From 79c1f5ddeb2f758e5dc699daf8fa30b2cfcb12a9 Mon Sep 17 00:00:00 2001 From: Thomas Walker Lynch Date: Sun, 14 Sep 2025 09:52:44 -0700 Subject: [PATCH] includes the server side wg scripts --- .../source/{wg => network-client}/.gitignore | 0 .../{wg => network-client}/db/.gitignore | 0 .../db_bind_user_to_iface.py | 0 .../{wg => network-client}/db_checks.py | 0 .../db_init_StanleyPark.py | 0 .../{wg => network-client}/db_init_iface.py | 0 .../db_init_iface_US.py | 0 .../db_init_iface_x6.py | 0 .../db_init_ip_iface_addr_assign.py | 0 .../db_init_ip_table_registration.py | 0 .../db_init_route_defaults.py | 0 .../db_init_server_US.py | 0 .../db_init_server_incommon.py | 0 .../db_init_server_x6.py | 0 .../{wg => network-client}/db_schema.sql | 0 .../{wg => network-client}/db_schema_load.sh | 0 .../source/{wg => network-client}/db_wipe.py | 0 .../deploy_StanleyPark.py | 0 .../deprecated/.gitignore | 0 .../doc_IP_terminaology.org | 0 .../doc_StanleyPark.org | 0 .../{wg => network-client}/doc_config.org | 0 .../{wg => network-client}/doc_keys.org | 0 .../doc_stage_progs.org | 0 .../{wg => network-client}/iface_down.py | 0 .../{wg => network-client}/iface_status.py | 0 .../source/{wg => network-client}/iface_up.sh | 0 .../source/{wg => network-client}/incommon.py | 0 .../source/{wg => network-client}/inspect.sh | 0 .../{wg => network-client}/inspect_1.py | 0 .../inspect_client_public_key.py | 0 .../install_staged_tree.py | 0 .../{wg => network-client}/key/.gitignore | 0 .../key_client_generate.py | 0 .../{wg => network-client}/key_server_set.py | 0 .../source/{wg => network-client}/ls_iface.py | 0 .../source/{wg => network-client}/ls_key.py | 0 .../{wg => network-client}/ls_server.py | 0 .../ls_server_setting.py | 0 .../{wg => network-client}/ls_servers.sh | 0 .../source/{wg => network-client}/ls_user.py | 0 .../manual_reference.org | 0 .../{wg => network-client}/manual_user.org | 0 .../mothball/stage/.gitignore | 0 .../mothball/stage_IP_routes_script.py | 0 .../mothball/stage_IP_rules_script.py | 0 .../mothball/stage_StanleyPark.py | 0 .../mothball/stage_UID_routes.py | 0 .../mothball/stage_list_clients.py | 0 .../mothball/stage_list_uid.py | 0 .../mothball/stage_populate.py | 0 .../mothball/stage_preferred_server.py | 0 .../mothball/stage_wg_conf.py | 0 .../mothball/stage_wg_unit_IP_scripts.py | 0 .../mothball/stage_wipe.py | 0 .../scratchpad/.gitignore | 0 .../{wg => network-client}/stage/.gitignore | 0 .../stage_IP_apply_script.py | 0 .../stage_StanleyPark.py | 0 .../{wg => network-client}/stage_client.py | 0 .../{wg => network-client}/stage_wg_conf.py | 0 .../{wg => network-client}/stage_wipe.py | 0 .../{wg => network-client}/start_iface.py | 0 .../stop_clean_iface.py | 0 .../source/{wg => network-client}/todo.org | 0 .../wg_keys_incommon.py | 0 .../source/network-server/set_client_key.sh | 44 +++++++ developer/source/network-server/setup.sh | 113 ++++++++++++++++++ .../source/wg/stage/etc/wireguard/US.conf | 10 -- .../source/wg/stage/etc/wireguard/x6.conf | 10 -- .../wg/stage/usr/local/bin/apply_ip_state.sh | 93 -------------- 71 files changed, 157 insertions(+), 113 deletions(-) rename developer/source/{wg => network-client}/.gitignore (100%) rename developer/source/{wg => network-client}/db/.gitignore (100%) rename developer/source/{wg => network-client}/db_bind_user_to_iface.py (100%) rename developer/source/{wg => network-client}/db_checks.py (100%) rename developer/source/{wg => network-client}/db_init_StanleyPark.py (100%) rename developer/source/{wg => network-client}/db_init_iface.py (100%) rename developer/source/{wg => network-client}/db_init_iface_US.py (100%) rename developer/source/{wg => network-client}/db_init_iface_x6.py (100%) rename developer/source/{wg => network-client}/db_init_ip_iface_addr_assign.py (100%) rename developer/source/{wg => network-client}/db_init_ip_table_registration.py (100%) rename developer/source/{wg => network-client}/db_init_route_defaults.py (100%) rename developer/source/{wg => network-client}/db_init_server_US.py (100%) rename developer/source/{wg => network-client}/db_init_server_incommon.py (100%) rename developer/source/{wg => network-client}/db_init_server_x6.py (100%) rename developer/source/{wg => network-client}/db_schema.sql (100%) rename developer/source/{wg => network-client}/db_schema_load.sh (100%) rename developer/source/{wg => network-client}/db_wipe.py (100%) rename developer/source/{wg => network-client}/deploy_StanleyPark.py (100%) rename developer/source/{wg => network-client}/deprecated/.gitignore (100%) rename developer/source/{wg => network-client}/doc_IP_terminaology.org (100%) rename developer/source/{wg => network-client}/doc_StanleyPark.org (100%) rename developer/source/{wg => network-client}/doc_config.org (100%) rename developer/source/{wg => network-client}/doc_keys.org (100%) rename developer/source/{wg => network-client}/doc_stage_progs.org (100%) rename developer/source/{wg => network-client}/iface_down.py (100%) rename developer/source/{wg => network-client}/iface_status.py (100%) rename developer/source/{wg => network-client}/iface_up.sh (100%) rename developer/source/{wg => network-client}/incommon.py (100%) rename developer/source/{wg => network-client}/inspect.sh (100%) rename developer/source/{wg => network-client}/inspect_1.py (100%) rename developer/source/{wg => network-client}/inspect_client_public_key.py (100%) rename developer/source/{wg => network-client}/install_staged_tree.py (100%) rename developer/source/{wg => network-client}/key/.gitignore (100%) rename developer/source/{wg => network-client}/key_client_generate.py (100%) rename developer/source/{wg => network-client}/key_server_set.py (100%) rename developer/source/{wg => network-client}/ls_iface.py (100%) rename developer/source/{wg => network-client}/ls_key.py (100%) rename developer/source/{wg => network-client}/ls_server.py (100%) rename developer/source/{wg => network-client}/ls_server_setting.py (100%) rename developer/source/{wg => network-client}/ls_servers.sh (100%) rename developer/source/{wg => network-client}/ls_user.py (100%) rename developer/source/{wg => network-client}/manual_reference.org (100%) rename developer/source/{wg => network-client}/manual_user.org (100%) rename developer/source/{wg => network-client}/mothball/stage/.gitignore (100%) rename developer/source/{wg => network-client}/mothball/stage_IP_routes_script.py (100%) rename developer/source/{wg => network-client}/mothball/stage_IP_rules_script.py (100%) rename developer/source/{wg => network-client}/mothball/stage_StanleyPark.py (100%) rename developer/source/{wg => network-client}/mothball/stage_UID_routes.py (100%) rename developer/source/{wg => network-client}/mothball/stage_list_clients.py (100%) rename developer/source/{wg => network-client}/mothball/stage_list_uid.py (100%) rename developer/source/{wg => network-client}/mothball/stage_populate.py (100%) rename developer/source/{wg => network-client}/mothball/stage_preferred_server.py (100%) rename developer/source/{wg => network-client}/mothball/stage_wg_conf.py (100%) rename developer/source/{wg => network-client}/mothball/stage_wg_unit_IP_scripts.py (100%) rename developer/source/{wg => network-client}/mothball/stage_wipe.py (100%) rename developer/source/{wg => network-client}/scratchpad/.gitignore (100%) rename developer/source/{wg => network-client}/stage/.gitignore (100%) rename developer/source/{wg => network-client}/stage_IP_apply_script.py (100%) rename developer/source/{wg => network-client}/stage_StanleyPark.py (100%) rename developer/source/{wg => network-client}/stage_client.py (100%) rename developer/source/{wg => network-client}/stage_wg_conf.py (100%) rename developer/source/{wg => network-client}/stage_wipe.py (100%) rename developer/source/{wg => network-client}/start_iface.py (100%) rename developer/source/{wg => network-client}/stop_clean_iface.py (100%) rename developer/source/{wg => network-client}/todo.org (100%) rename developer/source/{wg => network-client}/wg_keys_incommon.py (100%) create mode 100755 developer/source/network-server/set_client_key.sh create mode 100755 developer/source/network-server/setup.sh delete mode 100644 developer/source/wg/stage/etc/wireguard/US.conf delete mode 100644 developer/source/wg/stage/etc/wireguard/x6.conf delete mode 100755 developer/source/wg/stage/usr/local/bin/apply_ip_state.sh diff --git a/developer/source/wg/.gitignore b/developer/source/network-client/.gitignore similarity index 100% rename from developer/source/wg/.gitignore rename to developer/source/network-client/.gitignore diff --git a/developer/source/wg/db/.gitignore b/developer/source/network-client/db/.gitignore similarity index 100% rename from developer/source/wg/db/.gitignore rename to developer/source/network-client/db/.gitignore diff --git a/developer/source/wg/db_bind_user_to_iface.py b/developer/source/network-client/db_bind_user_to_iface.py similarity index 100% rename from developer/source/wg/db_bind_user_to_iface.py rename to developer/source/network-client/db_bind_user_to_iface.py diff --git a/developer/source/wg/db_checks.py b/developer/source/network-client/db_checks.py similarity index 100% rename from developer/source/wg/db_checks.py rename to developer/source/network-client/db_checks.py diff --git a/developer/source/wg/db_init_StanleyPark.py b/developer/source/network-client/db_init_StanleyPark.py similarity index 100% rename from developer/source/wg/db_init_StanleyPark.py rename to developer/source/network-client/db_init_StanleyPark.py diff --git a/developer/source/wg/db_init_iface.py b/developer/source/network-client/db_init_iface.py similarity index 100% rename from developer/source/wg/db_init_iface.py rename to developer/source/network-client/db_init_iface.py diff --git a/developer/source/wg/db_init_iface_US.py b/developer/source/network-client/db_init_iface_US.py similarity index 100% rename from developer/source/wg/db_init_iface_US.py rename to developer/source/network-client/db_init_iface_US.py diff --git a/developer/source/wg/db_init_iface_x6.py b/developer/source/network-client/db_init_iface_x6.py similarity index 100% rename from developer/source/wg/db_init_iface_x6.py rename to developer/source/network-client/db_init_iface_x6.py diff --git a/developer/source/wg/db_init_ip_iface_addr_assign.py b/developer/source/network-client/db_init_ip_iface_addr_assign.py similarity index 100% rename from developer/source/wg/db_init_ip_iface_addr_assign.py rename to developer/source/network-client/db_init_ip_iface_addr_assign.py diff --git a/developer/source/wg/db_init_ip_table_registration.py b/developer/source/network-client/db_init_ip_table_registration.py similarity index 100% rename from developer/source/wg/db_init_ip_table_registration.py rename to developer/source/network-client/db_init_ip_table_registration.py diff --git a/developer/source/wg/db_init_route_defaults.py b/developer/source/network-client/db_init_route_defaults.py similarity index 100% rename from developer/source/wg/db_init_route_defaults.py rename to developer/source/network-client/db_init_route_defaults.py diff --git a/developer/source/wg/db_init_server_US.py