/'${WAN_IP/\/*}'/g' \
+				-e 's/\${WAN_GATE}/'${WAN_GATE/\//\\/}'/g' \
+				-e 's/\${LAN_IP}/'${LAN_IP/\//\\/}'/g' \
+				-e 's/\${LAN_IPn}/'${LAN_IP/\/*}'/g' \
+				-e 's/\${LAN_GATE}/'${LAN_GATE/\//\\/}'/' \
+				-e 's/\${ADMIN_IP}/'${ADMIN_IP/\//\\/}'/g' \
+				-e 's/\${ADMIN_IPn}/'${ADMIN_IP/\/*}'/g' \
+				-e 's/\${ADMIN_GATE}/'${ADMIN_GATE/\//\\/}'/g' \
+			> "${ASSETS_DIR}/${file}"
 	done
 }
 

gate-traefik/make.sh

@@ -67,7 +67,7 @@ OPTS_STAGE_2="\
 #----------------------------------------------------------------------
 
 echo "# Building config..."
-buildAssets
+buildAssets "$TEMPLATE_DIR" "$ASSETS_DIR"
 
 echo "# Creating CT..."
 pctCreateAlpine $ID "${OPTS_STAGE_1}" "$PASS"
@@ -90,7 +90,7 @@ echo "# Setup: iptables..."
 
 echo "# Setup: iptables update script..."
 @ lxc-attach $ID rc-update add local
-@ lxc-attach $ID -- ln -s /root/routing.sh /etc/local.d/iptables-update.start
+@ lxc-attach $ID ln -s /root/routing.sh /etc/local.d/iptables-update.start
 
 echo "# Post config..."
 pctSet $ID "${OPTS_STAGE_2}" $REBOOT

gate-traefik/templates/etc/network/interfaces

@@ -19,7 +19,7 @@ iface wan inet static
 	hostname $(hostname)
 
 auto br0
-iface br0 inet static
+iface br0 inet stattic
 	pre-up echo 1 > /proc/sys/net/ipv4/ip_forward
 	pre-up brctl addbr br0
 

nextcloud/make.sh

@@ -67,7 +67,7 @@ OPTS_STAGE_2="\
 #----------------------------------------------------------------------
 
 echo "# Building config..."
-buildAssets
+buildAssets "$TEMPLATE_DIR" "$ASSETS_DIR"
 
 echo "# Creating CT..."
 getLatestTemplate '.*-turnkey-nextcloud' TEMPLATE

ns/make.sh

@@ -66,7 +66,7 @@ OPTS_STAGE_2="\
 #----------------------------------------------------------------------
 
 echo "# Building config..."
-buildAssets
+buildAssets "$TEMPLATE_DIR" "$ASSETS_DIR"
 
 echo "# Creating CT..."
 pctCreateAlpine $ID "${OPTS_STAGE_1}" "$PASS"

ssh/make.sh

@@ -65,19 +65,12 @@ echo "# Creating CT..."
 pctCreateDebian $ID "${OPTS_STAGE_1}" "$PASS"
 
 echo "# Installing dependencies..."
-@ lxc-attach $ID -- bash -c 'yes | apt install vim htop iftop iotop tmux mc sudo'
+@ lxc-attach $ID apt install vim htop iftop iotop tmux mc
 
-echo "# Setup: users..."
+echo "# Setup: user..."
-while true ; do
+xread "user name for ssh: " SSH_USER
-	xread "user name for ssh: " SSH_USER
+[ -z $SSH_USER ] \
-	[ -z $SSH_USER ] \
+	|| @ lxc-attach $ID -- adduser $SSH_USER
-		|| @ lxc-attach $ID -- adduser $SSH_USER
-	read -ep "Add another user? [y/N] " MORE
-	if [[ $MORE == 'y' ]] ; then
-		continue
-	fi
-	break
-done
 
