53 lines
1.6 KiB
Bash
Executable File
53 lines
1.6 KiB
Bash
Executable File
#! /bin/bash
|
|
|
|
# Require descriptive device name arg from user.
|
|
device_name=$1
|
|
if [ -z "$device_name" ]; then
|
|
echo 'Missing device name arg' >&2
|
|
exit 1
|
|
fi
|
|
|
|
# Want this script to be executed w/`sudo` so don't need it anywhere in here.
|
|
wg genkey | tee /etc/wireguard/clients/${device_name}.key | wg pubkey | tee /etc/wireguard/clients/${device_name}.key.pub
|
|
|
|
priv_key=$(cat /etc/wireguard/clients/${device_name}.key)
|
|
pub_key=$(cat /etc/wireguard/clients/${device_name}.key.pub)
|
|
|
|
# start client numbering at 150, store next value in ~/bin/wg-qr-client-nxt-ip.conf
|
|
nxt_ip=$(cat /home/jody/bin/wg-qr-client-nxt-ip.conf)
|
|
echo $((nxt_ip+1)) > /home/jody/bin/wg-qr-client-nxt-ip.conf
|
|
|
|
# IPv4 & Public key for primary wireguard hub/server (assuming this script is running on that machine...look them up to avoid hard-coding so this script can be shared).
|
|
hub_ip_addr=$(ifconfig eth0 | grep 'inet ' | cut -d' ' -f10)
|
|
hub_pub_key=$(wg | grep public | cut -d' ' -f5)
|
|
|
|
cat > /etc/wireguard/clients/${device_name}.conf <<EOL
|
|
[Interface]
|
|
Address = 10.0.0.${nxt_ip}/32
|
|
ListenPort = 61666
|
|
PrivateKey = ${priv_key}
|
|
DNS = 10.0.0.143
|
|
|
|
[Peer]
|
|
PublicKey = ${hub_pub_key}
|
|
AllowedIPs = 10.0.0.0/24
|
|
Endpoint = ${hub_ip_addr}:61666
|
|
EOL
|
|
|
|
# Append new peer to ISH-VPS server in /etc/wireguard/wg0.conf
|
|
cat >> /etc/wireguard/wg0.conf <<EOL
|
|
|
|
[Peer]
|
|
# ${device_name}
|
|
PublicKey = ${pub_key}
|
|
AllowedIPs = 10.0.0.${nxt_ip}/32
|
|
EOL
|
|
|
|
# Restart wg0 interface to finalize changes.
|
|
systemctl restart wg-quick@wg0
|
|
|
|
# Output QR-code to the terminal
|
|
# (YAGNI, also output to PNG file for later use...maybe could send to ntfy).
|
|
cat /etc/wireguard/clients/${device_name}.conf | qrencode -t ansiutf8
|
|
|