Marown/wireguard-install
1
0
Fork 0
mirror of https://github.com/hwdsl2/wireguard-install.git synced 2024-06-15 23:34:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Small style changes

Browse Source
This commit is contained in:
Nyr 2020-05-21 19:18:29 +02:00
parent a6426a138e
commit 962862c332
1 changed files with 59 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
wireguard-install.sh
View File

@ -6,7 +6,7 @@
# Discard stdin. Needed when running from an one-liner which includes a newline
read -N 999999999 -t 0.001
read -N 999999 -t 0.001
# Detect Debian users running the script with "sh" instead of bash
if readlink /proc/$$/exe | grep -q "dash"; then
@ -14,11 +14,6 @@ if readlink /proc/$$/exe | grep -q "dash"; then
exit
fi
if [[ "$EUID" -ne 0 ]]; then
echo "This installer needs to be run with superuser privileges."
exit
fi
# Detect OpenVZ 6
if [[ $(uname -r | cut -d "." -f 1) -eq 2 ]]; then
echo "The system is running an old kernel, which is incompatible with this installer."
@ -30,19 +25,15 @@ fi
if grep -qs "ubuntu" /etc/os-release; then
os="ubuntu"
os_version=$(grep 'VERSION_ID' /etc/os-release | cut -d '"' -f 2 | tr -d '.')
group_name="nogroup"
elif [[ -e /etc/debian_version ]]; then
os="debian"
os_version=$(grep -oE '[0-9]+' /etc/debian_version | head -1)
group_name="nogroup"
elif [[ -e /etc/centos-release ]]; then
os="centos"
os_version=$(grep -oE '[0-9]+' /etc/centos-release | head -1)
group_name="nobody"
elif [[ -e /etc/fedora-release ]]; then
os="fedora"
os_version=$(grep -oE '[0-9]+' /etc/fedora-release | head -1)
group_name="nobody"
else
echo "This installer seems to be running on an unsupported distribution.
Supported distributions are Ubuntu, Debian, CentOS, and Fedora."
@ -68,7 +59,7 @@ This version of CentOS is too old and unsupported."
fi
# Detect environments where $PATH does not include the sbin directories
if ! grep -q sbin <<< $PATH; then
if ! grep -q sbin <<< "$PATH"; then
echo '$PATH does not include sbin. Try using "su -" instead of "su".'
exit
fi
@ -82,6 +73,11 @@ Upgrade the kernel using "dnf upgrade kernel" and restart.'
exit
fi
if [[ "$EUID" -ne 0 ]]; then
echo "This installer needs to be run with superuser privileges."
exit
fi
if [[ "$is_container" -eq 0 ]]; then
if [ "$(uname -m)" != "x86_64" ]; then
echo "In containerized systems, this installer supports only the x86_64 architecture.
@ -145,12 +141,12 @@ new_client_setup () {
# available octet. Important to start looking at 2, because 1 is our gateway.
octet=2
while grep AllowedIPs /etc/wireguard/wg0.conf | cut -d "." -f 4 | cut -d "/" -f 1 | grep -q "$octet"; do
(( octet++ ))
(( octet++ ))
done
# Don't break the WireGuard configuration in case the address space is full
if [[ "$octet" -eq 255 ]]; then
echo "253 clients are already configured. The WireGuard internal subnet is full!"
exit
echo "253 clients are already configured. The WireGuard internal subnet is full!"
exit
fi
key=$(wg genkey)
psk=$(wg genpsk)
@ -206,8 +202,8 @@ if [[ ! -e /etc/wireguard/wg0.conf ]]; then
get_public_ip=$(grep -m 1 -oE '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$' <<< "$(wget -T 10 -t 1 -4qO- "http://ip1.dynupdate.no-ip.com/" || curl -m 10 -4Ls "http://ip1.dynupdate.no-ip.com/")")
read -p "Public IPv4 address / hostname [$get_public_ip]: " public_ip
# If the checkip service is unavailable and user didn't provide input, ask again
until [[ -n "$get_public_ip" || -n $public_ip ]]; do
echo "Invalid input."
until [[ -n "$get_public_ip" || -n "$public_ip" ]]; do
echo "Invalid input."
