ifupdown helper for wireguard

wireguard.if-post-down

#!/bin/bash -e
# 
# wireguard helper script
#

IP=/sbin/ip

if [ "$IF_WG_CONF" -o "$IF_WG_PRIVATE_KEY" ]
then
	$IP link del $IFACE
	exit 0
fi

wireguard.if-pre-up

#!/bin/bash -e
# 
# wireguard helper script
#


WG=/usr/bin/wg
IP=/sbin/ip

[ -x $WG ] || exit 0

create_device() {
	$IP link add $IFACE type wireguard
}

set_mtu() {
	if [ "$IF_MTU" ]
	then
		$IP link set $IFACE mtu $IF_MTU
	else
		# refer to https://lists.zx2c4.com/pipermail/wireguard/2017-December/002201.html
		$IP link set $IFACE mtu 1420
	fi
}

if [ "$IF_WG_CONF" ]
then
	create_device
	if [[ $IF_WG_CONF == /* ]]
	then
		$WG setconf $IFACE $IF_WG_CONF
	else
		$WG setconf $IFACE /etc/wireguard/$IF_WG_CONF
	fi
	set_mtu
	exit 0
fi

if [ "$IF_WG_PRIVATE_KEY" ]
then
	create_device
	if [[ $IF_WG_PRIVATE_KEY != /* ]]
	then
		IF_WG_PRIVATE_KEY="/etc/wireguard/$IF_WG_PRIVATE_KEY"
	fi
	CMD="$WG set $IFACE private-key '$IF_WG_PRIVATE_KEY'"
	if [ "$IF_WG_LISTEN" ]
	then
		CMD="$CMD listen-port $IF_WG_LISTEN"
	fi
	if [ "$IF_WG_FWMARK" ]
	then
		CMD="$CMD fwmark $IF_WG_FWMARK"
	fi
	if [ "$IF_WG_PEER_KEY" ]
	then
		CMD="$CMD peer '$IF_WG_PEER_KEY'"
	fi
	if [ "$IF_WG_ENDPOINT" ]
	then
		CMD="$CMD endpoint '$IF_WG_ENDPOINT'"
	fi
	if [ "$IF_WG_KEEPALIVE" ]
	then
		CMD="$CMD persistent-keepalive $IF_WG_KEEPALIVE"
	fi
	if [ "$IF_WG_ALLOWED_IPS" ]
	then
		CMD="$CMD allowed-ips '$IF_WG_ALLOWED_IPS'"
	fi
	bash -c "$CMD"
	set_mtu
	exit 0
fi