Mercurial > hgrepos > FreeBSD > ports > sysutils > local-bsdtools
comparison files/fwireguard.in @ 458:09c782570d89
Add a rc.d script "fwireguard" to help with automatic setup of Wireguard interfaces
| author | Franz Glasner <fzglas.hg@dom66.de> |
|---|---|
| date | Tue, 11 Jun 2024 03:15:54 +0200 |
| parents | |
| children | 345f1270e41e |
comparison
equal
deleted
inserted
replaced
| 457:dee8e2611f71 | 458:09c782570d89 |
|---|---|
| 1 #!/bin/sh | |
| 2 | |
| 3 # PROVIDE: fwireguard | |
| 4 # REQUIRE: NETWORKING | |
| 5 # KEYWORD: shutdown | |
| 6 | |
| 7 # @(#)%%SIMPLEVERSIONTAG%% | |
| 8 | |
| 9 # | |
| 10 # fwireguard_enable (bool): Set to "YES" to enable wireguard (default: "NO") | |
| 11 # fwireguard_wait (str): wait (sleep) this time before calling post-start | |
| 12 # when configuring an interface (default: 2s) | |
| 13 # | |
| 14 | |
| 15 . /etc/rc.subr | |
| 16 | |
| 17 name=fwireguard | |
| 18 desc="Wireguard startup helper" | |
| 19 rcvar=fwireguard_enable | |
| 20 extra_commands="reload status" | |
| 21 | |
| 22 start_cmd="${name}_start" | |
| 23 stop_cmd="${name}_stop" | |
| 24 reload_cmd="${name}_reload" | |
| 25 status_cmd="${name}_status" | |
| 26 | |
| 27 | |
| 28 load_rc_config $name | |
| 29 | |
| 30 | |
| 31 : ${fwireguard_enable:="NO"} | |
| 32 : ${fwireguard_wait="2s"} | |
| 33 | |
| 34 | |
| 35 fwireguard_start() | |
| 36 { | |
| 37 local _d _f _if | |
| 38 _d="%%PREFIX%%/etc/fwireguard" | |
| 39 if [ ! -d "${_d}" ]; then mkdir "${_d}"; fi | |
| 40 for _if in `/sbin/ifconfig -g wg`; do | |
| 41 | |
| 42 _f="${_d}/${_if}.key" | |
| 43 if [ ! -f "${_f}" ]; then | |
| 44 echo "Generating secret key for ${_if} in ${_f}" | |
| 45 (umask 0077; /usr/bin/wg genkey > "${_f}") | |
| 46 fi | |
| 47 | |
| 48 _f="${_d}/${_if}.pub" | |
| 49 if [ ! -f "${_f}" ]; then | |
| 50 echo "Generating public key for ${_if} in ${_f}" | |
| 51 /usr/bin/wg pubkey < ${_d}/${_if}.key > "${_f}" | |
| 52 fi | |
| 53 | |
| 54 _f="${_d}/${_if}.conf" | |
| 55 if [ ! -f "${_f}" ]; then | |
| 56 echo "Generating minimal config for ${_if} in ${_f}" | |
| 57 umask 0077 | |
| 58 echo "[Interface]" > "${_f}" | |
| 59 /usr/bin/printf 'PrivateKey\t\t= ' >> "${_f}" | |
| 60 /bin/cat "${_d}/${_if}.key" >> "${_f}" | |
| 61 echo -e "#ListenPort\t\t= 51820" >> "${_f}" | |
| 62 echo -e "#FwMark\t\t\t= 0x12345678\n" >> "${_f}" | |
| 63 echo "#[Peer]" >> "${_f}" | |
| 64 echo -e "#PublicKey\t\t= BlAbLABlA/EtCeTcEtc=" >> "${_f}" | |
| 65 echo -e "#AllowedIPs\t\t= 10.X.X.1/32, 10.X.X.2/32" >> "${_f}" | |
| 66 echo -e "#PresharedKey\t\t= BlAbLABlA/EtCeTcEtc=" >> "${_f}" | |
| 67 echo -e "#Endpoint\t\t= [2001:db8::1]:51820" >> "${_f}" | |
| 68 echo -e "#PersistentKeepalive\t= 30" >> "${_f}" | |
| 69 fi | |
| 70 | |
| 71 /sbin/ifconfig "${_if}" destroy | |
| 72 /sbin/ifconfig "${_if}" create # will take ifconfig_wgX="inet values" from /etc/rc.conf | |
| 73 /usr/bin/wg setconf "${_if}" "${_f}" | |
| 74 if [ -x "${_d}/${_if}.post-start" ]; then | |
| 75 if [ -n "${fwireguard_wait}" ]; then | |
| 76 /bin/sleep "${fwireguard_wait}" | |
| 77 fi | |
| 78 "${_d}/${_if}.post-start" | |
| 79 fi | |
| 80 # /usr/bin/wg syncconf ${_if} ${_f} | |
| 81 done | |
| 82 } | |
| 83 | |
| 84 | |
| 85 fwireguard_stop() | |
| 86 { | |
| 87 local _d _if | |
| 88 _d="%%PREFIX%%/etc/fwireguard" | |
| 89 for _if in `/sbin/ifconfig -g wg`; do | |
| 90 if [ -x "${_d}/${_if}.pre-stop" ]; then | |
| 91 "${_d}/${_if}.pre-stop" | |
| 92 fi | |
| 93 /sbin/ifconfig "${_if}" down | |
| 94 done | |
| 95 } | |
| 96 | |
| 97 | |
| 98 fwireguard_reload() | |
| 99 { | |
| 100 fwireguard_start | |
| 101 } | |
| 102 | |
| 103 | |
| 104 fwireguard_status() | |
| 105 { | |
| 106 local _if | |
| 107 for _if in `/sbin/ifconfig -g wg`; do | |
| 108 /usr/bin/wg show "${_if}" | |
| 109 done | |
| 110 } | |
| 111 | |
| 112 | |
| 113 run_rc_command "$1" |