diff --git a/readme-vars.yml b/readme-vars.yml index 771cbb35..e0a229d9 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -131,6 +131,7 @@ app_setup_block: | # changelog changelogs: - { date: "23.07.24:", desc: "Install kmod from alpine repository." } + - { date: "12.07.24:", desc: "Peer info that is appended to the server config is now templated." } - { date: "24.05.24:", desc: "Rebase to Alpine 3.20, install wireguard-tools from Alpine repo." } - { date: "10.03.24:", desc: "Use iptables-legacy on Alpine 3.19." } - { date: "05.03.24:", desc: "Rebase master to Alpine 3.19." } diff --git a/root/defaults/server-peer.conf b/root/defaults/server-peer.conf new file mode 100644 index 00000000..909a4323 --- /dev/null +++ b/root/defaults/server-peer.conf @@ -0,0 +1,5 @@ +[Peer] +# friendly_name = ${PEER_ID} +PublicKey = $(cat "/config/${PEER_ID}/publickey-${PEER_ID}") +$([[ -f "/config/${PEER_ID}/presharedkey-${PEER_ID}" ]] && echo "PresharedKey = $(cat /config/${PEER_ID}/presharedkey-${PEER_ID})" || echo) +$([[ -n "${!SERVER_ALLOWEDIPS}" ]] && echo "AllowedIPs = ${CLIENT_IP}/32,${!SERVER_ALLOWED_IPS}" || echo "AllowedIPs = ${CLIENT_IP}/32") diff --git a/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run b/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run index 5c11cb31..ad16b3f3 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run +++ b/root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run @@ -18,6 +18,9 @@ fi if [[ ! -f /config/templates/peer.conf ]]; then cp /defaults/peer.conf /config/templates/peer.conf fi +if [[ ! -f /config/templates/server-peer.conf ]]; then + cp /defaults/server-peer.conf /config/templates/server-peer.conf +fi # add preshared key to user templates (backwards compatibility) if ! grep -q 'PresharedKey' /config/templates/peer.conf; then sed -i 's|^Endpoint|PresharedKey = \$\(cat /config/\${PEER_ID}/presharedkey-\${PEER_ID}\)\nEndpoint|' /config/templates/peer.conf @@ -69,13 +72,6 @@ DUDE" cat < /config/${PEER_ID}/${PEER_ID}.conf $(cat /config/templates/peer.conf) DUDE" - # add peer info to server conf with presharedkey - cat <> /config/wg_confs/wg0.conf -[Peer] -# ${PEER_ID} -PublicKey = $(cat "/config/${PEER_ID}/publickey-${PEER_ID}") -PresharedKey = $(cat "/config/${PEER_ID}/presharedkey-${PEER_ID}") -DUDE else echo "**** Existing keys with no preshared key found for ${PEER_ID}, creating confs without preshared key for backwards compatibility ****" # create peer conf without presharedkey @@ -83,25 +79,16 @@ DUDE cat < /config/${PEER_ID}/${PEER_ID}.conf $(sed '/PresharedKey/d' "/config/templates/peer.conf") DUDE" - # add peer info to server conf without presharedkey - cat <> /config/wg_confs/wg0.conf -[Peer] -# ${PEER_ID} -PublicKey = $(cat "/config/${PEER_ID}/publickey-${PEER_ID}") -DUDE fi SERVER_ALLOWEDIPS=SERVER_ALLOWEDIPS_PEER_${i} - # add peer's allowedips to server conf if [[ -n "${!SERVER_ALLOWEDIPS}" ]]; then echo "Adding ${!SERVER_ALLOWEDIPS} to wg0.conf's AllowedIPs for peer ${i}" - cat <> /config/wg_confs/wg0.conf -AllowedIPs = ${CLIENT_IP}/32,${!SERVER_ALLOWEDIPS} -DUDE - else - cat <> /config/wg_confs/wg0.conf -AllowedIPs = ${CLIENT_IP}/32 -DUDE fi + # add peer info to server conf + eval "$(printf %s) + cat <> /config/wg_confs/wg0.conf +$(cat /config/templates/server-peer.conf) +DUDE" # add PersistentKeepalive if the peer is specified if [[ -n "${PERSISTENTKEEPALIVE_PEERS_ARRAY}" ]] && ([[ "${PERSISTENTKEEPALIVE_PEERS_ARRAY[0]}" = "all" ]] || printf '%s\0' "${PERSISTENTKEEPALIVE_PEERS_ARRAY[@]}" | grep -Fxqz -- "${i}"); then cat <> /config/wg_confs/wg0.conf