b/developer/source/network-client/db_init_server_US.py similarity index 100% rename from developer/source/wg/db_init_server_US.py rename to developer/source/network-client/db_init_server_US.py diff --git a/developer/source/wg/db_init_server_incommon.py b/developer/source/network-client/db_init_server_incommon.py similarity index 100% rename from developer/source/wg/db_init_server_incommon.py rename to developer/source/network-client/db_init_server_incommon.py diff --git a/developer/source/wg/db_init_server_x6.py b/developer/source/network-client/db_init_server_x6.py similarity index 100% rename from developer/source/wg/db_init_server_x6.py rename to developer/source/network-client/db_init_server_x6.py diff --git a/developer/source/wg/db_schema.sql b/developer/source/network-client/db_schema.sql similarity index 100% rename from developer/source/wg/db_schema.sql rename to developer/source/network-client/db_schema.sql diff --git a/developer/source/wg/db_schema_load.sh b/developer/source/network-client/db_schema_load.sh similarity index 100% rename from developer/source/wg/db_schema_load.sh rename to developer/source/network-client/db_schema_load.sh diff --git a/developer/source/wg/db_wipe.py b/developer/source/network-client/db_wipe.py similarity index 100% rename from developer/source/wg/db_wipe.py rename to developer/source/network-client/db_wipe.py diff --git a/developer/source/wg/deploy_StanleyPark.py b/developer/source/network-client/deploy_StanleyPark.py similarity index 100% rename from developer/source/wg/deploy_StanleyPark.py rename to developer/source/network-client/deploy_StanleyPark.py diff --git a/developer/source/wg/deprecated/.gitignore b/developer/source/network-client/deprecated/.gitignore similarity index 100% rename from developer/source/wg/deprecated/.gitignore rename to developer/source/network-client/deprecated/.gitignore diff --git a/developer/source/wg/doc_IP_terminaology.org b/developer/source/network-client/doc_IP_terminaology.org similarity index 100% rename from developer/source/wg/doc_IP_terminaology.org rename to developer/source/network-client/doc_IP_terminaology.org diff --git a/developer/source/wg/doc_StanleyPark.org b/developer/source/network-client/doc_StanleyPark.org similarity index 100% rename from developer/source/wg/doc_StanleyPark.org rename to developer/source/network-client/doc_StanleyPark.org diff --git a/developer/source/wg/doc_config.org b/developer/source/network-client/doc_config.org similarity index 100% rename from developer/source/wg/doc_config.org rename to developer/source/network-client/doc_config.org diff --git a/developer/source/wg/doc_keys.org b/developer/source/network-client/doc_keys.org similarity index 100% rename from developer/source/wg/doc_keys.org rename to developer/source/network-client/doc_keys.org diff --git a/developer/source/wg/doc_stage_progs.org b/developer/source/network-client/doc_stage_progs.org similarity index 100% rename from developer/source/wg/doc_stage_progs.org rename to developer/source/network-client/doc_stage_progs.org diff --git a/developer/source/wg/iface_down.py b/developer/source/network-client/iface_down.py similarity index 100% rename from developer/source/wg/iface_down.py rename to developer/source/network-client/iface_down.py diff --git a/developer/source/wg/iface_status.py b/developer/source/network-client/iface_status.py similarity index 100% rename from developer/source/wg/iface_status.py rename to developer/source/network-client/iface_status.py diff --git a/developer/source/wg/iface_up.sh b/developer/source/network-client/iface_up.sh similarity index 100% rename from developer/source/wg/iface_up.sh rename to developer/source/network-client/iface_up.sh diff --git a/developer/source/wg/incommon.py