kbabioch · March 12, 2024 14:35 · jbollacke · Mar 17, 2023 · kbabioch · Mar 17, 2023
diff --git a/wireguard b/wireguard
 #! /bin/bash

 # Copyright (c) 2021 Karol Babioch <[email protected]>

 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 # LSBInitScript for Wireguard: This is a leightweight init script for
 # Wireguard. While Wireguard itself requires only minimal overhead to setup and
 # start, it still requires some script invocations (e.g. during boot).
 #
 # Most distributions are using systemd by now, and as such can use
 # [email protected]. However some distributions / images / Linux appliances
 # are not (yet) using systemd. In such cases, this init script could be used
 # to (re)start and/or stop Wireguard.
 #
 # It can handle all configured Wireguard interfaces (within /etc/wireguard)
 # globally and/or individual interfaces, e.g. (/etc/init.d/wireguard start wg0).
 #
 # It relies on wg(8) and wg-quick(8) in the background.

 ### BEGIN INIT INFO
 # Provides:          wireguard
 # Required-Start:    $network $syslog
 # Required-Stop:     $network $syslog
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: Starts Wireguard interfaces
 # Description:       Sets up Wireguard interfaces (by means of wg-quick).
 ### END INIT INFO

 CONFIG_DIR=/etc/wireguard

 function get_active_wg_interfaces() {
  INTERFACES=$(wg | grep "interface:" | sed 's/interface: /\1/')
  echo "$INTERFACES"
 }

 # This is required for wg-quick(1) to work correctly, i.e. for process
 # substitution (`<()`) to work in Bash. If missing, wg-quick will fail with a
 # "fopen: No such file or directory" error.
 [ -e /dev/fd ] || ln -sf /proc/self/fd /dev/fd

 case "$1" in

  start)
    if [ -z "$2" ]; then
      echo "Starting all configured Wireguard interfaces"
      for CONFIG in $(cd $CONFIG_DIR; ls *.conf); do
        wg-quick up ${CONFIG%%.conf}
      done
    else
      echo "Starting Wireguard interface: $2"
      wg-quick up "$2"
    fi
    ;;

  stop)
    if [ -z "$2" ]; then
      echo "Stopping all active Wireguard interfaces"
      INTERFACES=$(get_active_wg_interfaces)
      for INTERFACE in $INTERFACES; do
        wg-quick down "$INTERFACE"
      done
    else
      echo "Stopping Wireguard interface: $2"
      wg-quick down "$2"
    fi
    ;;

  reload|force-reload)
    if [ -z "$2" ]; then
      echo "Reloading configuration for all active Wireguard interfaces"
      INTERFACES=$(get_active_wg_interfaces)
      for INTERFACE in $INTERFACES; do
        wg syncconf "$INTERFACE" <(wg-quick strip "$INTERFACE")
      done
    else
      echo "Reloading configuration for Wireguard interface: $2"
      wg syncconf "$2" <(wg-quick strip "$2")
    fi
    ;;

  restart)
    $0 stop "$2"
    sleep 1
    $0 start "$2"
    ;;

  status)
    # TODO Check exit codes and align them with LSB requirements
    if [ -z "$2" ]; then
      INTERFACES=$(get_active_wg_interfaces)
      for INTERFACE in $INTERFACES; do
        wg show $INTERFACE
      done
    else
      wg show "$2"
    fi
    ;;

  *)
    echo "Usage: $0 { start | stop | restart | reload | force-reload | status } [INTERFACE]"
    exit 1
    ;;

 esac
	#! /bin/bash

	# Copyright (c) 2021 Karol Babioch <[email protected]>

	# This program is free software: you can redistribute it and/or modify
	# it under the terms of the GNU General Public License as published by
	# the Free Software Foundation, either version 3 of the License, or
	# (at your option) any later version.
	#
	# This program is distributed in the hope that it will be useful,
	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	# GNU General Public License for more details.
	#
	# You should have received a copy of the GNU General Public License
	# along with this program. If not, see <http://www.gnu.org/licenses/>.

	# LSBInitScript for Wireguard: This is a leightweight init script for
	# Wireguard. While Wireguard itself requires only minimal overhead to setup and
	# start, it still requires some script invocations (e.g. during boot).
	#
	# Most distributions are using systemd by now, and as such can use
	# [email protected]. However some distributions / images / Linux appliances
	# are not (yet) using systemd. In such cases, this init script could be used
	# to (re)start and/or stop Wireguard.
	#
	# It can handle all configured Wireguard interfaces (within /etc/wireguard)
	# globally and/or individual interfaces, e.g. (/etc/init.d/wireguard start wg0).
	#
	# It relies on wg(8) and wg-quick(8) in the background.

	### BEGIN INIT INFO
	# Provides: wireguard
	# Required-Start: $network $syslog
	# Required-Stop: $network $syslog
	# Default-Start: 2 3 4 5
	# Default-Stop: 0 1 6
	# Short-Description: Starts Wireguard interfaces
	# Description: Sets up Wireguard interfaces (by means of wg-quick).
	### END INIT INFO

	CONFIG_DIR=/etc/wireguard

	function get_active_wg_interfaces() {
	INTERFACES=$(wg \| grep "interface:" \| sed 's/interface: /\1/')
	echo "$INTERFACES"
	}

	# This is required for wg-quick(1) to work correctly, i.e. for process
	# substitution (`<()`) to work in Bash. If missing, wg-quick will fail with a
	# "fopen: No such file or directory" error.
	[ -e /dev/fd ] \|\| ln -sf /proc/self/fd /dev/fd

	case "$1" in

	start)
	if [ -z "$2" ]; then
	echo "Starting all configured Wireguard interfaces"
	for CONFIG in $(cd $CONFIG_DIR; ls *.conf); do
	wg-quick up ${CONFIG%%.conf}
	done
	else
	echo "Starting Wireguard interface: $2"
	wg-quick up "$2"
	fi
	;;

	stop)
	if [ -z "$2" ]; then
	echo "Stopping all active Wireguard interfaces"
	INTERFACES=$(get_active_wg_interfaces)
	for INTERFACE in $INTERFACES; do
	wg-quick down "$INTERFACE"
	done
	else
	echo "Stopping Wireguard interface: $2"
	wg-quick down "$2"
	fi
	;;

	reload\|force-reload)
	if [ -z "$2" ]; then
	echo "Reloading configuration for all active Wireguard interfaces"
	INTERFACES=$(get_active_wg_interfaces)
	for INTERFACE in $INTERFACES; do
	wg syncconf "$INTERFACE" <(wg-quick strip "$INTERFACE")
	done
	else
	echo "Reloading configuration for Wireguard interface: $2"
	wg syncconf "$2" <(wg-quick strip "$2")
	fi
	;;

	restart)
	$0 stop "$2"
	sleep 1
	$0 start "$2"
	;;

	status)
	# TODO Check exit codes and align them with LSB requirements
	if [ -z "$2" ]; then
	INTERFACES=$(get_active_wg_interfaces)
	for INTERFACE in $INTERFACES; do
	wg show $INTERFACE
	done
	else
	wg show "$2"
	fi
	;;

	*)
	echo "Usage: $0 { start \| stop \| restart \| reload \| force-reload \| status } [INTERFACE]"
	exit 1
	;;

	esac