++viirb

viirb-configure-vpnendpoint.sh

@@ -0,0 +1,52 @@
+#!/bin/sh
+# 2020-06-13, Nico Schottelius
+# See https://ungleich.ch/u/products/viirb-ipv6-box/
+
+if [ $# -ne 3 ]; then
+    echo "$0 viirb-id public-key your-dot-cdist [stages]"
+    echo "    viirb-id: number in decimal format"
+    echo "    wireguard public key"
+    echo "    your-dot-cdist: path to YOUR ungleich-dot-cdist repo"
+    exit 1
+fi
+
+set -x
+id=$1; shift
+public_key=$1; shift
+dot_cdist=$1; shift
+
+hex_id=$(printf "%0.2x\n" "$id")
+viirb_hostname=viirb${hex_id}
+
+prefix_base=2a0a:e5c1:3
+my_prefix=${prefix_base}${hex_id}
+my_network=${my_prefix}::/48
+
+vpn_endpoint_host=vpn-2a0ae5c1300.ungleich.ch
+
+# cdist
+dot_cdist_files=${dot_cdist}/type/__ungleich_wireguard/files
+peerfilename=${vpn_endpoint_host}.peer${hex_id}
+peerfile=${dot_cdist_files}/${peerfilename}
+vpnconfig=${dot_cdist_files}/${vpn_endpoint_host}
+
+
+# Configure VPN server / update cdist
+echo Updating VPNserver
+cat <<EOF > ${peerfile}
+# ${viirb_hostname}, $(date +%F)
+[Peer]
+PublicKey = ${public_key}
+AllowedIPs = ${my_network}
+
+EOF
+
+# Generate real config
+cat ${dot_cdist_files}/${vpn_endpoint_host}.* > ${vpnconfig}
+cd ${dot_cdist_files}
+git add ${vpn_endpoint_host} ${peerfilename}
+git commit -m "[vpn] Updated config for peer ${viirb_hostname} ${my_network}"
+git pull
+git push
+
+cdist config -vv -j8 ${vpn_endpoint_host} -c ${dot_cdist}