b/developer/source/network-client/incommon.py similarity index 100% rename from developer/source/wg/incommon.py rename to developer/source/network-client/incommon.py diff --git a/developer/source/wg/inspect.sh b/developer/source/network-client/inspect.sh similarity index 100% rename from developer/source/wg/inspect.sh rename to developer/source/network-client/inspect.sh diff --git a/developer/source/wg/inspect_1.py b/developer/source/network-client/inspect_1.py similarity index 100% rename from developer/source/wg/inspect_1.py rename to developer/source/network-client/inspect_1.py diff --git a/developer/source/wg/inspect_client_public_key.py b/developer/source/network-client/inspect_client_public_key.py similarity index 100% rename from developer/source/wg/inspect_client_public_key.py rename to developer/source/network-client/inspect_client_public_key.py diff --git a/developer/source/wg/install_staged_tree.py b/developer/source/network-client/install_staged_tree.py similarity index 100% rename from developer/source/wg/install_staged_tree.py rename to developer/source/network-client/install_staged_tree.py diff --git a/developer/source/wg/key/.gitignore b/developer/source/network-client/key/.gitignore similarity index 100% rename from developer/source/wg/key/.gitignore rename to developer/source/network-client/key/.gitignore diff --git a/developer/source/wg/key_client_generate.py b/developer/source/network-client/key_client_generate.py similarity index 100% rename from developer/source/wg/key_client_generate.py rename to developer/source/network-client/key_client_generate.py diff --git a/developer/source/wg/key_server_set.py b/developer/source/network-client/key_server_set.py similarity index 100% rename from developer/source/wg/key_server_set.py rename to developer/source/network-client/key_server_set.py diff --git a/developer/source/wg/ls_iface.py b/developer/source/network-client/ls_iface.py similarity index 100% rename from developer/source/wg/ls_iface.py rename to developer/source/network-client/ls_iface.py diff --git a/developer/source/wg/ls_key.py b/developer/source/network-client/ls_key.py similarity index 100% rename from developer/source/wg/ls_key.py rename to developer/source/network-client/ls_key.py diff --git a/developer/source/wg/ls_server.py b/developer/source/network-client/ls_server.py similarity index 100% rename from developer/source/wg/ls_server.py rename to developer/source/network-client/ls_server.py diff --git a/developer/source/wg/ls_server_setting.py b/developer/source/network-client/ls_server_setting.py similarity index 100% rename from developer/source/wg/ls_server_setting.py rename to developer/source/network-client/ls_server_setting.py diff --git a/developer/source/wg/ls_servers.sh b/developer/source/network-client/ls_servers.sh similarity index 100% rename from developer/source/wg/ls_servers.sh rename to developer/source/network-client/ls_servers.sh diff --git a/developer/source/wg/ls_user.py b/developer/source/network-client/ls_user.py similarity index 100% rename from developer/source/wg/ls_user.py rename to developer/source/network-client/ls_user.py diff --git a/developer/source/wg/manual_reference.org b/developer/source/network-client/manual_reference.org similarity index 100% rename from developer/source/wg/manual_reference.org rename to developer/source/network-client/manual_reference.org diff --git a/developer/source/wg/manual_user.org b/developer/source/network-client/manual_user.org similarity index 100% rename from developer/source/wg/manual_user.org rename to developer/source/network-client/manual_user.org diff --git a/developer/source/wg/mothball/stage/.gitignore b/developer/source/network-client/mothball/stage/.gitignore