Skip to content

Commit

Permalink
breaking changes: peers params
Browse files Browse the repository at this point in the history
  • Loading branch information
bigmoby committed Dec 26, 2021
1 parent 41bc9cd commit 93f34aa
Show file tree
Hide file tree
Showing 5 changed files with 147 additions and 97 deletions.
2 changes: 0 additions & 2 deletions .vscode/tasks.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
{
// See https://go.microsoft.com/fwlink/?LinkId=733558
// for the documentation about the tasks.json format
"version": "2.0.0",
"tasks": [
{
Expand Down
51 changes: 51 additions & 0 deletions wireguard_client/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,54 @@
## What’s changed in Wireguard Client Add-on v0.1.9
### 💣 BREAKING CHANGES

- new peers section in order to configure several peer connection (thanks to Stefan Berggren aka "nsg" https://github.com/nsg for suggest me this feature and give me some hints with his PR)

```yaml
interface:
private_key: test_key
address: 10.6.0.2
dns:
- 8.8.8.8
- 8.8.4.4
post_up: iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
post_down: iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
peer:
public_key: test_key
pre_shared_key: test_key
endpoint: xxxxxxxxxxxxxxx.duckdns.org:51820
allowed_ips:
- 10.6.0.0/24
persistent_keep_alive: 25
```
should be re-configured in
```yaml
interface:
private_key: test_key
address: 10.6.0.2
dns:
- 8.8.8.8
- 8.8.4.4
post_up: iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
post_down: iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
peers:
- public_key: test_key
pre_shared_key: test_key
endpoint: xxxxxxxxxxxxxxx.duckdns.org:51820
allowed_ips:
- 10.6.0.0/24
persistent_keep_alive: '25'
- public_key: test_key
pre_shared_key: test_key
endpoint: yyyyyyyyyyyyyyy.duckdns.org:51820
allowed_ips:
- 10.6.0.1/24
persistent_keep_alive: '26'
```
- `dns`,`post_up`,`post_down` have become optional params