read -p "Public IPv4 address / hostname: " public_ip
done
[[ -z "$public_ip" ]] && public_ip="$get_public_ip"
@ -238,13 +234,21 @@ if [[ ! -e /etc/wireguard/wg0.conf ]]; then
read -p "Port [51820]: " port
done
[[ -z "$port" ]] && port="51820"
echo
echo "Enter a name for the first client:"
read -p "Name [client]: " unsanitized_client
# Allow a limited set of characters to avoid conflicts
client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<< "$unsanitized_client")
[[ -z "$client" ]] && client="client"
echo
new_client_dns
# Set up automatic updates for BoringTun if the user is fine with that
if [[ "$is_container" -eq 0 ]]; then
echo
echo "BoringTun will be installed to set up WireGuard in the system."
read -p "Should automatic updates be enabled for it? [Y/n]: " boringtun_updates
until [[ "$boringtun_updates" =~ ^[yYnN]*$ ]]; do
echo "$remove: invalid selection."
echo
echo "BoringTun will be installed to set up WireGuard in the system."
read -p "Should automatic updates be enabled for it? [Y/n]: " boringtun_updates
until [[ "$boringtun_updates" =~ ^[yYnN]*$ ]]; do
echo "$remove: invalid selection."
read -p "Should automatic updates be enabled for it? [Y/n]: " boringtun_updates
done
if [[ "$boringtun_updates" =~ ^[yY]*$ ]]; then
@ -256,15 +260,7 @@ if [[ ! -e /etc/wireguard/wg0.conf ]]; then
fi
fi
echo
echo "Enter a name for the first client:"
read -p "Name [client]: " unsanitized_client
# Allow a limited set of characters to avoid conflicts
client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<< "$unsanitized_client")
[[ -z "$client" ]] && client="client"
echo
new_client_dns
echo
echo "WireGuard installation is ready to begin now."
echo "WireGuard installation is ready to begin."
# Install a firewall in the rare case where one is not already available
if ! systemctl is-active --quiet firewalld.service && ! hash iptables 2>/dev/null; then
if [[ "$os" == "centos" || "$os" == "fedora" ]]; then
@ -312,7 +308,7 @@ fiJGS5WoFr1yr8b7oQxTrZlCeHk3r3FJIhv2dQ==
if [[ "$os" == "ubuntu" && "$os_version" -ge 2004 ]]; then
# Ubuntu 20.04 or higer
apt-get update
apt-get install -y wireguard qrencode $firewall
apt-get install -y wireguard qrencode "$firewall"
elif [[ "$os" == "ubuntu" && "$os_version" -eq 1804 ]]; then
# Ubuntu 18.04
# Repo is added manually so we don't depend on add-apt-repository.
@ -326,21 +322,21 @@ fiJGS5WoFr1yr8b7oQxTrZlCeHk3r3FJIhv2dQ==
apt-get update
# Try to install kernel headers for the running kernel and avoid a reboot. This
# can fail, so it's important to run separately from the other apt-get command.
apt-get install -y linux-headers-$(uname -r)
apt-get install -y linux-headers-"$(uname -r)"
# linux-headers-generic points to the latest headers. We install it because if
# the system has an outdated kernel, there is no guarantee that old headers were
# still downloadable and to provide suitable headers for future kernel updates.
apt-get install -y linux-headers-generic
apt-get install -y wireguard qrencode $firewall
apt-get install -y wireguard qrencode "$firewall"
elif [[ "$os" == "debian" && "$os_version" -eq 10 ]]; then
# Debian 10
if ! grep -qs '^deb .* buster-backports main' /etc/apt/sources.list /etc/apt/sources.list.d/*.list; then
echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list
echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list
fi
apt-get update
# Try to install kernel headers for the running kernel and avoid a reboot. This
# can fail, so it's important to run separately from the other apt-get command.
apt-get install -y linux-headers-$(uname -r)
apt-get install -y linux-headers-"$(uname -r)"