 echo "# Post config..."
 pctSet $ID "${OPTS_STAGE_2}" $REBOOT

wireguard/assets/etc/network/interfaces

@@ -1,18 +0,0 @@
-auto lo
-iface lo inet loopback
-iface lo inet6 loopback
-
-auto admin
-iface admin inet dhcp
-	hostname $(hostname)
-
-auto lan
-iface lan inet dhcp
-	hostname $(hostname)
-
-auto wg0
-iface wg0 inet static
-	pre-up echo 1 > /proc/sys/net/ipv4/ip_forward
-	pre-up wg-quick up wg0
-	hostname $(hostname)
-	post-down wg-quick down wg0

wireguard/assets/root/Makefile

@@ -0,0 +1,69 @@
+
+
+
+SERVER_DIR := /etc/wireguard/
+SERVER_TPL := templates/wg0.conf
+SERVER_CLIENT_TPL := templates/wg0-client.tpl
+SERVER_CONF := $(SERVER_DIR)/wg0.conf
+SERVER_KEY := $(SERVER_DIR)/server_id
+SERVER_PUBLIC_KEY := $(SERVER_DIR)/server_id.pub
+
+CLIENT_TPL := templates/client.conf
+CLIENT_DIR := $(SERVER_DIR)/clients/
+
+CLIENT_IPS ?= 10.42.0.0/16
+ENDPOINT_PORT ?= 51820
+ENDPOINT ?= 1.2.3.4
+
+# XXX need to generate this...
+CLIENT_IP ?= 10.42.0.1/32
+DNS ?= 10.1.1.1
+ALLOWED_IPS ?= 0.0.0.0/0
+
+
+%_id:
+	@ mkdir -p $$(dirname $@)
+	wg genkey 2> /dev/null > $@
+	chmod 600 $@
+
+%_id.pub: %_id
+	cat $< | wg pubkey > $@
+
+
+$(SERVER_CONF): $(SERVER_TPL) $(SERVER_KEY)
+	cat $< \
+		| sed \
+			-e 's/\$${ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \
+			-e 's/\$${CLIENT_IPS}/$(subst /,\/,$(CLIENT_IPS))/g' \
+			-e 's/\$${SERVER_PRIVATE_KEY}/'$$(cat "$(SERVER_KEY)" | sed -e 's/\//\\\//g')'/g' \
+		> "$@"
+
+%.client: $(CLIENT_TPL) $(SERVER_CLIENT_TPL) \
+		$(CLIENT_DIR)/%_id $(CLIENT_DIR)/%_id.pub \
+		$(SERVER_CONF) $(SERVER_PUBLIC_KEY)
+	@ mkdir -p $(CLIENT_DIR)
+	cat "$<" \
+		| sed \
+			-e 's/\$${DNS}/$(DNS)/g' \
+			-e 's/\$${ENDPOINT}/$(ENDPOINT)/g' \
+			-e 's/\$${ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \
+			-e 's/\$${ALLOWED_IPS}/$(subst /,\/,$(ALLOWED_IPS))/g' \
+			-e 's/\$${CLIENT_IP}/$(subst /,\/,$(CLIENT_IP))/g' \
+			-e 's/\$${CLIENT_PRIVATE_KEY}/'$$(cat "$(CLIENT_DIR)/$*_id" | sed -e 's/\//\\\//g')'/g' \
+			-e 's/\$${SERVER_PUBLIC_KEY}/'$$(cat "$(SERVER_PUBLIC_KEY)" | sed -e 's/\//\\\//g')'/g' \
+		> "$(CLIENT_DIR)/$*.conf"
+	cat "$(SERVER_CLIENT_TPL)" \
+		| sed \
+			-e 's/\$${CLIENT_IP}/$(subst /,\/,$(CLIENT_IP))/g' \
+			-e 's/\$${ENDPOINT}/$(ENDPOINT)/g' \
+			-e 's/\$${ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \
+			-e 's/\$${CLIENT_PUBLIC_KEY}/'$$(cat "$(CLIENT_DIR)/$*_id.pub" | sed -e 's/\//\\\//g')'/g' \
+			-e 's/\$${SERVER_PUBLIC_KEY}/'$$(cat "$(SERVER_PUBLIC_KEY)" | sed -e 's/\//\\\//g')'/g' \
+		>> "$(SERVER_CONF)"
+
+
+
+server: $(SERVER_CONF)
+
+
+

