...

Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com>

.pct-helpers

@@ -347,7 +347,7 @@ buildAssets(){
 	)
 	for var in ${DFL_VARS[@]} ; do
 		local val=${!var}
-		PATTERNS+=("-e 's/\\\${${var}}/${val/\//\\/}/g'")
+		PATTERNS+=("-e 's/\\\${${var}}/${val//\//\\/}/g'")
 	done
 	local IP_VARS=(
 		GATE_LAN_IPn
@@ -365,7 +365,7 @@ buildAssets(){
 	# args...
 	for var in $@ ; do
 		local val=${!var}
-		PATTERNS+=("-e 's/\\\${${var}}/${val/\//\\/}/g'")
+		PATTERNS+=("-e 's/\\\${${var}}/${val//\//\\/}/g'")
 	done
 
 	local TEMPLATES=($(find "$template_dir" -type f))

wireguard/make.sh

@@ -35,12 +35,16 @@ LAN_GATE=-
 
 REBOOT=${REBOOT:=1}
 
+# Wireguard config...
 DFL_ENDPOINT=${DFL_ENDPOINT:=$(dig +short ${DOMAIN:-$DFL_DOMAIN} | tail -1)}
 xread "Wireguard endpoint: " ENDPOINT
 
 DFL_ENDPOINT_PORT=${DFL_ENDPOINT_PORT:=51820}
 xread "Wireguard endpoint port: " ENDPOINT_PORT
 
+CLIENT_IPS=${CLIENT_IPS:-10.42.0.0/16}
+ALLOWED_IPS=${ALLOWED_IPS:-0.0.0.0/0,${CLIENT_IPS}}
+
 
 readVars
 
@@ -73,7 +77,7 @@ OPTS_STAGE_2="\
 #----------------------------------------------------------------------
 
 echo "# Building config..."
-buildAssets ENDPOINT ENDPOINT_PORT DNS
+buildAssets ENDPOINT ENDPOINT_PORT DNS CLIENT_IPS ALLOWED_IPS
 
 echo "# Creating CT..."
 pctCreateAlpine $ID "${OPTS_STAGE_1}" "$PASS"
@@ -83,15 +87,13 @@ echo "# Installing dependencies..."
 
 echo "# Copying assets..."
 @ pct-push-r $ID ./assets /
+@ lxc-attach $ID -- chmod +x /root/getFreeClientIP
 
 #echo "# Setup: wireguard server..."
 @ lxc-attach $ID -- bash -c 'cd /root && make server'
 
 echo "# Setup: wireguard default profile..."
-@ lxc-attach $ID -- bash -c "cd /root && \
+@ lxc-attach $ID -- bash -c "cd /root && make default.client" 
-	CLIENT_IP=10.42.0.1/32 \
-	ALLOWED_IPS=0.0.0.0/0 \
-		make default.client" 
 @ lxc-attach $ID -- chmod 600 /etc/wireguard/wg0.conf
 
 echo "# client config:"

wireguard/templates/root/Makefile

@@ -11,14 +11,13 @@ SERVER_PUBLIC_KEY := $(SERVER_DIR)/server_id.pub
 CLIENT_TPL := templates/client.conf
 CLIENT_DIR := $(SERVER_DIR)/clients/
 
-CLIENT_IPS ?= 10.42.0.0/16
-ENDPOINT_PORT ?= ${ENDPOINT_PORT}
-ENDPOINT ?= ${ENDPOINT}
 
+ENDPOINT ?= ${ENDPOINT}
+ENDPOINT_PORT ?= ${ENDPOINT_PORT}
 DNS ?= ${DNS}
-ALLOWED_IPS ?= 0.0.0.0/0
+CLIENT_IPS ?= ${CLIENT_IPS}
-# XXX need to generate this...
+ALLOWED_IPS ?= ${ALLOWED_IPS}
-CLIENT_IP ?= 10.42.0.1/32
+
 
 
 %_id:
@@ -50,13 +49,13 @@ $(SERVER_CONF): $(SERVER_TPL) $(SERVER_KEY)
 			-e 's/\$${\ENDPOINT}/$(ENDPOINT)/g' \
 			-e 's/\$${\ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \
 			-e 's/\$${\ALLOWED_IPS}/$(subst /,\/,$(ALLOWED_IPS))/g' \
-			-e 's/\$${\CLIENT_IP}/$(subst /,\/,$(CLIENT_IP))/g' \
+			-e 's/\$${\CLIENT_IP}/$(shell ./getFreeClientIP)\/32/g' \
 			-e 's/\$${\CLIENT_PRIVATE_KEY}/'$$(sed -e 's/\//\\\//g' "$(CLIENT_DIR)/$*_id")'/g' \
 			-e 's/\$${\SERVER_PUBLIC_KEY}/'$$(sed -e 's/\//\\\//g' "$(SERVER_PUBLIC_KEY)")'/g' \
 		> "$(CLIENT_DIR)/$*.conf"
 	cat "$(SERVER_CLIENT_TPL)" \
 		| sed \
-			-e 's/\$${\CLIENT_IP}/$(subst /,\/,$(CLIENT_IP))/g' \
+			-e 's/\$${\CLIENT_IP}/$(shell ./getFreeClientIP)\/32/g' \
 			-e 's/\$${\ENDPOINT}/$(ENDPOINT)/g' \
 			-e 's/\$${\ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \
 			-e 's/\$${\CLIENT_PUBLIC_KEY}/'$$(sed -e 's/\//\\\//g' "$(CLIENT_DIR)/$*_id.pub")'/g' \

wireguard/templates/root/getFreeClientIP

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+CLIENT_IPS=${CLIENT_IPS}
+
+BASE_IP=${CLIENT_IPS/.0\/*}
+IPs=($(cat /etc/wireguard/clients/* 2> /dev/null \
+	| grep Address \
+	| cut -d'.' -f 4 \
+	| cut -d '/' -f 1 \
+	| sort))
+IPs=${IPs[@]}
+
+i=1
+while [ "$( echo $IPs | fgrep -w $i )" ] ; do
+	i=$(( i + 1 ))
+done
+
+echo $BASE_IP.$i
+