1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 |
- #!/bin/bash
- # Setup keys, psk and config for a central wireguard server including peers
- # Dependencies
- # apk add wireguard-tools libqrencode
- ### References
- # https://wiki.archlinux.org/title/WireGuard
- # Source global variables
- confdir='./config'
- source ./config/server.cfg
- # ---------Functions-----------
- ## Create key-pair
- wgkeypair() { wg genkey | (umask 0077 && tee $1.key) | wg pubkey > $1.pub; }
- ## Create psk
- wgpsk() { wg genpsk | (umask 0077 && cat > $1.psk) }
- ## Create peer config file
- wgconfig() {
- peer=$1
- ip=$2
- cat >$peer.conf <<EOL
- # Client config for $peer
- [Interface]
- PrivateKey = `cat $peer.key`
- Address = $ip
- DNS = $dns
-
- [Peer]
- PublicKey = `cat $servername.pub`
- AllowedIPs = $network
- Endpoint = $servername:$serverport
- PersistentKeepalive = 15
- PresharedKey = `cat $peer.psk`
- EOL
- qrencode -t ANSIUTF8 -r $peer.conf > $peer-qr.txt
- qrencode -t png -r $peer.conf -o $peer.png
- }
- # ---------Functions-----------
- ## Create and move to output folder
- mkdir -p $confdir
- cd $confdir
- ## Create server keys
- wgkeypair $servername
- ## Create server config
- cat >$servername.conf <<EOL
- # Config for $peer
- [Interface]
- PrivateKey = `cat $servername.key`
- Address = $serverip
- DNS = $dns
- EOL
- ## Create peers' key-pair, psk and config from peers.cfg
- while read peer;
- do
- ip=`echo $peer | cut -d' ' -f1`
- host=`echo $peer | cut -d' ' -f2`
-
- wgkeypair $host
- wgpsk $host
- wgconfig $host $ip
- # Add peers to server config
- cat >>$servername.conf <<EOL
- [Peer]
- PublicKey = `cat $host.pub`
- AllowedIPs = $ip
- PresharedKey = `cat $host.psk`
- EOL
- done < peers.cfg
|