## What’s changed in Wireguard Client Add-on v0.1.8
### 🛠 Fixs

Expand Down
14 changes: 7 additions & 7 deletions wireguard_client/DOCS.md
Original file line number Diff line number Diff line change
Expand Up @@ -56,13 +56,13 @@ interface:
- 8.8.4.4
post_up: iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
post_down: iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
peer:
public_key: your-public-key
pre_shared_key: your-preshared-key
endpoint: 'xxxxxxxxxxxxxxx.duckdns.org:51820'
allowed_ips:
- 10.6.0.0/24
persistent_keep_alive: 25
peers:
- public_key: your-public-key
pre_shared_key: your-preshared-key
endpoint: 'xxxxxxxxxxxxxxx.duckdns.org:51820'
allowed_ips:
- 10.6.0.0/24
persistent_keep_alive: 25
```
1. Save the configuration.
Expand Down
48 changes: 26 additions & 22 deletions wireguard_client/config.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name":"WireGuard Client",
"version":"0.1.8",
"version":"0.1.9",
"slug":"wireguard_client",
"description":"Fast, modern, secure Wireguard tunnel (client)",
"url":"https://github.com/bigmoby/addon-wireguard-client",
Expand Down Expand Up @@ -40,36 +40,40 @@
"post_up": "iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE",
"post_down": "iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE"
},
"peer":{
"public_key": "",
"pre_shared_key": "",
"endpoint": "xxxxxx.duckdns.com",
"allowed_ips":[
"10.6.0.0/24"
],
"persistent_keep_alive": "25"
}
"peers": [
{
"public_key": "",
"pre_shared_key": "",
"endpoint": "xxxxxx.duckdns.com",
"allowed_ips":[
"10.6.0.0/24"
],
"persistent_keep_alive": "25"
}
]
},
"schema":{
"log_level":"list(trace|debug|info|notice|warning|error|fatal)?",
"interface":{
"private_key": "password?",
"address": "str",
"dns":[
"str"
"str?"
],
"post_up": "str",
"post_down": "str"
"post_up": "str?",
"post_down": "str?"
},
"peer":{
"public_key":"str?",
"pre_shared_key":"str?",
"endpoint":"str",
"allowed_ips":[
"str"
],
"persistent_keep_alive":"int"
}
"peers": [
{
"public_key":"str?",
"pre_shared_key":"str?",
"endpoint":"str",
"allowed_ips":[
"str"
],
"persistent_keep_alive":"int"
}
]
},
"image": "bigmoby/{arch}-addon-wireguard-client"
}
129 changes: 63 additions & 66 deletions wireguard_client/rootfs/etc/cont-init.d/config.sh
Original file line number Diff line number Diff line change
Expand Up @@ -50,17 +50,15 @@ else
fi

# Add all server DNS addresses to the configuration
listDns=()
if bashio::config.has_value "interface.dns"; then
listDns=()
# Use allowed IP's defined by the user.
for address in $(bashio::config "interface.dns"); do
listDns+=("${address}")
done
else
bashio::exit.nok 'You need a dns configured'
dns=$(IFS=", "; echo "${listDns[*]}")
echo "DNS = ${dns}" >> "${config}"
fi
dns=$(IFS=", "; echo "${listDns[*]}")
echo "DNS = ${dns}" >> "${config}"

if [[ $(</proc/sys/net/ipv4/ip_forward) -eq 0 ]]; then
bashio::log.warning
Expand All @@ -76,17 +74,13 @@ fi

# Post Up & Down defaults
# Check if custom post_up value
if ! bashio::config.has_value 'interface.post_up'; then
bashio::exit.nok 'post_up command is required'
else
if bashio::config.has_value 'interface.post_up'; then
post_up=$(bashio::config 'interface.post_up')
echo "PostUp = ${post_up}" >> "${config}"
fi

# Check if custom post_down value
if ! bashio::config.has_value 'interface.post_down'; then
bashio::exit.nok 'post_down command is required'
else
if bashio::config.has_value 'interface.post_down'; then
post_down=$(bashio::config 'interface.post_down')
echo "PostDown = ${post_down}" >> "${config}"
fi
Expand All @@ -97,67 +91,70 @@ if ! bashio::fs.directory_exists '/var/lib/wireguard'; then
|| bashio::exit.nok "Could not create status API storage folder"
fi

if ! bashio::config.has_value 'peers'; then
bashio::exit.nok 'Missing required list: peers'
fi

######################
# Peer configuration #
######################
# Check if public key value and if true get the peer public key
peer_public_key=""
if ! bashio::config.has_value 'peer.public_key'; then
bashio::exit.nok 'You need a public_key configured for the peer'
else
peer_public_key=$(bashio::config 'peer.public_key')
fi

# Check if pre_shared key value and if true get the peer pre_shared key
pre_shared_key=""
if bashio::config.has_value 'peer.pre_shared_key'; then
pre_shared_key=$(bashio::config 'peer.pre_shared_key')
fi

# Check if endpoint value and if true get the peer endpoint
endpoint=""
if ! bashio::config.has_value 'peer.endpoint'; then
bashio::exit.nok 'You need a endpoint configured for the peer'
else
endpoint=$(bashio::config 'peer.endpoint')
fi

# Check if persistent_keep_alive value and if true get the peer persistent_keep_alive
keep_alive=""
if ! bashio::config.has_value 'peer.persistent_keep_alive'; then
bashio::exit.nok 'You need a persistent_keep_alive configured for the peer'
else
keep_alive=$(bashio::config 'peer.persistent_keep_alive')
fi
# Fetch all the peers
for peer in $(bashio::config 'peers|keys'); do

# Check if public key value and if true get the peer public key
peer_public_key=$(bashio::config "peers[${peer}].public_key")

# Check if pre_shared key value and if true get the peer pre_shared key
pre_shared_key=""
if bashio::config.has_value "peers[${peer}].pre_shared_key"; then
pre_shared_key=$(bashio::config "peers[${peer}].pre_shared_key")
fi

# Determine allowed IPs for server side config, by default use
# peer defined addresses.
list=()
if bashio::config.has_value "peer.allowed_ips"; then
# Use allowed IP's defined by the user.
for address in $(bashio::config "peer.allowed_ips"); do
[[ "${address}" == *"/"* ]] || address="${address}/32"
list+=("${address}")
done
else
bashio::exit.nok 'You need a allowed_ips configured for the peer'
fi
# Check if endpoint value and if true get the peer endpoint
endpoint=""
if ! bashio::config.has_value "peers[${peer}].endpoint"; then
bashio::exit.nok 'You need a endpoint configured for the peer'
else
endpoint=$(bashio::config "peers[${peer}].endpoint")
fi

allowed_ips=$(IFS=", "; echo "${list[*]}")
# Check if persistent_keep_alive value and if true get the peer persistent_keep_alive
keep_alive=""
if ! bashio::config.has_value "peers[${peer}].persistent_keep_alive"; then
bashio::exit.nok 'You need a persistent_keep_alive configured for the peer'
else
keep_alive=$(bashio::config "peers[${peer}].persistent_keep_alive")
fi

# Start writing peer information in client config
{
echo ""
echo "[Peer]"
echo "PublicKey = ${peer_public_key}"
if [ ! $pre_shared_key == "" ]
then
echo "PreSharedKey = ${pre_shared_key}"
# Determine allowed IPs for server side config, by default use
# peer defined addresses.
list=()
if bashio::config.has_value "peers[${peer}].allowed_ips"; then
# Use allowed IP's defined by the user.
for address in $(bashio::config "peers[${peer}].allowed_ips"); do
[[ "${address}" == *"/"* ]] || address="${address}/32"
list+=("${address}")
done
else
bashio::exit.nok 'You need a allowed_ips configured for the peer'
fi
echo "Endpoint = ${endpoint}"
echo "AllowedIPs = ${allowed_ips}"
echo "PersistentKeepalive = ${keep_alive}"
echo ""
} >> "${config}"

allowed_ips=$(IFS=", "; echo "${list[*]}")

# Start writing peer information in client config
{
echo ""
echo "[Peer]"
echo "PublicKey = ${peer_public_key}"
if [ ! $pre_shared_key == "" ]
then
echo "PreSharedKey = ${pre_shared_key}"
fi
echo "Endpoint = ${endpoint}"
echo "AllowedIPs = ${allowed_ips}"
echo "PersistentKeepalive = ${keep_alive}"
echo ""
} >> "${config}"
done

bashio::log.info "Ended to write Wireguard configuration into: [${config}]"

0 comments on commit 93f34aa

Please sign in to comment.