[viwib] phase in phase 3 (vpn config)
This commit is contained in:
parent
d82b18cdc2
commit
017d9613b4
2 changed files with 76 additions and 0 deletions
76
viwib-3-vpn.sh
Executable file
76
viwib-3-vpn.sh
Executable file
|
@ -0,0 +1,76 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# 2020-12-11, Nico Schottelius
|
||||||
|
|
||||||
|
if [ $# -ne 3 ]; then
|
||||||
|
echo "$0 your-dot-cdist viwib-id public-key"
|
||||||
|
echo " your-dot-cdist: path to YOUR ungleich-dot-cdist repo"
|
||||||
|
echo " viwib-id: number in decimal format"
|
||||||
|
echo " wireguard public key"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
set -x
|
||||||
|
dot_cdist=$1; shift
|
||||||
|
id=$1; shift
|
||||||
|
public_key=$1; shift
|
||||||
|
|
||||||
|
hex_id=$(printf "%0.2x\n" "$id")
|
||||||
|
viwib_hostname=viwib${id}
|
||||||
|
|
||||||
|
prefix_base=2a0a:e5c1:6
|
||||||
|
my_prefix=${prefix_base}${hex_id}
|
||||||
|
my_network=${my_prefix}::/48
|
||||||
|
my_wireguard_ip=${my_prefix}::42
|
||||||
|
my_lan_ip=${my_prefix}:cafe::42
|
||||||
|
my_wifi_ip=${my_prefix}:7ea::42
|
||||||
|
|
||||||
|
vpn_endpoint_host=vpn-2a0ae5c1600.ungleich.ch
|
||||||
|
|
||||||
|
# cdist
|
||||||
|
dot_cdist_files=${dot_cdist}/type/__ungleich_wireguard/files
|
||||||
|
peerfilename=${vpn_endpoint_host}.peer${hex_id}
|
||||||
|
peerfile=${dot_cdist_files}/${peerfilename}
|
||||||
|
vpnconfig=${dot_cdist_files}/${vpn_endpoint_host}
|
||||||
|
|
||||||
|
|
||||||
|
# Configure VPN server / update cdist
|
||||||
|
echo Updating VPNserver
|
||||||
|
cat <<EOF > ${peerfile}
|
||||||
|
# ${viwib_hostname}, $(date +%F)
|
||||||
|
[Peer]
|
||||||
|
PublicKey = ${public_key}
|
||||||
|
AllowedIPs = ${my_network}
|
||||||
|
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Generate real config
|
||||||
|
cat ${dot_cdist_files}/${vpn_endpoint_host}.* > ${vpnconfig}
|
||||||
|
cd ${dot_cdist_files}
|
||||||
|
git add ${vpn_endpoint_host} ${peerfilename}
|
||||||
|
git commit -m "[vpn] Updated config for peer ${viwib_hostname} ${my_network}"
|
||||||
|
git pull
|
||||||
|
git push
|
||||||
|
|
||||||
|
cdist config -v -j8 ${vpn_endpoint_host} -c ${dot_cdist}
|
||||||
|
|
||||||
|
# Test that the VPN connection is established
|
||||||
|
# Might take longer due to reboot
|
||||||
|
sleep 10
|
||||||
|
|
||||||
|
i=0
|
||||||
|
while [ $i -lt 10 ]; do
|
||||||
|
ping -c1 ${my_wireguard_ip} && break
|
||||||
|
i=$((i+1))
|
||||||
|
done
|
||||||
|
|
||||||
|
i=0
|
||||||
|
while [ $i -lt 10 ]; do
|
||||||
|
ping -c1 ${my_lan_ip} && break
|
||||||
|
i=$((i+1))
|
||||||
|
done
|
||||||
|
|
||||||
|
i=0
|
||||||
|
while [ $i -lt 10 ]; do
|
||||||
|
ping -c1 ${my_wifi_ip} && break
|
||||||
|
i=$((i+1))
|
||||||
|
done
|
Loading…
Reference in a new issue