diff --git a/.vscode/tasks.json b/.vscode/tasks.json index 81384a1..1e81fdc 100644 --- a/.vscode/tasks.json +++ b/.vscode/tasks.json @@ -1,6 +1,4 @@ { - // See https://go.microsoft.com/fwlink/?LinkId=733558 - // for the documentation about the tasks.json format "version": "2.0.0", "tasks": [ { diff --git a/wireguard_client/CHANGELOG.md b/wireguard_client/CHANGELOG.md index 81f971a..4dac694 100644 --- a/wireguard_client/CHANGELOG.md +++ b/wireguard_client/CHANGELOG.md @@ -1,3 +1,64 @@ +## What’s changed in Wireguard Client Add-on v0.2.0 +## 🚀 Enhancements + +- Migrate JSON config to YAML +- Upgrade add-on base image to 11.0.0 + +### ⬆️ Dependency updates + +- Upgrade wireguard-tools to 1.0.20210914-r0 + +## What’s changed in Wireguard Client Add-on v0.1.9 +### 💣 BREAKING CHANGES + +- new peers section in order to configure several peer connection (thanks to Stefan Berggren aka "nsg" https://github.com/nsg for suggest me this feature and give me some hints with his PR) + +```yaml +interface: + private_key: test_key + address: 10.6.0.2 + dns: + - 8.8.8.8 + - 8.8.4.4 + post_up: iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE + post_down: iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE +peer: + public_key: test_key + pre_shared_key: test_key + endpoint: xxxxxxxxxxxxxxx.duckdns.org:51820 + allowed_ips: + - 10.6.0.0/24 + persistent_keep_alive: 25 +``` + +should be re-configured in + +```yaml +interface: + private_key: test_key + address: 10.6.0.2 + dns: + - 8.8.8.8 + - 8.8.4.4 + post_up: iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE + post_down: iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE +peers: + - public_key: test_key + pre_shared_key: test_key + endpoint: xxxxxxxxxxxxxxx.duckdns.org:51820 + allowed_ips: + - 10.6.0.0/24 + persistent_keep_alive: '25' + - public_key: test_key + pre_shared_key: test_key + endpoint: yyyyyyyyyyyyyyy.duckdns.org:51820 + allowed_ips: + - 10.6.0.1/24 + persistent_keep_alive: '26' +``` + + - `dns`,`post_up`,`post_down` have become optional params + ## What’s changed in Wireguard Client Add-on v0.1.8 ### 🛠 Fixs diff --git a/wireguard_client/DOCS.md b/wireguard_client/DOCS.md index 44c0ed4..f9e70d7 100644 --- a/wireguard_client/DOCS.md +++ b/wireguard_client/DOCS.md @@ -56,13 +56,13 @@ interface: - 8.8.4.4 post_up: iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE post_down: iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE -peer: - public_key: your-public-key - pre_shared_key: your-preshared-key - endpoint: 'xxxxxxxxxxxxxxx.duckdns.org:51820' - allowed_ips: - - 10.6.0.0/24 - persistent_keep_alive: 25 +peers: + - public_key: your-public-key + pre_shared_key: your-preshared-key + endpoint: 'xxxxxxxxxxxxxxx.duckdns.org:51820' + allowed_ips: + - 10.6.0.0/24 + persistent_keep_alive: 25 ``` 1. Save the configuration. diff --git a/wireguard_client/Dockerfile b/wireguard_client/Dockerfile index 66ee3b9..45e7063 100755 --- a/wireguard_client/Dockerfile +++ b/wireguard_client/Dockerfile @@ -1,4 +1,4 @@ -ARG BUILD_FROM=ghcr.io/hassio-addons/base/amd64:10.2.2 +ARG BUILD_FROM=ghcr.io/hassio-addons/base/amd64:11.0.0 # hadolint ignore=DL3006 FROM ${BUILD_FROM} @@ -10,7 +10,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN \ apk add --no-cache \ openresolv=3.12.0-r0 \ - wireguard-tools=1.0.20210424-r0 + wireguard-tools=1.0.20210914-r0 # Copy root filesystem COPY rootfs / diff --git a/wireguard_client/build.yaml b/wireguard_client/build.yaml index ccb5afb..ee6005d 100644 --- a/wireguard_client/build.yaml +++ b/wireguard_client/build.yaml @@ -1,7 +1,7 @@ --- build_from: - aarch64: ghcr.io/hassio-addons/base/aarch64:10.2.2 - amd64: ghcr.io/hassio-addons/base/amd64:10.2.2 - armhf: ghcr.io/hassio-addons/base/armhf:10.2.2 - armv7: ghcr.io/hassio-addons/base/armv7:10.2.2 - i386: ghcr.io/hassio-addons/base/i386:10.2.2 \ No newline at end of file + aarch64: ghcr.io/hassio-addons/base/aarch64:11.0.0 + amd64: ghcr.io/hassio-addons/base/amd64:11.0.0 + armhf: ghcr.io/hassio-addons/base/armhf:11.0.0 + armv7: ghcr.io/hassio-addons/base/armv7:11.0.0 + i386: ghcr.io/hassio-addons/base/i386:11.0.0 \ No newline at end of file diff --git a/wireguard_client/config.yaml b/wireguard_client/config.yaml index d87ced4..12eec80 100644 --- a/wireguard_client/config.yaml +++ b/wireguard_client/config.yaml @@ -1,6 +1,6 @@ --- name: WireGuard Client -version: 0.1.9 +version: 0.2.0 slug: wireguard_client description: Fast, modern, secure Wireguard tunnel (client) url: https://github.com/bigmoby/addon-wireguard-client @@ -31,25 +31,26 @@ options: dns: [ 8.8.8.8, 8.8.4.4] post_up: "iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE" post_down: "iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE" - peer: - public_key: "" - pre_shared_key: "" - endpoint: "xxxxxx.duckdns.com:51820" - allowed_ips: [ "10.6.0.0/24" ] - persistent_keep_alive: "25" + peers: + - public_key: "" + pre_shared_key: "" + endpoint: "xxxxxx.duckdns.com:51820" + allowed_ips: [ "10.6.0.0/24" ] + persistent_keep_alive: "25" schema: log_level: list(trace|debug|info|notice|warning|error|fatal)? interface: private_key: password? address: str dns: - - str - post_up: str - post_down: str - peer: - public_key: str? - pre_shared_key: str? - endpoint: str - allowed_ips: - - str - persistent_keep_alive: int \ No newline at end of file + - str? + post_up: str? + post_down: str? + peers: + - public_key: str? + pre_shared_key: str? + endpoint: str + allowed_ips: + - str + persistent_keep_alive: int +image: "bigmoby/{arch}-addon-wireguard-client" \ No newline at end of file diff --git a/wireguard_client/rootfs/etc/cont-init.d/config.sh b/wireguard_client/rootfs/etc/cont-init.d/config.sh index fd7131b..307bf7c 100644 --- a/wireguard_client/rootfs/etc/cont-init.d/config.sh +++ b/wireguard_client/rootfs/etc/cont-init.d/config.sh @@ -50,17 +50,15 @@ else fi # Add all server DNS addresses to the configuration -listDns=() if bashio::config.has_value "interface.dns"; then + listDns=() # Use allowed IP's defined by the user. for address in $(bashio::config "interface.dns"); do listDns+=("${address}") done -else - bashio::exit.nok 'You need a dns configured' + dns=$(IFS=", "; echo "${listDns[*]}") + echo "DNS = ${dns}" >> "${config}" fi -dns=$(IFS=", "; echo "${listDns[*]}") -echo "DNS = ${dns}" >> "${config}" if [[ $(> "${config}" fi # Check if custom post_down value -if ! bashio::config.has_value 'interface.post_down'; then - bashio::exit.nok 'post_down command is required' -else +if bashio::config.has_value 'interface.post_down'; then post_down=$(bashio::config 'interface.post_down') echo "PostDown = ${post_down}" >> "${config}" fi @@ -97,67 +91,70 @@ if ! bashio::fs.directory_exists '/var/lib/wireguard'; then || bashio::exit.nok "Could not create status API storage folder" fi +if ! bashio::config.has_value 'peers'; then + bashio::exit.nok 'Missing required list: peers' +fi + ###################### # Peer configuration # ###################### -# Check if public key value and if true get the peer public key -peer_public_key="" -if ! bashio::config.has_value 'peer.public_key'; then - bashio::exit.nok 'You need a public_key configured for the peer' -else - peer_public_key=$(bashio::config 