similarity index 100% rename from developer/source/wg/mothball/stage/.gitignore rename to developer/source/network-client/mothball/stage/.gitignore diff --git a/developer/source/wg/mothball/stage_IP_routes_script.py b/developer/source/network-client/mothball/stage_IP_routes_script.py similarity index 100% rename from developer/source/wg/mothball/stage_IP_routes_script.py rename to developer/source/network-client/mothball/stage_IP_routes_script.py diff --git a/developer/source/wg/mothball/stage_IP_rules_script.py b/developer/source/network-client/mothball/stage_IP_rules_script.py similarity index 100% rename from developer/source/wg/mothball/stage_IP_rules_script.py rename to developer/source/network-client/mothball/stage_IP_rules_script.py diff --git a/developer/source/wg/mothball/stage_StanleyPark.py b/developer/source/network-client/mothball/stage_StanleyPark.py similarity index 100% rename from developer/source/wg/mothball/stage_StanleyPark.py rename to developer/source/network-client/mothball/stage_StanleyPark.py diff --git a/developer/source/wg/mothball/stage_UID_routes.py b/developer/source/network-client/mothball/stage_UID_routes.py similarity index 100% rename from developer/source/wg/mothball/stage_UID_routes.py rename to developer/source/network-client/mothball/stage_UID_routes.py diff --git a/developer/source/wg/mothball/stage_list_clients.py b/developer/source/network-client/mothball/stage_list_clients.py similarity index 100% rename from developer/source/wg/mothball/stage_list_clients.py rename to developer/source/network-client/mothball/stage_list_clients.py diff --git a/developer/source/wg/mothball/stage_list_uid.py b/developer/source/network-client/mothball/stage_list_uid.py similarity index 100% rename from developer/source/wg/mothball/stage_list_uid.py rename to developer/source/network-client/mothball/stage_list_uid.py diff --git a/developer/source/wg/mothball/stage_populate.py b/developer/source/network-client/mothball/stage_populate.py similarity index 100% rename from developer/source/wg/mothball/stage_populate.py rename to developer/source/network-client/mothball/stage_populate.py diff --git a/developer/source/wg/mothball/stage_preferred_server.py b/developer/source/network-client/mothball/stage_preferred_server.py similarity index 100% rename from developer/source/wg/mothball/stage_preferred_server.py rename to developer/source/network-client/mothball/stage_preferred_server.py diff --git a/developer/source/wg/mothball/stage_wg_conf.py b/developer/source/network-client/mothball/stage_wg_conf.py similarity index 100% rename from developer/source/wg/mothball/stage_wg_conf.py rename to developer/source/network-client/mothball/stage_wg_conf.py diff --git a/developer/source/wg/mothball/stage_wg_unit_IP_scripts.py b/developer/source/network-client/mothball/stage_wg_unit_IP_scripts.py similarity index 100% rename from developer/source/wg/mothball/stage_wg_unit_IP_scripts.py rename to developer/source/network-client/mothball/stage_wg_unit_IP_scripts.py diff --git a/developer/source/wg/mothball/stage_wipe.py b/developer/source/network-client/mothball/stage_wipe.py similarity index 100% rename from developer/source/wg/mothball/stage_wipe.py rename to developer/source/network-client/mothball/stage_wipe.py diff --git a/developer/source/wg/scratchpad/.gitignore b/developer/source/network-client/scratchpad/.gitignore similarity index 100% rename from developer/source/wg/scratchpad/.gitignore rename to developer/source/network-client/scratchpad/.gitignore diff --git a/developer/source/wg/stage/.gitignore b/developer/source/network-client/stage/.gitignore similarity index 100% rename from developer/source/wg/stage/.gitignore rename to