11#!/usr/bin/with-contenv bash
2+ # shellcheck shell=bash
3+ # shellcheck disable=SC2016,SC1091,SC2183
24
35# prepare symlinks
46rm -rf /etc/wireguard
57mkdir -p /etc/wireguard
68ln -s /config/wg0.conf /etc/wireguard/wg0.conf
79# prepare templates
8- [[ ! -f /config/templates/server.conf ]] && \
9- cp /defaults/server.conf /config/templates/server.conf
10- [[ ! -f /config/templates/peer.conf ]] && \
11- cp /defaults/peer.conf /config/templates/peer.conf
10+ if [[ ! -f /config/templates/server.conf ]]; then
11+ cp /defaults/server.conf /config/templates/server.conf
12+ fi
13+ if [[ ! -f /config/templates/peer.conf ]]; then
14+ cp /defaults/peer.conf /config/templates/peer.conf
15+ fi
1216# add preshared key to user templates (backwards compatibility)
1317if ! grep -q 'PresharedKey' /config/templates/peer.conf; then
14- sed -i 's|^Endpoint|PresharedKey = \$\(cat /config/\${PEER_ID}/presharedkey-\${PEER_ID}\)\nEndpoint|' /config/templates/peer.conf
18+ sed -i 's|^Endpoint|PresharedKey = \$\(cat /config/\${PEER_ID}/presharedkey-\${PEER_ID}\)\nEndpoint|' /config/templates/peer.conf
1519fi
1620
1721generate_confs () {
18- mkdir -p /config/server
19- if [ ! -f /config/server/privatekey-server ]; then
20- umask 077
21- wg genkey | tee /config/server/privatekey-server | wg pubkey > /config/server/publickey-server
22- fi
23- eval "` printf %s`
24- cat <<DUDE > /config/wg0.conf
25- ` cat /config/templates/server.conf`
22+ mkdir -p /config/server
23+ if [[ ! -f /config/server/privatekey-server ] ]; then
24+ umask 077
25+ wg genkey | tee /config/server/privatekey-server | wg pubkey > /config/server/publickey-server
26+ fi
27+ eval "$( printf %s)
28+ cat <<DUDE > /config/wg0.conf
29+ $( cat /config/templates/server.conf)
2630
2731DUDE"
28- for i in ${PEERS_ARRAY[@]}; do
32+ for i in " ${PEERS_ARRAY[@]}" ; do
2933 if [[ ! "${i}" =~ ^[[:alnum:]]+$ ]]; then
3034 echo "**** Peer ${i} contains non-alphanumeric characters and thus will be skipped. No config for peer ${i} will be generated. ****"
3135 else
@@ -34,56 +38,56 @@ DUDE"
3438 else
3539 PEER_ID="peer_${i}"
3640 fi
37- mkdir -p /config/${PEER_ID}
38- if [ ! -f "/config/${PEER_ID}/privatekey-${PEER_ID}" ]; then
41+ mkdir -p " /config/${PEER_ID}"
42+ if [[ ! -f "/config/${PEER_ID}/privatekey-${PEER_ID}" ] ]; then
3943 umask 077
40- wg genkey | tee /config/${PEER_ID}/privatekey-${PEER_ID} | wg pubkey > /config/${PEER_ID}/publickey-${PEER_ID}
41- wg genpsk > /config/${PEER_ID}/presharedkey-${PEER_ID}
44+ wg genkey | tee " /config/${PEER_ID}/privatekey-${PEER_ID}" | wg pubkey > " /config/${PEER_ID}/publickey-${PEER_ID}"
45+ wg genpsk > " /config/${PEER_ID}/presharedkey-${PEER_ID}"
4246 fi
