mirror of
https://github.com/flynx/proxmox-utils.git
synced 2025-12-25 12:52:04 +00:00
Compare commits
13 Commits
97f88b63af
...
0a58cdc734
| Author | SHA1 | Date | |
|---|---|---|---|
| 0a58cdc734 | |||
| 07797e95b4 | |||
| dde5503ab0 | |||
| a796ef0a01 | |||
| 26550cddc9 | |||
| 2ba4d101b3 | |||
| a32619c2a9 | |||
| f93a8c99c6 | |||
| ba99de1821 | |||
| 788d2f199f | |||
| 52c11ba2b2 | |||
| 36df406a03 | |||
| c1f27f80a1 |
@ -1,23 +1,30 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
SERVER_DIR := /etc/wireguard/
|
||||||
SERVER_TPL := templates/wg0.conf
|
SERVER_TPL := templates/wg0.conf
|
||||||
SERVER_CLIENT_TPL := templates/wg0-client.conf
|
SERVER_CLIENT_TPL := templates/wg0-client.tpl
|
||||||
SERVER_CONF := /etc/wireguard/wg0.conf
|
SERVER_CONF := $(SERVER_DIR)/wg0.conf
|
||||||
SERVER_KEY := /etc/wireguard/server_id
|
SERVER_KEY := $(SERVER_DIR)/server_id
|
||||||
SERVER_PUBLIC_KEY := /etc/wireguard/server_id.pub
|
SERVER_PUBLIC_KEY := $(SERVER_DIR)/server_id.pub
|
||||||
|
|
||||||
CLIENT_TPL := templates/client.conf
|
CLIENT_TPL := templates/client.conf
|
||||||
CLIENT_DIR := /etc/wireguard/clients/
|
CLIENT_DIR := $(SERVER_DIR)/clients/
|
||||||
|
|
||||||
ENDPOINT_PORT := 51820
|
CLIENT_IPS ?= 10.42.0.0/16
|
||||||
ENDPOINT :=
|
ENDPOINT_PORT ?= 51820
|
||||||
CLIENT_IPS := 10.42.0.0/16
|
ENDPOINT ?= 1.2.3.4
|
||||||
DNS := 10.1.1.1
|
|
||||||
|
# XXX need to generate this...
|
||||||
|
CLIENT_IP ?= 10.42.0.1/32
|
||||||
|
DNS ?= 10.1.1.1
|
||||||
|
ALLOWED_IPS ?= 0.0.0.0/0
|
||||||
|
|
||||||
|
|
||||||
%_id:
|
%_id:
|
||||||
wg genkey > $@
|
@ mkdir -p $$(dirname $@)
|
||||||
|
wg genkey 2> /dev/null > $@
|
||||||
|
chmod 600 $@
|
||||||
|
|
||||||
%_id.pub: %_id
|
%_id.pub: %_id
|
||||||
cat $< | wg pubkey > $@
|
cat $< | wg pubkey > $@
|
||||||
@ -26,31 +33,32 @@ DNS := 10.1.1.1
|
|||||||
$(SERVER_CONF): $(SERVER_TPL) $(SERVER_KEY)
|
$(SERVER_CONF): $(SERVER_TPL) $(SERVER_KEY)
|
||||||
cat $< \
|
cat $< \
|
||||||
| sed \
|
| sed \
|
||||||
-e 's/$${SERVER_PORT}/$(SERVER_PORT)/g' \
|
-e 's/\$${ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \
|
||||||
-e 's/$${CLIENT_IPS}/$(CLIENT_IPS)/g' \
|
-e 's/\$${CLIENT_IPS}/$(subst /,\/,$(CLIENT_IPS))/g' \
|
||||||
-e 's/$${SERVER_PRIVATE_KEY}/'$$(cat "$(SERVER_KEY)")'/g' \
|
-e 's/\$${SERVER_PRIVATE_KEY}/'$$(cat "$(SERVER_KEY)" | sed -e 's/\//\\\//g')'/g' \
|
||||||
> "$@"
|
> "$@"
|
||||||
|
|
||||||
$(CLIENT_DIR)/%.conf: $(CLIENT_TPL) $(SERVER_CLIENT_TPL) \