developer/source/network-client/stage/.gitignore diff --git a/developer/source/wg/stage_IP_apply_script.py b/developer/source/network-client/stage_IP_apply_script.py similarity index 100% rename from developer/source/wg/stage_IP_apply_script.py rename to developer/source/network-client/stage_IP_apply_script.py diff --git a/developer/source/wg/stage_StanleyPark.py b/developer/source/network-client/stage_StanleyPark.py similarity index 100% rename from developer/source/wg/stage_StanleyPark.py rename to developer/source/network-client/stage_StanleyPark.py diff --git a/developer/source/wg/stage_client.py b/developer/source/network-client/stage_client.py similarity index 100% rename from developer/source/wg/stage_client.py rename to developer/source/network-client/stage_client.py diff --git a/developer/source/wg/stage_wg_conf.py b/developer/source/network-client/stage_wg_conf.py similarity index 100% rename from developer/source/wg/stage_wg_conf.py rename to developer/source/network-client/stage_wg_conf.py diff --git a/developer/source/wg/stage_wipe.py b/developer/source/network-client/stage_wipe.py similarity index 100% rename from developer/source/wg/stage_wipe.py rename to developer/source/network-client/stage_wipe.py diff --git a/developer/source/wg/start_iface.py b/developer/source/network-client/start_iface.py similarity index 100% rename from developer/source/wg/start_iface.py rename to developer/source/network-client/start_iface.py diff --git a/developer/source/wg/stop_clean_iface.py b/developer/source/network-client/stop_clean_iface.py similarity index 100% rename from developer/source/wg/stop_clean_iface.py rename to developer/source/network-client/stop_clean_iface.py diff --git a/developer/source/wg/todo.org b/developer/source/network-client/todo.org similarity index 100% rename from developer/source/wg/todo.org rename to developer/source/network-client/todo.org diff --git a/developer/source/wg/wg_keys_incommon.py b/developer/source/network-client/wg_keys_incommon.py similarity index 100% rename from developer/source/wg/wg_keys_incommon.py rename to developer/source/network-client/wg_keys_incommon.py diff --git a/developer/source/network-server/set_client_key.sh b/developer/source/network-server/set_client_key.sh new file mode 100755 index 0000000..9e28f6b --- /dev/null +++ b/developer/source/network-server/set_client_key.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env bash +# set_client_key.sh — replace/set a client's public key on the server +# Usage: set_client_key.sh [allowed-ips=10.8.0.2/32] [iface=wg0] +# Example: set_client_key.sh 88gTdpESSwAc0iip6tVotc8/taZErY18n3lzrgAd+XY= 10.8.0.2/32 wg0 + +set -euo pipefail + +PUB="${1:-}" +ALLOWED="${2:-10.8.0.2/32}" +IFACE="${3:-wg0}" +CFG="/etc/wireguard/${IFACE}.conf" + +[[ $EUID -eq 0 ]] || { echo "❌ Must be run as root."; exit 1; } +command -v wg >/dev/null || { echo "❌ wg not found."; exit 1; } +command -v wg-quick >/dev/null || { echo "❌ wg-quick not found."; exit 1; } + +[[ -n "$PUB" ]] || { echo "Usage: $0 [allowed-ips] [iface]"; exit 2; } +# quick sanity on key length +kl=${#PUB}; [[ $kl -ge 43 && $kl -le 45 ]] || { echo "❌ Public key length looks wrong."; exit 2; } +[[ -f "$CFG" ]] || { echo "❌ Config not found: $CFG"; exit 1; } + +# Require the interface to be up (simplest, reliable path) +if ! wg show "$IFACE" >/dev/null 2>&1; then + echo "❌ Interface $IFACE is not up. Start it first: wg-quick up $IFACE" + echo " Or stop it and edit $CFG manually (replace the peer that has AllowedIPs = $ALLOWED)." + exit 1 +fi + +# Remove any existing peer that currently owns the same AllowedIPs (typical /32 per client) +while read -r oldkey oldips; do + if [[ "$oldips" == "$ALLOWED" ]]; then + echo "→ Removing