wireguard/assets/root/make-client

@@ -0,0 +1,8 @@
+#!/usr/bin/bash
+
+SERVER_TEMPLATE=
+CLIENT_TEMPLATE=
+
+PRIVATE_KEY=
+PUBLIC_KEY=
+

wireguard/assets/root/make-server

@@ -0,0 +1,24 @@
+#!/usr/bin/bash
+
+SERVER_TEMPLATE=${SERVER_TEMPLATE:=templates/wg0.conf}
+SERVER_CONF=/etc/wireguard/wg0.conf
+
+PUBLIC_KEY=/etc/wireguard/server_id
+PRIVATE_KEY=/etc/wireguard/server_id.pub
+
+
+if ! [ -e "$PRIVATE_KEY" ] ; then
+	wg genkey > "$PRIVATE_KEY" 
+fi
+if ! [ -e "$PUBLIC_KEY" ] ; then
+	cat "$PRIVATE_KEY" | wg pubkey > "$PUBLIC_KEY"
+fi
+
+PRIVATE_KEY=$(cat "$PRIVATE_KEY")
+cat ${SERVER_TEMPLATE} \
+	| sed \
+		-q 's/\${SERVER_PRIVATE_KEY}/'${PRIVATE_KEY}'/g' \
+	> "${SERVER_CONF}"
+
+./make-client
+

wireguard/make.sh

@@ -35,19 +35,9 @@ LAN_GATE=-
 
 REBOOT=${REBOOT:=1}
 
-DFL_ENDPOINT=${DFL_ENDPOINT:=$(dig +short ${DOMAIN:-$DFL_DOMAIN} | tail -1)}
-xread "Wireguard endpoint: " ENDPOINT
-
-DFL_ENDPOINT_PORT=${DFL_ENDPOINT_PORT:=51820}
-xread "Wireguard endpoint port: " ENDPOINT_PORT
-
-
 readVars
 
 
-DNS=${NS_LAN_IP/\/*}
-
-
 
 #----------------------------------------------------------------------
 
@@ -73,13 +63,13 @@ OPTS_STAGE_2="\
 #----------------------------------------------------------------------
 
 echo "# Building config..."
-buildAssets ENDPOINT ENDPOINT_PORT DNS
+buildAssets "$TEMPLATE_DIR" "$ASSETS_DIR"
 
 echo "# Creating CT..."
 pctCreateAlpine $ID "${OPTS_STAGE_1}" "$PASS"
 
 echo "# Installing dependencies..."
-@ lxc-attach $ID apk add iptables wireguard-tools-wg-quick make bind-tools
+@ lxc-attach $ID apk add iptables wireguard-tools-wg-quick make
 
 echo "# Copying assets..."
 @ pct-push-r $ID ./assets /
@@ -89,14 +79,20 @@ echo "# Copying assets..."
 
 echo "# Setup: wireguard default profile..."
 @ lxc-attach $ID -- bash -c "cd /root && \
-	CLIENT_IP=10.42.0.1/32 \
+	ENDPOINT_PORT=51820
-	ALLOWED_IPS=0.0.0.0/0 \
+	ENDPOINT=${DOMAIN}
+	CLIENT_IP=10.42.0.1/32
+	DNS=${NS_LAN_IP}
+	ALLOWED_IPS=0.0.0.0/0
 		make default.client" 
 @ lxc-attach $ID -- chmod 600 /etc/wireguard/wg0.conf
 
 echo "# client config:"
 @ mkdir -p clients
 @ pct pull $ID /etc/wireguard/clients/default.conf clients/default.conf
+echo "# ---"
+@ lxc-attach $ID -- cat /etc/wireguard/clients/default.conf
+echo "# ---"
 