'peer.public_key') -fi - -# Check if pre_shared key value and if true get the peer pre_shared key -pre_shared_key="" -if bashio::config.has_value 'peer.pre_shared_key'; then - pre_shared_key=$(bashio::config 'peer.pre_shared_key') -fi - -# Check if endpoint value and if true get the peer endpoint -endpoint="" -if ! bashio::config.has_value 'peer.endpoint'; then - bashio::exit.nok 'You need a endpoint configured for the peer' -else - endpoint=$(bashio::config 'peer.endpoint') -fi - -# Check if persistent_keep_alive value and if true get the peer persistent_keep_alive -keep_alive="" -if ! bashio::config.has_value 'peer.persistent_keep_alive'; then - bashio::exit.nok 'You need a persistent_keep_alive configured for the peer' -else - keep_alive=$(bashio::config 'peer.persistent_keep_alive') -fi +# Fetch all the peers +for peer in $(bashio::config 'peers|keys'); do + + # Check if public key value and if true get the peer public key + peer_public_key=$(bashio::config "peers[${peer}].public_key") + + # Check if pre_shared key value and if true get the peer pre_shared key + pre_shared_key="" + if bashio::config.has_value "peers[${peer}].pre_shared_key"; then + pre_shared_key=$(bashio::config "peers[${peer}].pre_shared_key") + fi -# Determine allowed IPs for server side config, by default use -# peer defined addresses. -list=() -if bashio::config.has_value "peer.allowed_ips"; then - # Use allowed IP's defined by the user. - for address in $(bashio::config "peer.allowed_ips"); do - [[ "${address}" == *"/"* ]] || address="${address}/32" - list+=("${address}") - done -else - bashio::exit.nok 'You need a allowed_ips configured for the peer' -fi + # Check if endpoint value and if true get the peer endpoint + endpoint="" + if ! bashio::config.has_value "peers[${peer}].endpoint"; then + bashio::exit.nok 'You need a endpoint configured for the peer' + else + endpoint=$(bashio::config "peers[${peer}].endpoint") + fi -allowed_ips=$(IFS=", "; echo "${list[*]}") + # Check if persistent_keep_alive value and if true get the peer persistent_keep_alive + keep_alive="" + if ! bashio::config.has_value "peers[${peer}].persistent_keep_alive"; then + bashio::exit.nok 'You need a persistent_keep_alive configured for the peer' + else + keep_alive=$(bashio::config "peers[${peer}].persistent_keep_alive") + fi -# Start writing peer information in client config -{ - echo "" - echo "[Peer]" - echo "PublicKey = ${peer_public_key}" - if [ ! $pre_shared_key == "" ] - then - echo "PreSharedKey = ${pre_shared_key}" + # Determine allowed IPs for server side config, by default use + # peer defined addresses. + list=() + if bashio::config.has_value "peers[${peer}].allowed_ips"; then + # Use allowed IP's defined by the user. + for address in $(bashio::config "peers[${peer}].allowed_ips"); do + [[ "${address}" == *"/"* ]] || address="${address}/32" + list+=("${address}") + done + else + bashio::exit.nok 'You need a allowed_ips configured for the peer' fi - echo "Endpoint = ${endpoint}" - echo "AllowedIPs = ${allowed_ips}" - echo "PersistentKeepalive = ${keep_alive}" - echo "" -} >> "${config}" + + allowed_ips=$(IFS=", "; echo "${list[*]}") + + # Start writing peer information in client config + { + echo "" + echo "[Peer]" + echo "PublicKey = ${peer_public_key}" + if [ ! $pre_shared_key == "" ] + then + echo "PreSharedKey = ${pre_shared_key}" + fi + echo "Endpoint = ${endpoint}" + echo "AllowedIPs = ${allowed_ips}" + echo "PersistentKeepalive = ${keep_alive}" + echo "" + } >> "${config}" +done bashio::log.info "Ended to write Wireguard configuration into: [${config}]" \ No newline at end of file