Initial commit

templates/add_client.sh.j2

@@ -0,0 +1,43 @@
+# add_client <IP>
+IP=$1
+
+# If a client config file is already present, return
+if [[ -f /etc/wireguard/client/wg0.conf ]]
+then
+        echo "client/wg0.conf already exists. Please consider moving it to another place or deleting it"
+        return 1
+fi
+
+# generate client key pair
+private_key=$(wg genkey)
+public_key=$(echo $private_key | wg pubkey)
+
+# write updated server config to temp-file
+cp /etc/wireguard/wg0.conf /etc/wireguard/wg0-temp.conf
+echo "
+[Peer]
+PublicKey = $public_key
+AllowedIPs = $IP/32
+" >> /etc/wireguard/wg0-temp.conf
+
+# restart wireguard with updated conf
+wg-quick down wg0
+mv /etc/wireguard/wg0-temp.conf /etc/wireguard/wg0.conf
+wg-quick up wg0
+
+# generate client config file
+echo "[Interface]
+Address = $IP/24
+PrivateKey = $private_key
+MTU = 1280
+DNS = 192.168.2.1
+
+[Peer]
+PublicKey = UPnYF3sTTBUlyHz0gyEAL7c1+rFM7G4LOQ4oab2VqAg=
+AllowedIPs = 0.0.0.0/0
+Endpoint = wg.a-0.me:51900
+PersistentKeepalive = 30
+" > /etc/wireguard/client/wg0.conf
+
+# output client conf as QR-Code
+qrencode -r /etc/wireguard/client/wg0.conf -t ansiutf8

templates/genpair.sh.j2

@@ -0,0 +1 @@
+wg genkey | tee $1_private_key | wg pubkey > $1_public_key

templates/to_qr.sh.j2

@@ -0,0 +1 @@
+qrencode -r $1 -t ansiutf8

templates/wg0.conf.j2

@@ -0,0 +1,14 @@
+[Interface]
+Address = {{ wireguard_server_CIDR }}
+SaveConfig = true
+PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {{ wireguard_iface_name }} -j MASQUERADE
+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {{ wireguard_iface_name }} -j MASQUERADE
+ListenPort = 51900
+PrivateKey = {{ wireguard_server_privkey }}
+
+{% for client in wireguard_clients %}
+[Peer]
+PublicKey = {{ client.pubkey }}
+AllowedIPs = {{ client.ipv4 }}
+
+{% endfor %}