Mercurial > hgrepos > FreeBSD > ports > sysutils > local-bsdtools
comparison files/fwireguard.in @ 460:4bd501f9e955
Allow to configure the configuration directory for fwireguard
| author | Franz Glasner <fzglas.hg@dom66.de> |
|---|---|
| date | Tue, 11 Jun 2024 03:26:49 +0200 |
| parents | 345f1270e41e |
| children | f8858fc8c7f3 |
comparison
equal
deleted
inserted
replaced
| 459:345f1270e41e | 460:4bd501f9e955 |
|---|---|
| 8 | 8 |
| 9 # | 9 # |
| 10 # fwireguard_enable (bool): Set to "YES" to enable wireguard (default: "NO") | 10 # fwireguard_enable (bool): Set to "YES" to enable wireguard (default: "NO") |
| 11 # fwireguard_wait (str): wait (sleep) this time before calling post-start | 11 # fwireguard_wait (str): wait (sleep) this time before calling post-start |
| 12 # when configuring an interface (default: 2s) | 12 # when configuring an interface (default: 2s) |
| 13 # fwireguard_configdir (str): Where fwireguard finds its configuration | |
| 14 # (default: %%PREFIX%%/etc/fwireguard) | |
| 13 # | 15 # |
| 14 # NOTE: All wireguard interfaces must be mentioned in "cloned_interfaces". | 16 # NOTE: All wireguard interfaces must be mentioned in "cloned_interfaces". |
| 15 # | 17 # |
| 16 | 18 |
| 17 . /etc/rc.subr | 19 . /etc/rc.subr |
| 24 start_cmd="${name}_start" | 26 start_cmd="${name}_start" |
| 25 stop_cmd="${name}_stop" | 27 stop_cmd="${name}_stop" |
| 26 reload_cmd="${name}_reload" | 28 reload_cmd="${name}_reload" |
| 27 status_cmd="${name}_status" | 29 status_cmd="${name}_status" |
| 28 | 30 |
| 29 | |
| 30 load_rc_config $name | 31 load_rc_config $name |
| 31 | |
| 32 | 32 |
| 33 : ${fwireguard_enable:="NO"} | 33 : ${fwireguard_enable:="NO"} |
| 34 : ${fwireguard_wait="2s"} | 34 : ${fwireguard_wait="2s"} |
| 35 : ${fwireguard_configdir:="%%PREFIX%%/etc/fwireguard"} | |
| 35 | 36 |
| 36 | 37 |
| 37 fwireguard_start() | 38 fwireguard_start() |
| 38 { | 39 { |
| 39 local _d _f _if | 40 local _f _if |
| 40 _d="%%PREFIX%%/etc/fwireguard" | 41 |
| 41 if [ ! -d "${_d}" ]; then mkdir "${_d}"; fi | 42 if [ ! -d "${fwireguard_configdir}" ]; then |
| 43 mkdir "${fwireguard_configdir}" | |
| 44 fi | |
| 42 for _if in `/sbin/ifconfig -g wg`; do | 45 for _if in `/sbin/ifconfig -g wg`; do |
| 43 | 46 |
| 44 _f="${_d}/${_if}.key" | 47 _f="${fwireguard_configdir}/${_if}.key" |
| 45 if [ ! -f "${_f}" ]; then | 48 if [ ! -f "${_f}" ]; then |
| 46 echo "Generating secret key for ${_if} in ${_f}" | 49 echo "Generating secret key for ${_if} in ${_f}" |
| 47 (umask 0077; /usr/bin/wg genkey > "${_f}") | 50 (umask 0077; /usr/bin/wg genkey > "${_f}") |
| 48 fi | 51 fi |
| 49 | 52 |
| 50 _f="${_d}/${_if}.pub" | 53 _f="${fwireguard_configdir}/${_if}.pub" |
| 51 if [ ! -f "${_f}" ]; then | 54 if [ ! -f "${_f}" ]; then |
| 52 echo "Generating public key for ${_if} in ${_f}" | 55 echo "Generating public key for ${_if} in ${_f}" |
| 53 /usr/bin/wg pubkey < ${_d}/${_if}.key > "${_f}" | 56 /usr/bin/wg pubkey < ${fwireguard_configdir}/${_if}.key > "${_f}" |