# There are cleaner ways to find out the $architecture, but we require an
# specific format for the package name and this approach provides what we need.
architecture=$(dpkg --get-selections 'linux-image-*-*' | cut -f 1 | grep -oE '[^-]*$' -m 1)
@ -349,21 +345,21 @@ fiJGS5WoFr1yr8b7oQxTrZlCeHk3r3FJIhv2dQ==
# headers were still downloadable and to provide suitable headers for future
# kernel updates.
apt-get install -y linux-headers-"$architecture"
apt-get install -y wireguard qrencode $firewall
apt-get install -y wireguard qrencode "$firewall"
elif [[ "$os" == "centos" && "$os_version" -eq 8 ]]; then
# CentOS 8
dnf install -y epel-release elrepo-release
dnf install -y kmod-wireguard wireguard-tools qrencode $firewall
dnf install -y kmod-wireguard wireguard-tools qrencode "$firewall"
mkdir -p /etc/wireguard/
elif [[ "$os" == "centos" && "$os_version" -eq 7 ]]; then
# CentOS 7
yum install -y epel-release https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
yum install -y yum-plugin-elrepo
yum install -y kmod-wireguard wireguard-tools qrencode $firewall
yum install -y kmod-wireguard wireguard-tools qrencode "$firewall"
mkdir -p /etc/wireguard/
elif [[ "$os" == "fedora" ]]; then
# Fedora
dnf install -y wireguard-tools qrencode $firewall
dnf install -y wireguard-tools qrencode "$firewall"
mkdir -p /etc/wireguard/
fi
# Else, we are inside a container and BoringTun needs to be used
@ -372,7 +368,7 @@ fiJGS5WoFr1yr8b7oQxTrZlCeHk3r3FJIhv2dQ==
if [[ "$os" == "ubuntu" && "$os_version" -ge 2004 ]]; then
# Ubuntu 20.04 or higer
apt-get update
apt-get install -y wireguard-tools qrencode ca-certificates $cron $firewall
apt-get install -y wireguard-tools qrencode ca-certificates "$cron" "$firewall"
elif [[ "$os" == "ubuntu" && "$os_version" -eq 1804 ]]; then
# Ubuntu 18.04
# Repo is added manually so we don't depend on add-apt-repository.
@ -384,29 +380,29 @@ fiJGS5WoFr1yr8b7oQxTrZlCeHk3r3FJIhv2dQ==
apt-key add - <<< "$ppa_key"
echo "deb http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" > /etc/apt/sources.list.d/wireguard-ubuntu-wireguard-bionic.list
apt-get update
apt-get install -y qrencode ca-certificates $cron $firewall
apt-get install -y wireguard-tools --no-install-recommends
apt-get install -y qrencode ca-certificates "$cron" "$firewall"
apt-get install -y wireguard-tools --no-install-recommends
elif [[ "$os" == "debian" && "$os_version" -eq 10 ]]; then
# Debian 10
if ! grep -qs '^deb .* buster-backports main' /etc/apt/sources.list /etc/apt/sources.list.d/*.list; then
echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list
echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list
fi
apt-get update
apt-get install -y qrencode ca-certificates $cron $firewall
apt-get install -y wireguard-tools --no-install-recommends
apt-get install -y qrencode ca-certificates "$cron" "$firewall"
apt-get install -y wireguard-tools --no-install-recommends
elif [[ "$os" == "centos" && "$os_version" -eq 8 ]]; then
# CentOS 8
dnf install -y epel-release
dnf install -y wireguard-tools qrencode ca-certificates tar $cron $firewall
dnf install -y wireguard-tools qrencode ca-certificates tar "$cron" "$firewall"
mkdir -p /etc/wireguard/
elif [[ "$os" == "centos" && "$os_version" -eq 7 ]]; then
# CentOS 7
yum install -y epel-release
yum install -y wireguard-tools qrencode ca-certificates tar $cron $firewall
yum install -y wireguard-tools qrencode ca-certificates tar "$cron" "$firewall"
mkdir -p /etc/wireguard/
elif [[ "$os" == "fedora" ]]; then
# Fedora
dnf install -y wireguard-tools qrencode ca-certificates tar $cron $firewall
dnf install -y wireguard-tools qrencode ca-certificates tar "$cron" "$firewall"