43- if [ -f "/config/${PEER_ID}/${PEER_ID}.conf" ]; then
44- CLIENT_IP=$(cat /config/${PEER_ID}/${PEER_ID}.conf | grep "Address " | awk '{print $NF}')
45- if [ -n "${ORIG_INTERFACE}" ] && [ "${INTERFACE}" != "${ORIG_INTERFACE}" ]; then
46- CLIENT_IP=$(echo "${CLIENT_IP}" | sed "s| ${ORIG_INTERFACE}| ${INTERFACE}|")
47+ if [[ -f "/config/${PEER_ID}/${PEER_ID}.conf" ] ]; then
48+ CLIENT_IP=$(grep "Address" " /config/${PEER_ID}/${PEER_ID}.conf" | awk '{print $NF}')
49+ if [[ -n "${ORIG_INTERFACE}" ]] && [[ "${INTERFACE}" != "${ORIG_INTERFACE}" ] ]; then
50+ CLIENT_IP="${CLIENT_IP// ${ORIG_INTERFACE}/ ${INTERFACE}}"
4751 fi
4852 else
4953 for idx in {2..254}; do
5054 PROPOSED_IP="${INTERFACE}.${idx}"
51- if ! grep -q -R "${PROPOSED_IP}" /config/peer*/*.conf 2>/dev/null && ([ -z "${ORIG_INTERFACE}" ] || ! grep -q -R "${ORIG_INTERFACE}.${idx}" /config/peer*/*.conf 2>/dev/null); then
55+ if ! grep -q -R "${PROPOSED_IP}" /config/peer*/*.conf 2>/dev/null && ([[ -z "${ORIG_INTERFACE}" ] ] || ! grep -q -R "${ORIG_INTERFACE}.${idx}" /config/peer*/*.conf 2>/dev/null); then
5256 CLIENT_IP="${PROPOSED_IP}"
5357 break
5458 fi
5559 done
5660 fi
57- if [ -f "/config/${PEER_ID}/presharedkey-${PEER_ID}" ]; then
61+ if [[ -f "/config/${PEER_ID}/presharedkey-${PEER_ID}" ] ]; then
5862 # create peer conf with presharedkey
59- eval "` printf %s`
63+ eval "$( printf %s)
6064 cat <<DUDE > /config/${PEER_ID}/${PEER_ID}.conf
61- ` cat /config/templates/peer.conf`
65+ $( cat /config/templates/peer.conf)
6266DUDE"
6367 # add peer info to server conf with presharedkey
6468 cat <<DUDE >> /config/wg0.conf
6569[Peer]
6670# ${PEER_ID}
67- PublicKey = $(cat /config/${PEER_ID}/publickey-${PEER_ID})
68- PresharedKey = $(cat /config/${PEER_ID}/presharedkey-${PEER_ID})
71+ PublicKey = $(cat " /config/${PEER_ID}/publickey-${PEER_ID}" )
72+ PresharedKey = $(cat " /config/${PEER_ID}/presharedkey-${PEER_ID}" )
6973DUDE
7074 else
7175 echo "**** Existing keys with no preshared key found for ${PEER_ID}, creating confs without preshared key for backwards compatibility ****"
7276 # create peer conf without presharedkey
73- eval "` printf %s`
77+ eval "$( printf %s)
7478 cat <<DUDE > /config/${PEER_ID}/${PEER_ID}.conf
75- `cat / config/templates/peer.conf | sed '/PresharedKey/d'`
79+ $(sed '/PresharedKey/d' "/ config/templates/peer.conf")
7680DUDE"
7781 # add peer info to server conf without presharedkey
7882 cat <<DUDE >> /config/wg0.conf
7983[Peer]
8084# ${PEER_ID}
81- PublicKey = $(cat /config/${PEER_ID}/publickey-${PEER_ID})
85+ PublicKey = $(cat " /config/${PEER_ID}/publickey-${PEER_ID}" )
8286DUDE
8387 fi
8488 SERVER_ALLOWEDIPS=SERVER_ALLOWEDIPS_PEER_${i}
