Last active
May 4, 2022 13:10
-
-
Save pstadler/2eb645ae829941850db2e09628fe0d85 to your computer and use it in GitHub Desktop.
WireGuard on Vyatta
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -e | |
| # vyatta-wireguard | |
| # | |
| # Usage: `./wireguard.sh [upgrade|uninstall]`. | |
| # | |
| # When called without arguments, the latest version will be fetched and installed. | |
| # | |
| # To automatically install the latest version of WireGuard after Firmware upgrades, | |
| # this script should be placed in `/config/scripts/post-config.d/wireguard.sh`. | |
| # | |
| # Change `BOARD` to match your hardware. See: https://github.com/Lochnair/vyatta-wireguard/releases | |
| BOARD=e300 # ER4 | |
| # Don't touch the lines below | |
| CMD_WRAPPER=/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper | |
| echo "Fetching WireGuard releases..." | |
| releases=$(curl -sSL https://api.github.com/repos/WireGuard/wireguard-vyatta-ubnt/releases) | |
| is_installed () { | |
| dpkg -S wireguard >/dev/null 2>&1 | |
| } | |
| get_local_version () { | |
| ! is_installed && return | |
| dpkg-query --showformat='${Version}' --show wireguard | |
| } | |
| get_latest_version () { | |
| echo $releases | jq -r --arg version "$BOARD-v2" \ | |
| '[.[] | select(.assets | .[].browser_download_url | contains($version))][0] | .tag_name' | |
| } | |
| get_latest_download_url () { | |
| echo $releases | jq -r --arg version "$BOARD-v2" \ | |
| '[.[].assets | .[] | select(.browser_download_url | contains($version))][0] | .browser_download_url' | |
| } | |
| install_latest_version () { | |
| curl -L -o "/tmp/wireguard-$BOARD.deb" $(get_latest_download_url) | |
| dpkg -i "/tmp/wireguard-$BOARD.deb" | |
| rm "/tmp/wireguard-$BOARD.deb" | |
| } | |
| uninstall () { | |
| $CMD_WRAPPER begin | |
| $CMD_WRAPPER set interfaces wireguard wg0 route-allowed-ips false | |
| $CMD_WRAPPER commit | |
| $CMD_WRAPPER delete interfaces wireguard | |
| $CMD_WRAPPER commit | |
| sudo rmmod wireguard | |
| sudo dpkg --purge wireguard | |
| } | |
| # uninstall | |
| if [ "$1" = "uninstall" ]; then | |
| ! is_installed && (echo "WireGuard is not installed."; exit 1) | |
| echo "Uninstalling WireGuard..." | |
| uninstall | |
| exit 0 | |
| fi | |
| # upgrade | |
| if [ "$1" = "upgrade" ]; then | |
| latest_version=$(get_latest_version) | |
| local_version=$(get_local_version) | |
| if [[ "$latest_version" = "$local_version" || "${latest_version}-1" = "$local_version" ]]; then | |
| echo "WireGuard is up-to-date. (local: $(get_local_version); remote: $latest_version)" | |
| exit 0 | |
| fi | |
| if ! is_installed; then | |
| echo "WireGuard is not installed yet. Run script without arguments to install." | |
| exit 1 | |
| fi | |
| echo "Upgrading WireGuard from $local_version to $latest_version..." | |
| uninstall | |
| install_latest_version | |
| sudo modprobe wireguard | |
| $CMD_WRAPPER load | |
| $CMD_WRAPPER commit | |
| echo "Upgrade done." | |
| exit 0 | |
| fi | |
| # install | |
| if is_installed; then | |
| echo "WireGuard $(get_local_version) is already installed." | |
| exit 1 | |
| fi | |
| echo "Installing latest WireGuard version..." | |
| install_latest_version | |
| $CMD_WRAPPER begin | |
| $CMD_WRAPPER load | |
| $CMD_WRAPPER commit | |
| $CMD_WRAPPER end | |
| echo "Installation done." | |
| exit 0 |
dpkg -l |grep ubnt-platform -m1 |cut -f3 -d- |cut -f1 -d" "I'm wondering if that could be a good way to get the board version automatically
Not really, as on my USG the result of your command is e120, which is not available in the given naming convention of the releases where this device is named ugw3.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm wondering if that could be a good way to get the board version automatically