Skip to content

Instantly share code, notes, and snippets.

@apsun

apsun/wg-genconf.sh

Last active July 28, 2024 19:17
Show Gist options
  • Save apsun/6533c3f1a94d3f901baed70590d69937 to your computer and use it in GitHub Desktop.
Save apsun/6533c3f1a94d3f901baed70590d69937 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
wg-genconf.sh
#!/bin/sh
set -euo pipefail
if [ $# -ne 2 ]; then
echo >&1 "usage: $0 <index> <hostname>"
exit 1
fi
index="$1"
hostname="$2"
server_index="1"
server_hostname="minori"
server_fqdn="${server_hostname}.crossbowffs.net"
server_conf="$(pass wireguard/${server_hostname})"
server_public_key="$( \
echo "${server_conf}" \
| grep 'PrivateKey = ' \
| sed 's/PrivateKey = \(.*\)/\1/' \
| wg pubkey \
)"
server_listen_port="$( \
echo "${server_conf}" \
| grep 'ListenPort = ' \
| sed 's/ListenPort = \(.*\)/\1/' \
)"
# TODO: extract this from server_conf with regex magic
ipv4_prefix="10.19.84"
ipv6_prefix="fd07:d3fc:8a02"
ipv4_subnet="24"
ipv6_subnet="48"
private_key="$(wg genkey)"
public_key="$(wg pubkey <<< ${private_key})"
preshared_key="$(wg genpsk)"
EDITOR=tee pass edit "wireguard/${hostname}" >/dev/null <<EOF
PublicKey = ${public_key}
PresharedKey = ${preshared_key}
AllowedIPs = ${ipv4_prefix}.${index}/32,${ipv6_prefix}::${index}/128
EOF
tee "${hostname}-wg0.conf" >/dev/null <<EOF
[Interface]
PrivateKey = ${private_key}
Address = ${ipv4_prefix}.${index}/32,${ipv6_prefix}::${index}/128
DNS = ${ipv4_prefix}.${server_index},${ipv6_prefix}::${server_index}
MTU = 1280
[Peer]
PublicKey = ${server_public_key}
PresharedKey = ${preshared_key}
AllowedIPs = ${ipv4_prefix}.0/${ipv4_subnet},${ipv6_prefix}::/${ipv6_subnet}
Endpoint = ${server_fqdn}:${server_listen_port}
PersistentKeepalive = 25
EOF
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment