fuero · January 23, 2024 15:42
diff --git a/refresh-wirehub-config.sh b/refresh-wirehub-config.sh
 #!/bin/bash
 set -euo pipefail
 IF=<if>
 URL="https://wirehub.org/<user>/n/<net>/device/<id>/download?invite_code=<code>"
 TMPFILE="$(mktemp)"
 SPLITDIR="$(mktemp -d)"
 DEST=/etc/wireguard/"$IF".conf

 cleanup() {
  rm -f "${TMPFILE}"
  rm -f "${TMPFILE}".sha256sum
  rm -rf "${SPLITDIR}"
 }

 trap cleanup EXIT INT

 # The generated config is missing the device's private key, as the decryption is done
 # with client-side javascript only.
 # Thus, the key has to be kept locally is replaced via the sed command below
 curl -s \
 	"$URL" \
 	| sed -re '/Interface|(Public|Private)Key/s/^# //' -e '3,4s/^# //' -e '4d' -e "s,PrivateKey = .*,PrivateKey = $(cat ${DEST/.conf/.sk})," \
 > "$TMPFILE"

 # Check for file changes
 cat > "${TMPFILE}.sha256sum" << EOF
 $(cat ${DEST}.sha256sum)  ${TMPFILE}
 EOF

 if ! sha256sum -c "${TMPFILE}.sha256sum" > /dev/null 2>&1
 then
 	# A peer might be missing its public key, making the configuration illegal.
 	# For now, we crash if a peer is invalid.
 	(
 		cd "${SPLITDIR}"
 		csplit ${TMPFILE} '/^$/' '{*}' > /dev/null 2>&1
 		if [[ $(grep -c "\[Peer\]" xx* | grep -v ":0" | wc -l) != $(grep -c "PublicKey" ${TMPFILE}) ]]
 		then
 			printf "Some peer is missing a public key, removing...!\n"
 			invalid_peers=$( \
 				grep -c PublicKey $(grep -c "\[Peer\]" xx* | grep -v ":0" | cut -d ':' -f1) \
 				| grep ":0" | cut -d ':' -f1 \
 			)
 			cat $invalid_peers
 			cat $( \
 				ls -I $( \
 					echo -n "$invalid_peers" | sed -e ':a; N; $!ba; s/\n/","/g' -e 's/^/{"/' -e 's/$/"}/' \
 				) \
 			) > "${DEST}"
 		else
 			cp -f "${TMPFILE}" "${DEST}"
 		fi
 	)

 	restorecon "$DEST"
 	printf "Updating checksum\n"
 	sha256sum "$DEST" | cut -d ' ' -f1 > "$DEST.sha256sum"
 	printf "Restarting interface\n"
 	systemctl restart "wg-quick@$IF"
 else
 	printf "Config doesn't need an update\n"
 fi
	#!/bin/bash
	set -euo pipefail
	IF=<if>
	URL="https://wirehub.org/<user>/n/<net>/device/<id>/download?invite_code=<code>"
	TMPFILE="$(mktemp)"
	SPLITDIR="$(mktemp -d)"
	DEST=/etc/wireguard/"$IF".conf

	cleanup() {
	rm -f "${TMPFILE}"
	rm -f "${TMPFILE}".sha256sum
	rm -rf "${SPLITDIR}"
	}

	trap cleanup EXIT INT

	# The generated config is missing the device's private key, as the decryption is done
	# with client-side javascript only.
	# Thus, the key has to be kept locally is replaced via the sed command below
	curl -s \
	"$URL" \
	\| sed -re '/Interface\|(Public\|Private)Key/s/^# //' -e '3,4s/^# //' -e '4d' -e "s,PrivateKey = .*,PrivateKey = $(cat ${DEST/.conf/.sk})," \
	> "$TMPFILE"

	# Check for file changes
	cat > "${TMPFILE}.sha256sum" << EOF
	$(cat ${DEST}.sha256sum) ${TMPFILE}
	EOF

	if ! sha256sum -c "${TMPFILE}.sha256sum" > /dev/null 2>&1
	then
	# A peer might be missing its public key, making the configuration illegal.
	# For now, we crash if a peer is invalid.
	(
	cd "${SPLITDIR}"
	csplit ${TMPFILE} '/^$/' '{*}' > /dev/null 2>&1
	if [[ $(grep -c "\[Peer\]" xx* \| grep -v ":0" \| wc -l) != $(grep -c "PublicKey" ${TMPFILE}) ]]
	then
	printf "Some peer is missing a public key, removing...!\n"
	invalid_peers=$( \
	grep -c PublicKey $(grep -c "\[Peer\]" xx* \| grep -v ":0" \| cut -d ':' -f1) \
	\| grep ":0" \| cut -d ':' -f1 \
	)
	cat $invalid_peers
	cat $( \
	ls -I $( \
	echo -n "$invalid_peers" \| sed -e ':a; N; $!ba; s/\n/","/g' -e 's/^/{"/' -e 's/$/"}/' \
	) \
	) > "${DEST}"
	else
	cp -f "${TMPFILE}" "${DEST}"
	fi
	)

	restorecon "$DEST"
	printf "Updating checksum\n"
	sha256sum "$DEST" \| cut -d ' ' -f1 > "$DEST.sha256sum"
	printf "Restarting interface\n"
	systemctl restart "wg-quick@$IF"
	else
	printf "Config doesn't need an update\n"
	fi