8589 # add peer's allowedips to server conf
86- if [ -n "${!SERVER_ALLOWEDIPS}" ]; then
90+ if [[ -n "${!SERVER_ALLOWEDIPS}" ] ]; then
8791 echo "Adding ${!SERVER_ALLOWEDIPS} to wg0.conf's AllowedIPs for peer ${i}"
8892 cat <<DUDE >> /config/wg0.conf
8993AllowedIPs = ${CLIENT_IP}/32,${!SERVER_ALLOWEDIPS}
@@ -94,7 +98,7 @@ AllowedIPs = ${CLIENT_IP}/32
9498DUDE
9599 fi
96100 # add PersistentKeepalive if the peer is specified
97- if [ -n "${PERSISTENTKEEPALIVE_PEERS_ARRAY}" ] && ([ "${PERSISTENTKEEPALIVE_PEERS_ARRAY[0]}" = "all" ] || printf '%s\0' "${PERSISTENTKEEPALIVE_PEERS_ARRAY[@]}" | grep -Fxqz -- "${i}"); then
101+ if [[ -n "${PERSISTENTKEEPALIVE_PEERS_ARRAY}" ]] && ([[ "${PERSISTENTKEEPALIVE_PEERS_ARRAY[0]}" = "all" ] ] || printf '%s\0' "${PERSISTENTKEEPALIVE_PEERS_ARRAY[@]}" | grep -Fxqz -- "${i}"); then
98102 cat <<DUDE >> /config/wg0.conf
99103PersistentKeepalive = 25
100104
@@ -104,19 +108,19 @@ DUDE
104108
105109DUDE
106110 fi
107- if [ -z "${LOG_CONFS}" ] || [ "${LOG_CONFS}" = "true" ]; then
111+ if [[ -z "${LOG_CONFS}" ]] || [[ "${LOG_CONFS}" = "true" ] ]; then
108112 echo "PEER ${i} QR code (conf file is saved under /config/${PEER_ID}):"
109- qrencode -t ansiutf8 < /config/${PEER_ID}/${PEER_ID}.conf
113+ qrencode -t ansiutf8 < " /config/${PEER_ID}/${PEER_ID}.conf"
110114 else
111115 echo "PEER ${i} conf and QR code png saved in /config/${PEER_ID}"
112116 fi
113- qrencode -o /config/${PEER_ID}/${PEER_ID}.png < /config/${PEER_ID}/${PEER_ID}.conf
117+ qrencode -o " /config/${PEER_ID}/${PEER_ID}.png" < " /config/${PEER_ID}/${PEER_ID}.conf"
114118 fi
115119 done
116120}
117121
118122save_vars () {
119- cat <<DUDE > /config/.donoteditthisfile
123+ cat <<DUDE > /config/.donoteditthisfile
120124ORIG_SERVERURL="$SERVERURL"
121125ORIG_SERVERPORT="$SERVERPORT"
122126ORIG_PEERDNS="$PEERDNS"
@@ -127,66 +131,67 @@ ORIG_PERSISTENTKEEPALIVE_PEERS="$PERSISTENTKEEPALIVE_PEERS"
127131DUDE
128132}
129133
130- if [ -n "$PEERS" ]; then
131- echo "**** Server mode is selected ****"
132- if [[ "$PEERS" =~ ^[0-9]+$ ]] && ! [[ "$PEERS" =~ *,* ]]; then
133- PEERS_ARRAY=($(seq 1 $PEERS))
134- else
135- PEERS_ARRAY=($(echo "$PEERS" | tr ',' ' '))
136- fi
137- PEERS_COUNT=$(echo "${#PEERS_ARRAY[@]}")
138- if [ -n "${PERSISTENTKEEPALIVE_PEERS}" ]; then
139- echo "**** PersistentKeepalive will be set for: ${PERSISTENTKEEPALIVE_PEERS/,/ } ****"
140- PERSISTENTKEEPALIVE_PEERS_ARRAY=($(echo "$PERSISTENTKEEPALIVE_PEERS" | tr ',' ' '))
141- fi
142- if [ -z "$SERVERURL" ] || [ "$SERVERURL" = "auto" ]; then
143- SERVERURL=$(curl -s icanhazip.com)
144- echo "**** SERVERURL var is either not set or is set to \"auto\", setting external IP to auto detected value of $SERVERURL ****"
