Merge claude/1
This commit is contained in:
commit
574146c75e
@ -16,9 +16,9 @@ traefikSetupLoginCredentials()
|
||||
# Setup BasicAuth credentials
|
||||
local login_credentials=$(htpasswd -Bbn "$CFG_TRAEFIK_USER" "$CFG_TRAEFIK_PASS")
|
||||
|
||||
local result=$(sudo sed -i '/#protection credentials/d' "$protectionauth_file")
|
||||
local result=$(runFileOp sed -i '/#protection credentials/d' "$protectionauth_file")
|
||||
checkSuccess "Delete the line containing protection credentials"
|
||||
local result=$(sudo sed -i "/users:/a\\ - '$login_credentials' #protection credentials" "$protectionauth_file")
|
||||
local result=$(runFileOp sed -i "/users:/a\\ - '$login_credentials' #protection credentials" "$protectionauth_file")
|
||||
checkSuccess "Add the new line with new protection credentials"
|
||||
fi
|
||||
}
|
||||
@ -72,7 +72,7 @@ tagsProcessorPortRouterBlocks()
|
||||
done
|
||||
|
||||
local tmp="${file}.routers.$$"
|
||||
sudo awk -v active="$active" '
|
||||
runFileOp awk -v active="$active" '
|
||||
BEGIN { off = 0 }
|
||||
/#[[:space:]]*TRAEFIK_PORT_[0-9]+_BEGIN/ {
|
||||
match($0, /TRAEFIK_PORT_[0-9]+/); key = substr($0, RSTART, RLENGTH)
|
||||
@ -91,6 +91,6 @@ tagsProcessorPortRouterBlocks()
|
||||
}
|
||||
print
|
||||
}
|
||||
' "$file" | sudo tee "$tmp" >/dev/null
|
||||
sudo mv "$tmp" "$file"
|
||||
' "$file" | runFileWrite "$tmp" >/dev/null
|
||||
runFileOp mv "$tmp" "$file"
|
||||
}
|
||||
|
||||
@ -22,7 +22,7 @@ traefikUpdateWhitelist()
|
||||
YAML_CONTENT+="\n - \"$CFG_NETWORK_SUBNET\""
|
||||
|
||||
# Now update the YAML file with the new content using sudo
|
||||
echo -e "$YAML_CONTENT" | sudo tee "$whitelist_file" > /dev/null
|
||||
echo -e "$YAML_CONTENT" | runFileWrite "$whitelist_file" > /dev/null
|
||||
isSuccessful "Traefik has been updated with the latest whitelist IPs."
|
||||
fi
|
||||
}
|
||||
|
||||
@ -6,5 +6,5 @@ wireguardListClients()
|
||||
|
||||
wireguardCheckClients;
|
||||
|
||||
sudo grep -E "^### Client" "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf" | cut -d ' ' -f 3 | nl -s ') '
|
||||
runSystem grep -E "^### Client" "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf" | cut -d ' ' -f 3 | nl -s ') '
|
||||
}
|
||||
|
||||
@ -8,7 +8,7 @@ wireguardRevokeClient()
|
||||
|
||||
echo ""
|
||||
echo "Select the existing client you want to revoke"
|
||||
sudo grep -E "^### Client" "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf" | cut -d ' ' -f 3 | nl -s ') '
|
||||
runSystem grep -E "^### Client" "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf" | cut -d ' ' -f 3 | nl -s ') '
|
||||
until [[ ${WIREGUARD_CLIENT_NUMBER} -ge 1 && ${WIREGUARD_CLIENT_NUMBER} -le ${WIREGUARD_NUMBER_OF_CLIENTS} ]]; do
|
||||
