wireguard-add-client-qr/wg-qr-client.sh

#! /bin/bash

# Require descriptive device name arg from user.
device_name=$1
if [ -z "$device_name" ]; then
    echo 'Missing device name arg' >&2
    exit 1 
fi

# Want this script to be executed w/`sudo` so don't need it anywhere in here.
wg genkey | tee /etc/wireguard/clients/${device_name}.key | wg pubkey | tee /etc/wireguard/clients/${device_name}.key.pub

priv_key=$(cat /etc/wireguard/clients/${device_name}.key)
pub_key=$(cat /etc/wireguard/clients/${device_name}.key.pub)

# start client numbering at 150, store next value in ~/bin/wg-qr-client-nxt-ip.conf
nxt_ip=$(cat /home/jody/bin/wg-qr-client-nxt-ip.conf)
echo $((nxt_ip+1)) > /home/jody/bin/wg-qr-client-nxt-ip.conf

# IPv4 & Public key for primary wireguard hub/server (assuming this script is running on that machine...look them up to avoid hard-coding so this script can be shared).
hub_ip_addr=$(ifconfig eth0 | grep 'inet ' | cut -d' ' -f10)
hub_pub_key=$(wg | grep public | cut -d' ' -f5)

cat > /etc/wireguard/clients/${device_name}.conf <<EOL
[Interface]
Address = 10.0.0.${nxt_ip}/32
ListenPort = 61666
PrivateKey = ${priv_key}
DNS = 10.0.0.143

[Peer]
PublicKey = ${hub_pub_key}
AllowedIPs = 10.0.0.0/24
Endpoint = ${hub_ip_addr}:61666
EOL

# Append new peer to ISH-VPS server in /etc/wireguard/wg0.conf
cat >> /etc/wireguard/wg0.conf <<EOL

[Peer]
# ${device_name}
PublicKey = ${pub_key}
AllowedIPs = 10.0.0.${nxt_ip}/32
EOL

# Restart wg0 interface to finalize changes.
systemctl restart wg-quick@wg0

# Output QR-code to the terminal
# (YAGNI, also output to PNG file for later use...maybe could send to ntfy).
cat /etc/wireguard/clients/${device_name}.conf | qrencode -t ansiutf8
Initial commit of README and functioning script. 2025-03-11 14:51:03 -04:00			`#! /bin/bash`

			`# Require descriptive device name arg from user.`
			`device_name=$1`
			`if [ -z "$device_name" ]; then`
			`echo 'Missing device name arg' >&2`
			`exit 1`
			`fi`

			# Want this script to be executed w/`sudo` so don't need it anywhere in here.
			`wg genkey \| tee /etc/wireguard/clients/${device_name}.key \| wg pubkey \| tee /etc/wireguard/clients/${device_name}.key.pub`

			`priv_key=$(cat /etc/wireguard/clients/${device_name}.key)`
			`pub_key=$(cat /etc/wireguard/clients/${device_name}.key.pub)`

			`# start client numbering at 150, store next value in ~/bin/wg-qr-client-nxt-ip.conf`
			`nxt_ip=$(cat /home/jody/bin/wg-qr-client-nxt-ip.conf)`
			`echo $((nxt_ip+1)) > /home/jody/bin/wg-qr-client-nxt-ip.conf`

			`# IPv4 & Public key for primary wireguard hub/server (assuming this script is running on that machine...look them up to avoid hard-coding so this script can be shared).`
			`hub_ip_addr=$(ifconfig eth0 \| grep 'inet ' \| cut -d' ' -f10)`
			`hub_pub_key=$(wg \| grep public \| cut -d' ' -f5)`

			`cat > /etc/wireguard/clients/${device_name}.conf <<EOL`
			`[Interface]`
			`Address = 10.0.0.${nxt_ip}/32`
			`ListenPort = 61666`
			`PrivateKey = ${priv_key}`
			`DNS = 10.0.0.143`

			`[Peer]`
			`PublicKey = ${hub_pub_key}`
			`AllowedIPs = 10.0.0.0/24`
			`Endpoint = ${hub_ip_addr}:61666`
			`EOL`

			`# Append new peer to ISH-VPS server in /etc/wireguard/wg0.conf`
			`cat >> /etc/wireguard/wg0.conf <<EOL`

			`[Peer]`
			`# ${device_name}`
			`PublicKey = ${pub_key}`
			`AllowedIPs = 10.0.0.${nxt_ip}/32`
			`EOL`

			`# Restart wg0 interface to finalize changes.`
			`systemctl restart wg-quick@wg0`

			`# Output QR-code to the terminal`
			`# (YAGNI, also output to PNG file for later use...maybe could send to ntfy).`
			`cat /etc/wireguard/clients/${device_name}.conf \| qrencode -t ansiutf8`