Mercurial > hgrepos > FreeBSD > ports > sysutils > local-bsdtools

diff files/fwireguard.in @ 458:09c782570d89

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add a rc.d script "fwireguard" to help with automatic setup of Wireguard interfaces
author Franz Glasner <fzglas.hg@dom66.de>
date Tue, 11 Jun 2024 03:15:54 +0200
parents
children 345f1270e41e
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/files/fwireguard.in	Tue Jun 11 03:15:54 2024 +0200
@@ -0,0 +1,113 @@
+#!/bin/sh
+
+# PROVIDE: fwireguard
+# REQUIRE: NETWORKING
+# KEYWORD: shutdown
+
+# @(#)%%SIMPLEVERSIONTAG%%
+
+#
+# fwireguard_enable (bool):    Set to "YES" to enable wireguard (default: "NO")
+# fwireguard_wait (str):       wait (sleep) this time before calling post-start
+#                              when configuring an interface (default: 2s)
+#
+
+. /etc/rc.subr
+
+name=fwireguard
+desc="Wireguard startup helper"
+rcvar=fwireguard_enable
+extra_commands="reload status"
+
+start_cmd="${name}_start"
+stop_cmd="${name}_stop"
+reload_cmd="${name}_reload"
+status_cmd="${name}_status"
+
+
+load_rc_config $name
+
+
+: ${fwireguard_enable:="NO"}
+: ${fwireguard_wait="2s"}
+
+
+fwireguard_start()
+{
+    local _d _f _if
+    _d="%%PREFIX%%/etc/fwireguard"
+    if [ ! -d "${_d}" ]; then mkdir "${_d}"; fi
+    for _if in `/sbin/ifconfig -g wg`; do
+
+        _f="${_d}/${_if}.key"
+        if [ ! -f "${_f}" ]; then
+            echo "Generating secret key for ${_if} in ${_f}"
+            (umask 0077; /usr/bin/wg genkey > "${_f}")
+        fi
+
+        _f="${_d}/${_if}.pub"
+        if [ ! -f "${_f}" ]; then
+            echo "Generating public key for ${_if} in ${_f}"
+            /usr/bin/wg pubkey < ${_d}/${_if}.key > "${_f}"
+        fi
+
+        _f="${_d}/${_if}.conf"
+        if [ ! -f "${_f}" ]; then
+            echo "Generating minimal config for ${_if} in ${_f}"
+            umask 0077
+            echo "[Interface]"                                  >  "${_f}"
+            /usr/bin/printf 'PrivateKey\t\t= '                  >> "${_f}"
+            /bin/cat "${_d}/${_if}.key"                         >> "${_f}"
+            echo -e "#ListenPort\t\t= 51820"                    >> "${_f}"
+            echo -e "#FwMark\t\t\t= 0x12345678\n"               >> "${_f}"
+            echo "#[Peer]"                                      >> "${_f}"
+            echo -e "#PublicKey\t\t= BlAbLABlA/EtCeTcEtc="      >> "${_f}"
+            echo -e "#AllowedIPs\t\t= 10.X.X.1/32, 10.X.X.2/32" >> "${_f}"
+            echo -e "#PresharedKey\t\t= BlAbLABlA/EtCeTcEtc="   >> "${_f}"
+            echo -e "#Endpoint\t\t= [2001:db8::1]:51820"        >> "${_f}"
+            echo -e "#PersistentKeepalive\t= 30"                >> "${_f}"
+        fi
+
+        /sbin/ifconfig "${_if}" destroy
+        /sbin/ifconfig "${_if}" create    # will take ifconfig_wgX="inet values" from /etc/rc.conf
+        /usr/bin/wg setconf "${_if}" "${_f}"
+        if [ -x "${_d}/${_if}.post-start" ]; then
+            if [ -n "${fwireguard_wait}" ]; then
+                /bin/sleep "${fwireguard_wait}"
+            fi
+            "${_d}/${_if}.post-start"
+        fi
+#       /usr/bin/wg syncconf ${_if} ${_f}
+    done
+}
+
+
+fwireguard_stop()
+{
+    local _d _if
+    _d="%%PREFIX%%/etc/fwireguard"
+    for _if in `/sbin/ifconfig -g wg`; do
+        if [ -x "${_d}/${_if}.pre-stop" ]; then
+            "${_d}/${_if}.pre-stop"
+        fi
+        /sbin/ifconfig "${_if}" down
+    done
+}
+
+
+fwireguard_reload()
+{
+    fwireguard_start
+}
+
+
+fwireguard_status()
+{
+    local _if
+    for _if in `/sbin/ifconfig -g wg`; do
+        /usr/bin/wg show "${_if}"
+    done
+}
+
+
+run_rc_command "$1"