if [[ ${WIREGUARD_CLIENT_NUMBER} == '1' ]]; then
|
||||
read -rp "Select one client [1]: " WIREGUARD_CLIENT_NUMBER
|
||||
@ -18,12 +18,12 @@ wireguardRevokeClient()
|
||||
done
|
||||
|
||||
# match the selected number to a client name
|
||||
local WIREGUARD_CLIENT_NAME=$(sudo grep -E "^### Client" "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf" | cut -d ' ' -f 3 | sed -n "${WIREGUARD_CLIENT_NUMBER}"p)
|
||||
local WIREGUARD_CLIENT_NAME=$(runSystem grep -E "^### Client" "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf" | cut -d ' ' -f 3 | sed -n "${WIREGUARD_CLIENT_NUMBER}"p)
|
||||
|
||||
result=$(sudo sed -i "/^### Client ${WIREGUARD_CLIENT_NAME}\$/,/^$/d" "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf")
|
||||
result=$(runSystem sed -i "/^### Client ${WIREGUARD_CLIENT_NAME}\$/,/^$/d" "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf")
|
||||
checkSuccess "Removed [Peer] block matching $WIREGUARD_CLIENT_NAME"
|
||||
|
||||
result=$(sudo rm -f "${CFG_WG_HOME_DIR}/${CFG_WG_SERVER_NIC}-client-${WIREGUARD_CLIENT_NAME}.conf")
|
||||
result=$(runSystem rm -f "${CFG_WG_HOME_DIR}/${CFG_WG_SERVER_NIC}-client-${WIREGUARD_CLIENT_NAME}.conf")
|
||||
checkSuccess "Removed generated client file for $WIREGUARD_CLIENT_NAME"
|
||||
|
||||
result=$(runSystem wg syncconf "${CFG_WG_SERVER_NIC}" <(runSystem wg-quick strip "${CFG_WG_SERVER_NIC}"))
|
||||
|
||||
@ -40,11 +40,11 @@ installStandaloneWireGuard()
|
||||
|
||||
# Check if the directory exists; if not, create it
|
||||
if [ ! -d "/etc/wireguard" ]; then
|
||||
result=$(sudo mkdir /etc/wireguard)
|
||||
result=$(runSystem mkdir /etc/wireguard)
|
||||
checkSuccess "Created the WireGuard folder"
|
||||
fi
|
||||
|
||||
result=$(sudo chmod 600 -R /etc/wireguard/)
|
||||
result=$(runSystem chmod 600 -R /etc/wireguard/)
|
||||
checkSuccess "Updated permissions for /etc/wireguard"
|
||||
|
||||
local SERVER_PRIV_KEY=$(wg genkey)
|
||||
@ -60,16 +60,16 @@ SERVER_PRIV_KEY=${SERVER_PRIV_KEY}
|
||||
SERVER_PUB_KEY=${SERVER_PUB_KEY}
|
||||
CLIENT_DNS_1=${CFG_DNS_SERVER_1}
|
||||
CLIENT_DNS_2=${CFG_DNS_SERVER_2}
|
||||
ALLOWED_IPS=${CFG_WG_ALLOWED_IPS}" | sudo tee /etc/wireguard/params >/dev/null
|
||||
ALLOWED_IPS=${CFG_WG_ALLOWED_IPS}" | runSystem tee /etc/wireguard/params >/dev/null
|
||||
|
||||
result=$(sudo chmod 644 /etc/wireguard/params)
|
||||
result=$(runSystem chmod 644 /etc/wireguard/params)
|
||||
checkSuccess "Updating permissions for /etc/wireguard/params"
|
||||
|
||||
# Add server interface
|
||||
echo "[Interface]
|
||||
Address = ${CFG_WG_SERVER_IPV4}/32
|
||||
ListenPort = ${CFG_WG_SERVER_PORT}
|
||||
PrivateKey = ${SERVER_PRIV_KEY}" | sudo tee "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf" >/dev/null
|
||||
