Mercurial > hgrepos > FreeBSD > ports > sysutils > local-bsdtools

view files/fwireguard.in @ 458:09c782570d89

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add a rc.d script "fwireguard" to help with automatic setup of Wireguard interfaces
author Franz Glasner <fzglas.hg@dom66.de>
date Tue, 11 Jun 2024 03:15:54 +0200
parents
children 345f1270e41e
line wrap: on
line source

#!/bin/sh

# PROVIDE: fwireguard
# REQUIRE: NETWORKING
# KEYWORD: shutdown

# @(#)%%SIMPLEVERSIONTAG%%

#
# fwireguard_enable (bool):    Set to "YES" to enable wireguard (default: "NO")
# fwireguard_wait (str):       wait (sleep) this time before calling post-start
#                              when configuring an interface (default: 2s)
#

. /etc/rc.subr

name=fwireguard
desc="Wireguard startup helper"
rcvar=fwireguard_enable
extra_commands="reload status"

start_cmd="${name}_start"
stop_cmd="${name}_stop"
reload_cmd="${name}_reload"
status_cmd="${name}_status"


load_rc_config $name


: ${fwireguard_enable:="NO"}
: ${fwireguard_wait="2s"}


fwireguard_start()
{
    local _d _f _if
    _d="%%PREFIX%%/etc/fwireguard"
    if [ ! -d "${_d}" ]; then mkdir "${_d}"; fi
    for _if in `/sbin/ifconfig -g wg`; do

        _f="${_d}/${_if}.key"
        if [ ! -f "${_f}" ]; then
            echo "Generating secret key for ${_if} in ${_f}"
            (umask 0077; /usr/bin/wg genkey > "${_f}")
        fi

        _f="${_d}/${_if}.pub"
        if [ ! -f "${_f}" ]; then
            echo "Generating public key for ${_if} in ${_f}"
            /usr/bin/wg pubkey < ${_d}/${_if}.key > "${_f}"
        fi

        _f="${_d}/${_if}.conf"
        if [ ! -f "${_f}" ]; then
            echo "Generating minimal config for ${_if} in ${_f}"
            umask 0077
            echo "[Interface]"                                  >  "${_f}"
            /usr/bin/printf 'PrivateKey\t\t= '                  >> "${_f}"
            /bin/cat "${_d}/${_if}.key"                         >> "${_f}"
            echo -e "#ListenPort\t\t= 51820"                    >> "${_f}"
            echo -e "#FwMark\t\t\t= 0x12345678\n"               >> "${_f}"
            echo "#[Peer]"                                      >> "${_f}"
            echo -e "#PublicKey\t\t= BlAbLABlA/EtCeTcEtc="      >> "${_f}"
            echo -e "#AllowedIPs\t\t= 10.X.X.1/32, 10.X.X.2/32" >> "${_f}"
            echo -e "#PresharedKey\t\t= BlAbLABlA/EtCeTcEtc="   >> "${_f}"
            echo -e "#Endpoint\t\t= [2001:db8::1]:51820"        >> "${_f}"
            echo -e "#PersistentKeepalive\t= 30"                >> "${_f}"
        fi

        /sbin/ifconfig "${_if}" destroy
        /sbin/ifconfig "${_if}" create    # will take ifconfig_wgX="inet values" from /etc/rc.conf
        /usr/bin/wg setconf "${_if}" "${_f}"
        if [ -x "${_d}/${_if}.post-start" ]; then
            if [ -n "${fwireguard_wait}" ]; then
                /bin/sleep "${fwireguard_wait}"
            fi
            "${_d}/${_if}.post-start"
        fi
#       /usr/bin/wg syncconf ${_if} ${_f}
    done
}


fwireguard_stop()
{
    local _d _if
    _d="%%PREFIX%%/etc/fwireguard"
    for _if in `/sbin/ifconfig -g wg`; do
        if [ -x "${_d}/${_if}.pre-stop" ]; then
            "${_d}/${_if}.pre-stop"
        fi
        /sbin/ifconfig "${_if}" down
    done
}


fwireguard_reload()
{
    fwireguard_start
}


fwireguard_status()
{
    local _if
    for _if in `/sbin/ifconfig -g wg`; do
        /usr/bin/wg show "${_if}"
    done
}


run_rc_command "$1"