mkdir -p /etc/wireguard/
fi
# Grab the BoringTun binary using wget or curl and extract into the right place.
@ -470,7 +466,7 @@ EOF
ip6tables_path=$(command -v ip6tables)
# nf_tables is not available as standard in OVZ kernels. So use iptables-legacy
# if we are in OVZ, with a nf_tables backend and iptables-legacy is available.
if [[ $(systemd-detect-virt) == "openvz" ]] && readlink -f $(command -v iptables) | grep -q "nft" && hash iptables-legacy 2>/dev/null; then
if [[ $(systemd-detect-virt) == "openvz" ]] && readlink -f "$(command -v iptables)" | grep -q "nft" && hash iptables-legacy 2>/dev/null; then
iptables_path=$(command -v iptables-legacy)
ip6tables_path=$(command -v ip6tables-legacy)
fi
@ -544,17 +540,17 @@ EOF
# If the kernel module didn't load, system probably had an outdated kernel
# We'll try to help, but will not will not force a kernel upgrade upon the user
if [[ ! "$is_container" -eq 0 ]] && ! modprobe -nq wireguard; then
echo "Warning!"
echo "Installation was finished, but the WireGuard kernel module could not load."
if [[ "$os" == "ubuntu" && "$os_version" -eq 1804 ]]; then
echo 'Upgrade the kernel and headers with "apt-get install linux-generic" and restart.'
elif [[ "$os" == "debian" && "$os_version" -eq 10 ]]; then
echo "Upgrade the kernel with \"apt-get install linux-image-$architecture\" and restart."
elif [[ "$os" == "centos" && "$os_version" -le 8 ]]; then
echo "Warning!"
echo "Installation was finished, but the WireGuard kernel module could not load."
if [[ "$os" == "ubuntu" && "$os_version" -eq 1804 ]]; then
echo 'Upgrade the kernel and headers with "apt-get install linux-generic" and restart.'
elif [[ "$os" == "debian" && "$os_version" -eq 10 ]]; then
echo "Upgrade the kernel with \"apt-get install linux-image-$architecture\" and restart."
elif [[ "$os" == "centos" && "$os_version" -le 8 ]]; then
echo "Reboot the system to load the most recent kernel."
fi
fi
else
echo "Finished!"
echo "Finished!"
fi
echo
echo "The client configuration is available in:" ~/"$client.conf"
@ -564,8 +560,8 @@ else
echo "WireGuard is already installed."
echo
echo "Select an option:"
echo " 1) Add a new user"
echo " 2) Remove an existing user"
echo " 1) Add a new client"
echo " 2) Remove an existing client"
echo " 3) Remove WireGuard"
echo " 4) Exit"
read -p "Option: " option
@ -580,7 +576,7 @@ else
read -p "Name: " unsanitized_client
# Allow a limited set of characters to avoid conflicts
client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<< "$unsanitized_client")
while [[ -z "$client" || -n $(grep "^# BEGIN_PEER $client$" /etc/wireguard/wg0.conf) ]]; do
while [[ -z "$client" ]] || grep -q "^# BEGIN_PEER $client$" /etc/wireguard/wg0.conf; do
echo "$client: invalid name."
read -p "Name: " unsanitized_client
client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<< "$unsanitized_client")
@ -624,7 +620,7 @@ else
if [[ "$remove" =~ ^[yY]$ ]]; then
# The following is the right way to avoid disrupting other active connections:
# Remove from the live interface
wg set wg0 peer $(sed -n "/^# BEGIN_PEER $client$/,\$p" /etc/wireguard/wg0.conf | grep -m 1 PublicKey | cut -d " " -f 3) remove
wg set wg0 peer "$(sed -n "/^# BEGIN_PEER $client$/,\$p" /etc/wireguard/wg0.conf | grep -m 1 PublicKey | cut -d " " -f 3)" remove
# Remove from the configuration file
sed -i "/^# BEGIN_PEER $client/,/^# END_PEER $client/d" /etc/wireguard/wg0.conf
echo
@ -725,7 +721,7 @@ else
rm -rf /etc/wireguard/
dnf remove -y wireguard-tools
fi
rm -f /usr/local/sbin/boringtun /usr/local/sbin/boringtun-upgrade
rm -f /usr/local/sbin/boringtun /usr/local/sbin/boringtun-upgrade
fi
echo
echo "WireGuard removed!"