|
%.client: $(CLIENT_TPL) $(SERVER_CLIENT_TPL) \
|
||||||
$(CLIENT_DIR)/%_id $(CLIENT_DIR)/%_id.pub \
|
$(CLIENT_DIR)/%_id $(CLIENT_DIR)/%_id.pub \
|
||||||
$(SERVER_CONF) $(SERVER_PUBLIC_KEY)
|
$(SERVER_CONF) $(SERVER_PUBLIC_KEY)
|
||||||
|
@ mkdir -p $(CLIENT_DIR)
|
||||||
cat "$<" \
|
cat "$<" \
|
||||||
| sed \
|
| sed \
|
||||||
-e 's/$${DNS}/$(DNS)/g' \
|
-e 's/\$${DNS}/$(DNS)/g' \
|
||||||
-e 's/$${ENDPOINT}/$(ENDPOINT)/g' \
|
-e 's/\$${ENDPOINT}/$(ENDPOINT)/g' \
|
||||||
-e 's/$${ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \
|
-e 's/\$${ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \
|
||||||
-e 's/$${ALLOWED_IPS}/$(ALLOWED_IPS)/g' \
|
-e 's/\$${ALLOWED_IPS}/$(subst /,\/,$(ALLOWED_IPS))/g' \
|
||||||
-e 's/$${CLIENT_IP}/$(CLIENT_IP)/g' \
|
-e 's/\$${CLIENT_IP}/$(subst /,\/,$(CLIENT_IP))/g' \
|
||||||
-e 's/$${CLIENT_PRIVATE_KEY}/'$$(cat "$(CLIENT_DIR)/$%_id")'/g' \
|
-e 's/\$${CLIENT_PRIVATE_KEY}/'$$(cat "$(CLIENT_DIR)/$*_id" | sed -e 's/\//\\\//g')'/g' \
|
||||||
-e 's/$${SERVER_PUBLIC_KEY}/'$$(cat "$(SERVER_PUBLIC_KEY)")'/g' \
|
-e 's/\$${SERVER_PUBLIC_KEY}/'$$(cat "$(SERVER_PUBLIC_KEY)" | sed -e 's/\//\\\//g')'/g' \
|
||||||
> "$@"
|
> "$(CLIENT_DIR)/$*.conf"
|
||||||
cat "$(SERVER_CLIENT_TPL)" \
|
cat "$(SERVER_CLIENT_TPL)" \
|
||||||
| sed \
|
| sed \
|
||||||
-e 's/$${CLIENT_IP}/$(CLIENT_IP)/g' \
|
-e 's/\$${CLIENT_IP}/$(subst /,\/,$(CLIENT_IP))/g' \
|
||||||
-e 's/$${ENDPOINT}/$(ENDPOINT)/g' \
|
-e 's/\$${ENDPOINT}/$(ENDPOINT)/g' \
|
||||||
-e 's/$${ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \
|
-e 's/\$${ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \
|
||||||
-e 's/$${CLIENT_PUBLIC_KEY}/'$$(cat "$(CLIENT_DIR)/$%_id.pub")'/g' \
|
-e 's/\$${CLIENT_PUBLIC_KEY}/'$$(cat "$(CLIENT_DIR)/$*_id.pub" | sed -e 's/\//\\\//g')'/g' \
|
||||||
-e 's/$${SERVER_PUBLIC_KEY}/'$$(cat "$(SERVER_PUBLIC_KEY)")'/g' \
|
-e 's/\$${SERVER_PUBLIC_KEY}/'$$(cat "$(SERVER_PUBLIC_KEY)" | sed -e 's/\//\\\//g')'/g' \
|
||||||
>> "$(SERVER_CONF)"
|
>> "$(SERVER_CONF)"
|
||||||
|
|
||||||
|
|
||||||
@ -58,7 +66,4 @@ $(CLIENT_DIR)/%.conf: $(CLIENT_TPL) $(SERVER_CLIENT_TPL) \
|
|||||||
server: $(SERVER_CONF)
|
server: $(SERVER_CONF)
|
||||||
|
|
||||||
|
|
||||||
clients:
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
[Interface]
|
[Interface]
|
||||||
PrivateKey = ${CLIENT_PRIVATE_KEY}
|
PrivateKey = ${CLIENT_PRIVATE_KEY}
|
||||||
Address = ${CLIENT_IP}/32
|
