ich777/docker-wireguard-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
9578eecf9d51393aade9b5f1ce2124d2bc94dc14
docker-wireguard-server/scripts/start.sh

130 lines
4.2 KiB
Bash
Raw Blame History

#!/bin/bash
echo "---Ensuring UID: ${UID} matches user---"
usermod -u ${UID} ${USER}
echo "---Ensuring GID: ${GID} matches user---"
groupmod -g ${GID} ${USER} > /dev/null 2>&1 ||:
usermod -g ${GID} ${USER}
echo "---Setting umask to ${UMASK}---"
umask ${UMASK}
echo "---Checking for optional scripts---"
cp -f /opt/custom/user.sh /opt/scripts/start-user.sh > /dev/null 2>&1 ||:
cp -f /opt/scripts/user.sh /opt/scripts/start-user.sh > /dev/null 2>&1 ||:
if [ -f /opt/scripts/start-user.sh ]; then
echo "---Found optional script, executing---"
chmod -f +x /opt/scripts/start-user.sh ||:
/opt/scripts/start-user.sh || echo "---Optional Script has thrown an Error---"
else
echo "---No optional script found, continuing---"
fi
if [ ! -f /etc/sudoers.d/${USER} ]; then
echo "---Creating sudoers file for user: ${USER}---"
echo "${USER} ALL=(ALL) NOPASSWD: /usr/bin/wg-quick up *
${USER} ALL=(ALL) NOPASSWD: /usr/bin/wg-quick down *" > /etc/sudoers.d/${USER}
else
echo "---Found sudoers file for user: ${USER}---"
fi
if [ "${SETUP_IPTABLES}" == "true" ]; then
echo "---Setting up iptables---"
iptables -t nat -A PREROUTING -i wg${WG_CONFIG_ID} -p tcp --dport ${NAT_TUNNEL_PORT} -j DNAT --to-destination ${NAT_DESTINATION}
iptables -A FORWARD -i wg${WG_CONFIG_ID} -o eth0 -p tcp --dport ${NAT_DESTINATION#*:} -d ${NAT_DESTINATION%%:*} -j ACCEPT
iptables -A FORWARD -i eth0 -o wg${WG_CONFIG_ID} -p tcp --sport ${NAT_DESTINATION#*:} -s ${NAT_DESTINATION%%:*} -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i wg${WG_CONFIG_ID} -j DROP
fi
create_servercfg() {
if [ ! -d ${DATA_DIR}/wg${WG_CONFIG_ID}/server ]; then
mkdir ${DATA_DIR}/wg${WG_CONFIG_ID}/server
fi
cat <<EOF > ${DATA_DIR}/wg${WG_CONFIG_ID}/server/wg${WG_CONFIG_ID}.conf
[Interface]
Address = ${WG_NET_IP}/${WG_NET_SUBNET}
PrivateKey = ${1}
ListenPort = ${SERVER_LISTEN_PORT}
EOF
}
create_peer() {
cat <<EOF >> ${DATA_DIR}/wg${WG_CONFIG_ID}/server/wg${WG_CONFIG_ID}.conf
[Peer] # Client ${1}
PublicKey = ${2}
$(if [ ! -z "${3}}" ]; then echo "PresharedKey = ${3}"; fi)
AllowedIPs = ${WG_NET_IP%.*}.${1}/32
EOF
}
create_config() {
if [ ! -d ${DATA_DIR}/wg${WG_CONFIG_ID}/client ]; then
mkdir ${DATA_DIR}/wg${WG_CONFIG_ID}/client
fi
cat <<EOF > ${DATA_DIR}/wg${WG_CONFIG_ID}/client/peer${1}.conf
[Interface]
Address = ${WG_NET_IP%.*}.${1}/32
PrivateKey = ${1}
[Peer]
PublicKey = ${2}
$(if [ ! -z "${3}}" ]; then echo "PresharedKey = ${3}"; fi)
Endpoint = ${SERVER_IP}:${SERVER_LISTEN_PORT}
AllowedIPs = ${WG_NET_IP}/32
EOF
}
if [ ! -f ${DATA_DIR}/wg${WG_CONFIG_ID}/server/wg${WG_CONFIG_ID}.conf ]; then
echo "---Generating wg${WG_CONFIG_ID}.conf---"
PRIV_KEY=$(wg genkey)
create_servercfg "${PRIV_KEY}"
unset PRIV_KEY PUB_KEY
cp ${DATA_DIR}/wg${WG_CONFIG_ID}/server/wg${WG_CONFIG_ID}.conf /etc/wireguard/wg${WG_CONFIG_ID}.conf
else
echo "---Configuration wg${WG_CONFIG_ID}.conf found!---"
cp ${DATA_DIR}/wg${WG_CONFIG_ID}/server/wg${WG_CONFIG_ID}.conf /etc/wireguard/wg${WG_CONFIG_ID}.conf
fi
for ((i=1; i<=PEERS; i++))
do
if [ ! grep -q "^\[Peer\] # Client ${i}" ]; then
echo "---Generating configuration for Peer ${i}---"
PRIV_KEY=$(wg genkey)
PUBLIC_KEY=$(echo ${PRIV_KEY} | wg pubkey)
if [ "${GENERATE_PSK}" == "true" ${DATA_DIR}/wg${WG_CONFIG_ID}/server/wg${WG_CONFIG_ID}.conf ]; then
WG_PSK=$(wg genpsk)
fi
create_peer "${i}" "${PUBLIC_KEY}" "${WG_PSK}"
SRV_PRIV_KEY=$(grep -A 5 "\[Interface\]" ${DATA_DIR}/wg${WG_CONFIG_ID}/server/wg${WG_CONFIG_ID}.conf | awk '/PrivateKey = /{print $NF; exit}')
SRV_PUBLIC_KEY=$(echo $SRV_PRIV_KEY | wg pubkey)
create_config "${PRIVATE_KEY}" "${SRV_PUBLIC_KEY}" "${WG_PSK}"
unset SRV_PRIV_KEY SRV_PUBLIC_KEY PRIV_KEY PUBLIC_KEY WG_PSK
else
echo "---Client ${1} already existing---"
fi
done
echo "---Taking ownership of data...---"
chown -R root:${GID} /opt/scripts
chown root:root /etc/wireguard/wg${WG_CONFIG_ID}.conf
chmod -R 750 /opt/scripts
chown -R ${UID}:${GID} ${DATA_DIR}
echo "---Starting...---"
term_handler() {
kill -SIGTERM "$killpid"
wait "$killpid" -f 2>/dev/null
exit 143;
}
trap 'kill ${!}; term_handler' SIGTERM
su ${USER} -c "/opt/scripts/start-server.sh" &
killpid="$!"
while true
do
wait $killpid
exit 0;
done
Reference in New Issue View Git Blame Copy Permalink