PrivateKey = ${SERVER_PRIV_KEY}" | runSystem tee "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf" >/dev/null
|
||||
|
||||
echo "PostUp = iptables -I INPUT -p udp --dport ${CFG_WG_SERVER_PORT} -j ACCEPT
|
||||
PostUp = iptables -I FORWARD -i ${server_nic} -o ${CFG_WG_SERVER_NIC} -j ACCEPT
|
||||
@ -78,21 +78,21 @@ PostUp = iptables -t nat -A POSTROUTING -o ${server_nic} -j MASQUERADE
|
||||
PostDown = iptables -D INPUT -p udp --dport ${CFG_WG_SERVER_PORT} -j ACCEPT
|
||||
PostDown = iptables -D FORWARD -i ${server_nic} -o ${CFG_WG_SERVER_NIC} -j ACCEPT
|
||||
PostDown = iptables -D FORWARD -i ${CFG_WG_SERVER_NIC} -j ACCEPT
|
||||
PostDown = iptables -t nat -D POSTROUTING -o ${server_nic} -j MASQUERADE" | sudo tee -a "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf" >/dev/null
|
||||
PostDown = iptables -t nat -D POSTROUTING -o ${server_nic} -j MASQUERADE" | runSystem tee -a "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf" >/dev/null
|
||||
|
||||
result=$(sudo chmod 644 /etc/wireguard/${CFG_WG_SERVER_NIC}.conf)
|
||||
result=$(runSystem chmod 644 /etc/wireguard/${CFG_WG_SERVER_NIC}.conf)
|
||||
checkSuccess "Updating permissions for /etc/wireguard/${CFG_WG_SERVER_NIC}.conf"
|
||||
|
||||
result=$(sudo sed -i '/^net.ipv4.ip_forward/d' /etc/sysctl.conf)
|
||||
result=$(runSystem sed -i '/^net.ipv4.ip_forward/d' /etc/sysctl.conf)
|
||||
checkSuccess "Removing all instances of net.ipv4.ip_forward from sysctl.conf"
|
||||
|
||||
local result=$(echo '# WIREGUARD START' | sudo tee -a "$sysctl" > /dev/null)
|
||||
local result=$(echo '# WIREGUARD START' | runSystem tee -a "$sysctl" > /dev/null)
|
||||
checkSuccess "Adding wireguard header to sysctl"
|
||||
|
||||
result=$(echo "net.ipv4.ip_forward = 1" | sudo tee -a $sysctl)
|
||||
result=$(echo "net.ipv4.ip_forward = 1" | runSystem tee -a $sysctl)
|
||||
checkSuccess "Add the configuration for IPv4 IP forwarding"
|
||||
|
||||
local result=$(echo '# WIREGUARD END' | sudo tee -a "$sysctl" > /dev/null)
|
||||
local result=$(echo '# WIREGUARD END' | runSystem tee -a "$sysctl" > /dev/null)
|
||||
checkSuccess "Adding wireguard header to sysctl"
|
||||
|
||||
result=$(runSystem systemctl start "wg-quick@${CFG_WG_SERVER_NIC}")
|
||||
@ -145,7 +145,7 @@ wireguardNewClient()
|
||||
else
|
||||
read -rp "Client name: " -e WIREGUARD_CLIENT_NAME
|
||||
fi
|
||||
local WIREGUARD_CLIENT_EXISTS=$(sudo grep -c -E "^### Client ${WIREGUARD_CLIENT_NAME}\$" "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf")
|
||||
local WIREGUARD_CLIENT_EXISTS=$(runSystem grep -c -E "^### Client ${WIREGUARD_CLIENT_NAME}\$" "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf")
|
||||
|
||||
if [[ ${WIREGUARD_CLIENT_EXISTS} != 0 ]]; then
|
||||
echo ""
|
||||