 #echo "# Setup: bridge device..."
 @ lxc-attach $ID wg-quick up wg0 

wireguard/templates/root/Makefile

@@ -1,71 +0,0 @@
-
-
-
-SERVER_DIR := /etc/wireguard/
-SERVER_TPL := templates/wg0.conf
-SERVER_CLIENT_TPL := templates/wg0-client.tpl
-SERVER_CONF := $(SERVER_DIR)/wg0.conf
-SERVER_KEY := $(SERVER_DIR)/server_id
-SERVER_PUBLIC_KEY := $(SERVER_DIR)/server_id.pub
-
-CLIENT_TPL := templates/client.conf
-CLIENT_DIR := $(SERVER_DIR)/clients/
-
-CLIENT_IPS ?= 10.42.0.0/16
-ENDPOINT_PORT ?= ${ENDPOINT_PORT}
-ENDPOINT ?= ${ENDPOINT}
-
-DNS ?= ${DNS}
-ALLOWED_IPS ?= 0.0.0.0/0
-# XXX need to generate this...
-CLIENT_IP ?= 10.42.0.1/32
-
-
-%_id:
-	@ mkdir -p $$(dirname $@)
-	wg genkey 2> /dev/null > $@
-	chmod 600 $@
-
-%_id.pub: %_id
-	cat $< | wg pubkey > $@
-
-
-# NOTE: the first letter of each pattern is quoted to prevent it from 
-# 	being substituted when generating this Makefile from template.
-$(SERVER_CONF): $(SERVER_TPL) $(SERVER_KEY)
-	cat $< \
-		| sed \
-			-e 's/\$${\ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \
-			-e 's/\$${\CLIENT_IPS}/$(subst /,\/,$(CLIENT_IPS))/g' \
-			-e 's/\$${\SERVER_PRIVATE_KEY}/'$$(sed -e 's/\//\\\//g' "$(SERVER_KEY)")'/g' \
-		> "$@"
-
-%.client: $(CLIENT_TPL) $(SERVER_CLIENT_TPL) \
-		$(CLIENT_DIR)/%_id $(CLIENT_DIR)/%_id.pub \
-		$(SERVER_CONF) $(SERVER_PUBLIC_KEY)
-	@ mkdir -p $(CLIENT_DIR)
-	cat "$<" \
-		| sed \
-			-e 's/\$${\DNS}/$(DNS)/g' \
-			-e 's/\$${\ENDPOINT}/$(ENDPOINT)/g' \
-			-e 's/\$${\ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \
-			-e 's/\$${\ALLOWED_IPS}/$(subst /,\/,$(ALLOWED_IPS))/g' \
-			-e 's/\$${\CLIENT_IP}/$(subst /,\/,$(CLIENT_IP))/g' \
-			-e 's/\$${\CLIENT_PRIVATE_KEY}/'$$(sed -e 's/\//\\\//g' "$(CLIENT_DIR)/$*_id")'/g' \
-			-e 's/\$${\SERVER_PUBLIC_KEY}/'$$(sed -e 's/\//\\\//g' "$(SERVER_PUBLIC_KEY)")'/g' \
-		> "$(CLIENT_DIR)/$*.conf"
-	cat "$(SERVER_CLIENT_TPL)" \
-		| sed \
-			-e 's/\$${\CLIENT_IP}/$(subst /,\/,$(CLIENT_IP))/g' \
-			-e 's/\$${\ENDPOINT}/$(ENDPOINT)/g' \
-			-e 's/\$${\ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \
-			-e 's/\$${\CLIENT_PUBLIC_KEY}/'$$(sed -e 's/\//\\\//g' "$(CLIENT_DIR)/$*_id.pub")'/g' \
-			-e 's/\$${\SERVER_PUBLIC_KEY}/'$$(sed -e 's/\//\\\//g' "$(SERVER_PUBLIC_KEY)")'/g' \
-		>> "$(SERVER_CONF)"
-
-
-
-server: $(SERVER_CONF)
-
-
-