Address = ${CLIENT_IP}
|
||||||
DNS = ${DNS}
|
DNS = ${DNS}
|
||||||
|
|
||||||
[Peer]
|
[Peer]
|
||||||
@ -1,6 +1,6 @@
|
|||||||
|
|
||||||
[Peer]
|
[Peer]
|
||||||
PublicKey = ${CLIENT_PUBLIC_KEY}
|
PublicKey = ${CLIENT_PUBLIC_KEY}
|
||||||
AllowedIPs = ${CLIENT_IP}/32
|
AllowedIPs = ${CLIENT_IP}
|
||||||
Endpoint = ${ENDPOINT}:${ENDPOINT_PORT}
|
Endpoint = ${ENDPOINT}:${ENDPOINT_PORT}
|
||||||
|
|
||||||
|
|||||||
@ -69,26 +69,33 @@ echo "# Creating CT..."
|
|||||||
pctCreateAlpine $ID "${OPTS_STAGE_1}" "$PASS"
|
pctCreateAlpine $ID "${OPTS_STAGE_1}" "$PASS"
|
||||||
|
|
||||||
echo "# Installing dependencies..."
|
echo "# Installing dependencies..."
|
||||||
@ lxc-attach $ID apk add iptables wireguard-tools-wg-quick
|
@ lxc-attach $ID apk add iptables wireguard-tools-wg-quick make
|
||||||
|
|
||||||
echo "# Copying assets..."
|
echo "# Copying assets..."
|
||||||
@ pct-push-r $ID ./assets /
|
@ pct-push-r $ID ./assets /
|
||||||
|
|
||||||
echo "# Setup: wireguard server..."
|
#echo "# Setup: wireguard server..."
|
||||||
@ lxc-attach $ID -- bash -c 'wg genkey | tee server.privatekey | wg pubkey > server.publickey'
|
@ lxc-attach $ID -- bash -c 'cd /root && make server'
|
||||||
|
|
||||||
# XXX move this into a script on the CT side...
|
echo "# Setup: wireguard default profile..."
|
||||||
echo "# Setup: wireguard user..."
|
@ lxc-attach $ID -- bash -c "cd /root && \
|
||||||
xread "profile name: " WG_PROFILE
|
ENDPOINT_PORT=51820
|
||||||
xread "allowed ips: " ALLOWED_IPs
|
ENDPOINT=${DOMAIN}
|
||||||
|
CLIENT_IP=10.42.0.1/32
|
||||||
|
DNS=${NS_LAN_IP}
|
||||||
|
ALLOWED_IPS=0.0.0.0/0
|
||||||
|
make default.client"
|
||||||
|
@ lxc-attach $ID -- chmod 600 /etc/wireguard/wg0.conf
|
||||||
|
|
||||||
# XXX client:
|
echo "# client config:"
|
||||||
# - generate keys
|
@ mkdir -p clients
|
||||||
# - add to wg0.conf
|
@ pct pull $ID /etc/wireguard/clients/default.conf clients/default.conf
|
||||||
# - add to $WG_PROFILE.conf
|
echo "# ---"
|
||||||
|
@ lxc-attach $ID -- cat /etc/wireguard/clients/default.conf
|
||||||
|
echo "# ---"
|
||||||
|
|
||||||
echo "# Setup: bridge device..."
|
#echo "# Setup: bridge device..."
|
||||||
@ lxc-attach $ID wg up wg0
|
@ lxc-attach $ID wg-quick up wg0
|
||||||
|
|
||||||
echo "# Post config..."
|
echo "# Post config..."
|
||||||
pctSet $ID "${OPTS_STAGE_2}" $REBOOT
|
pctSet $ID "${OPTS_STAGE_2}" $REBOOT
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user