#!/bin/sh # 2020-12-11, Nico Schottelius if [ $# -ne 3 ]; then echo "$0 your-dot-cdist viwib-id public-key" echo " your-dot-cdist: path to YOUR ungleich-dot-cdist repo" echo " viwib-id: number in decimal format" echo " wireguard public key" exit 1 fi set -x dot_cdist=$1; shift id=$1; shift public_key=$1; shift hex_id=$(printf "%0.2x\n" "$id") viwib_hostname=viwib${id} prefix_base=2a0a:e5c1:6 my_prefix=${prefix_base}${hex_id} my_network=${my_prefix}::/48 my_wireguard_ip=${my_prefix}::42 my_lan_ip=${my_prefix}:cafe::42 my_wifi_ip=${my_prefix}:7ea::42 vpn_endpoint_host=vpn-2a0ae5c1600.ungleich.ch # cdist dot_cdist_files=${dot_cdist}/type/__ungleich_wireguard/files peerfilename=${vpn_endpoint_host}.peer${hex_id} peerfile=${dot_cdist_files}/${peerfilename} vpnconfig=${dot_cdist_files}/${vpn_endpoint_host} # Configure VPN server / update cdist echo Updating VPNserver cat < ${peerfile} # ${viwib_hostname}, $(date +%F) [Peer] PublicKey = ${public_key} AllowedIPs = ${my_network} EOF # Generate real config cat ${dot_cdist_files}/${vpn_endpoint_host}.* > ${vpnconfig} cd ${dot_cdist_files} git add ${vpn_endpoint_host} ${peerfilename} git commit -m "[vpn] Updated config for peer ${viwib_hostname} ${my_network}" git pull git push cdist config -v -j8 ${vpn_endpoint_host} -c ${dot_cdist} # Test that the VPN connection is established # Might take longer due to reboot sleep 10 i=0 while [ $i -lt 10 ]; do ping -c1 ${my_wireguard_ip} && break i=$((i+1)) done i=0 while [ $i -lt 10 ]; do ping -c1 ${my_lan_ip} && break i=$((i+1)) done i=0 while [ $i -lt 10 ]; do ping -c1 ${my_wifi_ip} && break i=$((i+1)) done