@ -155,7 +155,7 @@ wireguardNewClient()
|
||||
done
|
||||
|
||||
for WIREGUARD_DOT_IP in {2..254}; do
|
||||
local WIREGUARD_DOT_EXISTS=$(sudo grep -c "${CFG_WG_SERVER_IPV4::-1}${WIREGUARD_DOT_IP}" "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf")
|
||||
local WIREGUARD_DOT_EXISTS=$(runSystem grep -c "${CFG_WG_SERVER_IPV4::-1}${WIREGUARD_DOT_IP}" "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf")
|
||||
if [[ ${WIREGUARD_DOT_EXISTS} == '0' ]]; then
|
||||
break
|
||||
fi
|
||||
@ -186,14 +186,14 @@ DNS = ${CFG_DNS_SERVER_1},${CFG_DNS_SERVER_2}
|
||||
PublicKey = ${SERVER_PUB_KEY}
|
||||
PresharedKey = ${WIREGUARD_CLIENT_PRE_SHARED_KEY}
|
||||
Endpoint = ${WIREGUARD_ENDPOINT}
|
||||
AllowedIPs = ${CFG_WG_ALLOWED_IPS}" | sudo tee "${CFG_WG_HOME_DIR}/${CFG_WG_SERVER_NIC}-client-${WIREGUARD_CLIENT_NAME}.conf" >/dev/null
|
||||
AllowedIPs = ${CFG_WG_ALLOWED_IPS}" | runSystem tee "${CFG_WG_HOME_DIR}/${CFG_WG_SERVER_NIC}-client-${WIREGUARD_CLIENT_NAME}.conf" >/dev/null
|
||||
|
||||
# Add the client as a peer to the server
|
||||
echo -e "\n### Client ${WIREGUARD_CLIENT_NAME}
|
||||
[Peer]
|
||||
PublicKey = ${WIREGUARD_CLIENT_PUB_KEY}
|
||||
PresharedKey = ${WIREGUARD_CLIENT_PRE_SHARED_KEY}
|
||||
AllowedIPs = ${CFG_WG_ALLOWED_IPS}" | sudo tee -a "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf" >/dev/null
|
||||
AllowedIPs = ${CFG_WG_ALLOWED_IPS}" | runSystem tee -a "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf" >/dev/null
|
||||
|
||||
#result=$(runSystem wg syncconf ${CFG_WG_SERVER_NIC} /etc/wireguard/${CFG_WG_SERVER_NIC}.conf)
|
||||
#checkSuccess "Syncing config file for $CFG_WG_SERVER_NIC"
|
||||
@ -206,7 +206,7 @@ AllowedIPs = ${CFG_WG_ALLOWED_IPS}" | sudo tee -a "/etc/wireguard/${CFG_WG_SERVE
|
||||
# Generate QR code if qrencode is installed
|
||||
if command -v qrencode &>/dev/null; then
|
||||
isNotice "Here is your client config file as a QR Code:"
|
||||
sudo qrencode -t ansiutf8 -l L <"${CFG_WG_HOME_DIR}/${CFG_WG_SERVER_NIC}-client-${WIREGUARD_CLIENT_NAME}.conf"
|
||||
runSystem qrencode -t ansiutf8 -l L <"${CFG_WG_HOME_DIR}/${CFG_WG_SERVER_NIC}-client-${WIREGUARD_CLIENT_NAME}.conf"
|
||||
echo ""
|
||||
fi
|
||||
|
||||
@ -219,7 +219,7 @@ wireguardListClients()
|
||||
|
||||
wireguardCheckClients;
|
||||
|
||||
sudo grep -E "^### Client" "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf" | cut -d ' ' -f 3 | nl -s ') '
|
||||
runSystem grep -E "^### Client" "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf" | cut -d ' ' -f 3 | nl -s ') '
|
||||
}
|
||||
|
||||
wireguardRevokeClient()
|
||||
@ -230,7 +230,7 @@ wireguardRevokeClient()
|
||||
|
||||
echo ""
|
||||
echo "Select the existing client you want to revoke"
|
||||