145- else
146- echo "**** External server address is set to $SERVERURL ****"
147- fi
148- SERVERPORT=${SERVERPORT:-51820}
149- echo "**** External server port is set to ${SERVERPORT}. Make sure that port is properly forwarded to port 51820 inside this container ****"
150- INTERNAL_SUBNET=${INTERNAL_SUBNET:-10.13.13.0}
151- echo "**** Internal subnet is set to $INTERNAL_SUBNET ****"
152- INTERFACE=$(echo "$INTERNAL_SUBNET" | awk 'BEGIN{FS=OFS="."} NF--')
153- ALLOWEDIPS=${ALLOWEDIPS:-0.0.0.0/0, ::/0}
154- echo "**** AllowedIPs for peers $ALLOWEDIPS ****"
155- if [ -z "$PEERDNS" ] || [ "$PEERDNS" = "auto" ]; then
156- PEERDNS="${INTERFACE}.1"
157- echo "**** PEERDNS var is either not set or is set to \"auto\", setting peer DNS to ${INTERFACE}.1 to use wireguard docker host's DNS. ****"
158- else
159- echo "**** Peer DNS servers will be set to $PEERDNS ****"
160- fi
161- if [ ! -f /config/wg0.conf ]; then
162- echo "**** No wg0.conf found (maybe an initial install), generating 1 server and ${PEERS} peer/client confs ****"
163- generate_confs
164- save_vars
165- else
134+ if [[ -n "$PEERS" ]]; then
166135 echo "**** Server mode is selected ****"
167- [[ -f /config/.donoteditthisfile ]] && \
168- . /config/.donoteditthisfile
169- if [ "$SERVERURL" != "$ORIG_SERVERURL" ] || [ "$SERVERPORT" != "$ORIG_SERVERPORT" ] || [ "$PEERDNS" != "$ORIG_PEERDNS" ] || [ "$PEERS" != "$ORIG_PEERS" ] || [ "$INTERFACE" != "$ORIG_INTERFACE" ] || [ "$ALLOWEDIPS" != "$ORIG_ALLOWEDIPS" ] || [ "$PERSISTENTKEEPALIVE_PEERS" != "$ORIG_PERSISTENTKEEPALIVE_PEERS" ]; then
170- echo "**** Server related environment variables changed, regenerating 1 server and ${PEERS} peer/client confs ****"
171- generate_confs
172- save_vars
136+ if [[ "$PEERS" =~ ^[0-9]+$ ]] && ! [[ "$PEERS" = *,* ]]; then
137+ mapfile -t PEERS_ARRAY < <(seq 1 "${PEERS}")
173138 else
174- echo "**** No changes to parameters. Existing configs are used. ****"
139+ mapfile -t PEERS_ARRAY < <(echo "${PEERS}" | tr ',' '\n')
140+ fi
141+ if [[ -n "${PERSISTENTKEEPALIVE_PEERS}" ]]; then
142+ echo "**** PersistentKeepalive will be set for: ${PERSISTENTKEEPALIVE_PEERS/,/ } ****"
143+ mapfile -t PERSISTENTKEEPALIVE_PEERS_ARRAY < <(echo "${PERSISTENTKEEPALIVE_PEERS}" | tr ',' '\n')
144+ fi
145+ if [[ -z "$SERVERURL" ]] || [[ "$SERVERURL" = "auto" ]]; then
146+ SERVERURL=$(curl -s icanhazip.com)
147+ echo "**** SERVERURL var is either not set or is set to \"auto\", setting external IP to auto detected value of $SERVERURL ****"
148+ else
149+ echo "**** External server address is set to $SERVERURL ****"
150+ fi
151+ SERVERPORT=${SERVERPORT:-51820}