| 54 fi | 57 fi |
| 55 | 58 |
| 56 _f="${_d}/${_if}.conf" | 59 _f="${fwireguard_configdir}/${_if}.conf" |
| 57 if [ ! -f "${_f}" ]; then | 60 if [ ! -f "${_f}" ]; then |
| 58 echo "Generating minimal config for ${_if} in ${_f}" | 61 echo "Generating minimal config for ${_if} in ${_f}" |
| 59 umask 0077 | 62 umask 0077 |
| 60 echo "[Interface]" > "${_f}" | 63 echo "[Interface]" > "${_f}" |
| 61 /usr/bin/printf 'PrivateKey\t\t= ' >> "${_f}" | 64 /usr/bin/printf 'PrivateKey\t\t= ' >> "${_f}" |
| 62 /bin/cat "${_d}/${_if}.key" >> "${_f}" | 65 /bin/cat "${fwireguard_configdir}/${_if}.key" >> "${_f}" |
| 63 echo -e "#ListenPort\t\t= 51820" >> "${_f}" | 66 echo -e "#ListenPort\t\t= 51820" >> "${_f}" |
| 64 echo -e "#FwMark\t\t\t= 0x12345678\n" >> "${_f}" | 67 echo -e "#FwMark\t\t\t= 0x12345678\n" >> "${_f}" |
| 65 echo "#[Peer]" >> "${_f}" | 68 echo "#[Peer]" >> "${_f}" |
| 66 echo -e "#PublicKey\t\t= BlAbLABlA/EtCeTcEtc=" >> "${_f}" | 69 echo -e "#PublicKey\t\t= BlAbLABlA/EtCeTcEtc=" >> "${_f}" |
| 67 echo -e "#AllowedIPs\t\t= 10.X.X.1/32, 10.X.X.2/32" >> "${_f}" | 70 echo -e "#AllowedIPs\t\t= 10.X.X.1/32, 10.X.X.2/32" >> "${_f}" |
| 71 fi | 74 fi |
| 72 | 75 |
| 73 /sbin/ifconfig "${_if}" destroy | 76 /sbin/ifconfig "${_if}" destroy |
| 74 /sbin/ifconfig "${_if}" create # will take ifconfig_wgX="inet values" from /etc/rc.conf | 77 /sbin/ifconfig "${_if}" create # will take ifconfig_wgX="inet values" from /etc/rc.conf |
| 75 /usr/bin/wg setconf "${_if}" "${_f}" | 78 /usr/bin/wg setconf "${_if}" "${_f}" |
| 76 if [ -x "${_d}/${_if}.post-start" ]; then | 79 if [ -x "${fwireguard_configdir}/${_if}.post-start" ]; then |
| 77 if [ -n "${fwireguard_wait}" ]; then | 80 if [ -n "${fwireguard_wait}" ]; then |
| 78 /bin/sleep "${fwireguard_wait}" | 81 /bin/sleep "${fwireguard_wait}" |
| 79 fi | 82 fi |
| 80 "${_d}/${_if}.post-start" | 83 "${fwireguard_configdir}/${_if}.post-start" |
| 81 fi | 84 fi |
| 82 # /usr/bin/wg syncconf ${_if} ${_f} | 85 # /usr/bin/wg syncconf ${_if} ${_f} |
| 83 done | 86 done |
| 84 } | 87 } |
| 85 | 88 |
| 86 | 89 |
| 87 fwireguard_stop() | 90 fwireguard_stop() |
| 88 { | 91 { |
| 89 local _d _if | 92 local _if |
| 90 _d="%%PREFIX%%/etc/fwireguard" | 93 |
| 91 for _if in `/sbin/ifconfig -g wg`; do | 94 for _if in `/sbin/ifconfig -g wg`; do |
| 92 if [ -x "${_d}/${_if}.pre-stop" ]; then | 95 if [ -x "${fwireguard_configdir}/${_if}.pre-stop" ]; then |
| 93 "${_d}/${_if}.pre-stop" | 96 "${fwireguard_configdir}/${_if}.pre-stop" |
| 94 fi | 97 fi |
| 95 /sbin/ifconfig "${_if}" down | 98 /sbin/ifconfig "${_if}" down |
| 96 done | 99 done |
| 97 } | 100 } |
| 98 | 101 |
| 104 | 107 |
| 105 | 108 |
| 106 fwireguard_status() | 109 fwireguard_status() |
| 107 { | 110 { |
| 108 local _if | 111 local _if |
| 112 | |
| 109 for _if in `/sbin/ifconfig -g wg`; do | 113 for _if in `/sbin/ifconfig -g wg`; do |
| 110 /usr/bin/wg show "${_if}" | 114 /usr/bin/wg show "${_if}" |
| 111 done | 115 done |
| 112 } | 116 } |
| 113 | 117 |