sudo grep -E "^### Client" "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf" | cut -d ' ' -f 3 | nl -s ') '
|
||||
runSystem grep -E "^### Client" "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf" | cut -d ' ' -f 3 | nl -s ') '
|
||||
until [[ ${WIREGUARD_CLIENT_NUMBER} -ge 1 && ${WIREGUARD_CLIENT_NUMBER} -le ${WIREGUARD_NUMBER_OF_CLIENTS} ]]; do
|
||||
if [[ ${WIREGUARD_CLIENT_NUMBER} == '1' ]]; then
|
||||
read -rp "Select one client [1]: " WIREGUARD_CLIENT_NUMBER
|
||||
@ -240,12 +240,12 @@ wireguardRevokeClient()
|
||||
done
|
||||
|
||||
# match the selected number to a client name
|
||||
local WIREGUARD_CLIENT_NAME=$(sudo grep -E "^### Client" "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf" | cut -d ' ' -f 3 | sed -n "${WIREGUARD_CLIENT_NUMBER}"p)
|
||||
local WIREGUARD_CLIENT_NAME=$(runSystem grep -E "^### Client" "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf" | cut -d ' ' -f 3 | sed -n "${WIREGUARD_CLIENT_NUMBER}"p)
|
||||
|
||||
result=$(sudo sed -i "/^### Client ${WIREGUARD_CLIENT_NAME}\$/,/^$/d" "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf")
|
||||
result=$(runSystem sed -i "/^### Client ${WIREGUARD_CLIENT_NAME}\$/,/^$/d" "/etc/wireguard/${CFG_WG_SERVER_NIC}.conf")
|
||||
checkSuccess "Removed [Peer] block matching $WIREGUARD_CLIENT_NAME"
|
||||
|
||||
result=$(sudo rm -f "${CFG_WG_HOME_DIR}/${CFG_WG_SERVER_NIC}-client-${WIREGUARD_CLIENT_NAME}.conf")
|
||||
result=$(runSystem rm -f "${CFG_WG_HOME_DIR}/${CFG_WG_SERVER_NIC}-client-${WIREGUARD_CLIENT_NAME}.conf")
|
||||
checkSuccess "Removed generated client file for $WIREGUARD_CLIENT_NAME"
|
||||
|
||||
result=$(runSystem wg syncconf "${CFG_WG_SERVER_NIC}" <(runSystem wg-quick strip "${CFG_WG_SERVER_NIC}"))
|
||||
@ -285,9 +285,9 @@ wireguardUninstall()
|
||||
checkSuccess "Removed wireguard wireguard-tools qrencode"
|
||||
fi
|
||||
|
||||
result=$(sudo rm -rf /etc/wireguard)
|
||||
result=$(runSystem rm -rf /etc/wireguard)
|
||||
checkSuccess "Deleted /etc/wireguard folder."
|
||||
result=$(sudo rm -f /etc/sysctl.d/wg.conf)
|
||||
result=$(runSystem rm -f /etc/sysctl.d/wg.conf)
|
||||
checkSuccess "Delete /etc/sysctl.d/wg.conf file."
|
||||
|
||||
result=$(runSystem sysctl --system)
|
||||
|
||||
@ -22,9 +22,9 @@ wireguardUninstall()
|
||||
checkSuccess "Removed wireguard wireguard-tools qrencode"
|
||||
fi
|
||||
|
||||
result=$(sudo rm -rf /etc/wireguard)
|
||||
result=$(runSystem rm -rf /etc/wireguard)
|
||||
checkSuccess "Deleted /etc/wireguard folder."
|
||||
result=$(sudo rm -f /etc/sysctl.d/wg.conf)
|
||||
result=$(runSystem rm -f /etc/sysctl.d/wg.conf)
|
||||
checkSuccess "Delete /etc/sysctl.d/wg.conf file."
|
||||
|
||||
result=$(runSystem sysctl --system)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user