152+ echo "**** External server port is set to ${SERVERPORT}. Make sure that port is properly forwarded to port 51820 inside this container ****"
153+ INTERNAL_SUBNET=${INTERNAL_SUBNET:-10.13.13.0}
154+ echo "**** Internal subnet is set to $INTERNAL_SUBNET ****"
155+ INTERFACE=$(echo "$INTERNAL_SUBNET" | awk 'BEGIN{FS=OFS="."} NF--')
156+ ALLOWEDIPS=${ALLOWEDIPS:-0.0.0.0/0, ::/0}
157+ echo "**** AllowedIPs for peers $ALLOWEDIPS ****"
158+ if [[ -z "$PEERDNS" ]] || [[ "$PEERDNS" = "auto" ]]; then
159+ PEERDNS="${INTERFACE}.1"
160+ echo "**** PEERDNS var is either not set or is set to \"auto\", setting peer DNS to ${INTERFACE}.1 to use wireguard docker host's DNS. ****"
161+ else
162+ echo "**** Peer DNS servers will be set to $PEERDNS ****"
163+ fi
164+ if [[ ! -f /config/wg0.conf ]]; then
165+ echo "**** No wg0.conf found (maybe an initial install), generating 1 server and ${PEERS} peer/client confs ****"
166+ generate_confs
167+ save_vars
168+ else
169+ echo "**** Server mode is selected ****"
170+ if [[ -f /config/.donoteditthisfile ]]; then
171+ . /config/.donoteditthisfile
172+ fi
173+ if [[ "$SERVERURL" != "$ORIG_SERVERURL" ]] || [[ "$SERVERPORT" != "$ORIG_SERVERPORT" ]] || [[ "$PEERDNS" != "$ORIG_PEERDNS" ]] || [[ "$PEERS" != "$ORIG_PEERS" ]] || [[ "$INTERFACE" != "$ORIG_INTERFACE" ]] || [[ "$ALLOWEDIPS" != "$ORIG_ALLOWEDIPS" ]] || [[ "$PERSISTENTKEEPALIVE_PEERS" != "$ORIG_PERSISTENTKEEPALIVE_PEERS" ]]; then
174+ echo "**** Server related environment variables changed, regenerating 1 server and ${PEERS} peer/client confs ****"
175+ generate_confs
176+ save_vars
177+ else
178+ echo "**** No changes to parameters. Existing configs are used. ****"
179+ fi
175180 fi
176- fi
177181else
178- echo "**** Client mode selected. ****"
179- if [ ! -f /config/wg0.conf ]; then
180- echo "**** No client conf found. Provide your own client conf as \"/config/wg0.conf\" and restart the container. ****"
181- sleep infinity
182- fi
183- printf " false" > /run/s6/container_environment/USE_COREDNS
182+ echo "**** Client mode selected. ****"
183+ if [[ ! -f /config/wg0.conf ] ]; then
184+ echo "**** No client conf found. Provide your own client conf as \"/config/wg0.conf\" and restart the container. ****"
185+ sleep infinity
186+ fi
187+ printf %s "${USE_COREDNS:- false} " > /run/s6/container_environment/USE_COREDNS
184188fi
185189
186190# set up CoreDNS
187- [[ ! -f /config/coredns/Corefile ]] && \
188- cp /defaults/Corefile /config/coredns/Corefile
191+ if [[ ! -f /config/coredns/Corefile ]]; then
192+ cp /defaults/Corefile /config/coredns/Corefile
193+ fi
189194
190195# permissions
191- chown -R abc:abc \
192- /config
196+ lsiown -R abc:abc \
197+ /config
0 commit comments