existing peer $oldkey with AllowedIPs $ALLOWED" + wg set "$IFACE" peer "$oldkey" remove || true + fi +done < <(wg show "$IFACE" allowed-ips | awk '{print $1, $2}') + +# Add the new peer +wg set "$IFACE" peer "$PUB" allowed-ips "$ALLOWED" + +# Persist runtime state back to the config (works great even if SaveConfig=true) +wg-quick save "$IFACE" + +echo "✔ Updated $IFACE: set peer $PUB with AllowedIPs $ALLOWED and saved to $CFG" +wg show "$IFACE" diff --git a/developer/source/network-server/setup.sh b/developer/source/network-server/setup.sh new file mode 100755 index 0000000..eee81ce --- /dev/null +++ b/developer/source/network-server/setup.sh @@ -0,0 +1,113 @@ +#!/usr/bin/env bash +# 2025-09-05 +# Debian 12 Setup: WireGuard egress server + one client (safe/idempotent) +set -euo pipefail +umask 0077 +[[ $EUID -eq 0 ]] || { echo "❌ run as root"; exit 1; } +run(){ echo "+ $*"; eval "$@"; } + +WG_IF="wg0" +WG_PORT="${WG_PORT:-51820}" +WG_DIR="/etc/wireguard" +CLIENT_DIR="/root/wireguard" +CLIENT_NAME="${CLIENT_NAME:-client1}" + +SERVER_NET_V4="${SERVER_NET_V4:-10.8.0.0/24}" +SERVER_ADDR_V4="${SERVER_ADDR_V4:-10.8.0.1/24}" +CLIENT_ADDR_V4="${CLIENT_ADDR_V4:-10.8.0.2/32}" + +# --- Packages --- +need_pkgs=() +for p in wireguard qrencode iproute2; do command -v ${p%% *} >/dev/null 2>&1 || need_pkgs+=("$p"); done +if ((${#need_pkgs[@]})); then + DEBIAN_FRONTEND=noninteractive run apt-get update + run apt-get install -y "${need_pkgs[@]}" +fi + +install -d -m 0700 "$WG_DIR" "$CLIENT_DIR" + +# --- Detect WAN IF + public IPv4 --- +WAN_IF=$(ip -o -4 route show to default | awk '{print $5; exit}') +[[ -n "${WAN_IF:-}" ]] || { echo "❌ Could not detect WAN interface"; exit 1; } +SERVER_IPv4=$(ip -o -4 addr show dev "$WAN_IF" | awk '{print $4}' | cut -d/ -f1 | head -n1) +[[ -n "${SERVER_IPv4:-}" ]] || SERVER_IPv4="" + +# --- Keys (server) --- +if [[ ! -f "$WG_DIR/server.key" ]]; then + (umask 077; wg genkey | tee "$WG_DIR/server.key" | wg pubkey > "$WG_DIR/server.pub") + chmod 600 "$WG_DIR/server.key" +fi +SERVER_PRIV=$(cat "$WG_DIR/server.key") +SERVER_PUB=$(cat "$WG_DIR/server.pub") + +# --- Keys (client) --- +if [[ ! -f "$CLIENT_DIR/${CLIENT_NAME}.key" ]]; then + (umask 077; wg genkey | tee "$CLIENT_DIR/${CLIENT_NAME}.key" | wg pubkey > "$CLIENT_DIR/${CLIENT_NAME}.pub") + chmod 600 "$CLIENT_DIR/${CLIENT_NAME}.key" +fi +CLIENT_PRIV=$(cat "$CLIENT_DIR/${CLIENT_NAME}.key") +CLIENT_PUB=$(cat "$CLIENT_DIR/${CLIENT_NAME}.pub") + +# --- IPv4 forwarding --- +install -d -m 0755 /etc/sysctl.d +cat > /etc/sysctl.d/99-wireguard-forwarding.conf <<'EOF' +net.ipv4.ip_forward=1 +# net.ipv6.conf.all.forwarding=1 +EOF +sysctl --system >/dev/null + +# --- Write server config (backup if existing) --- +CFG="$WG_DIR/${WG_IF}.conf" +if [[ -f "$CFG" ]]; then + cp -a "$CFG" "$CFG.bak.$(date -u +%Y%m%dT%H%M%SZ)" +fi +cat > "$CFG" < "$CLIENT_CFG" </dev/null 2>&1 && ufw status | grep -q "Status: active"; then + ufw status | grep -q "^${WG_PORT}/udp" || ufw allow "${WG_PORT}/udp" || true +fi + +# --- Enable interface --- +run systemctl enable --now wg-quick@"$WG_IF" + +# --- Status + QR --- +echo +wg show "$WG_IF" || true +echo +echo "Client file: $CLIENT_CFG" +command -v qrencode >/dev/null 2>&1 && { echo "QR (WireGuard mobile import):"; qrencode -t ansiutf8 < "$CLIENT_CFG"; } +echo +echo "If Endpoint autodetection is wrong, edit it to your public IP or DNS." diff --git a/developer/source/wg/stage/etc/wireguard/US.conf b/developer/source/wg/stage/etc/wireguard/US.conf deleted file mode 100644 index f4a8673..0000000 --- a/developer/source/wg/stage/etc/wireguard/US.conf +++ /dev/null @@ -1,10 +0,0 @@ -[Interface] -PrivateKey = 0OUqldVHE0GSUM2XUw4o9kgc/OR6smcwED6Wk1HJgGQ= -Table = off -# ListenPort = 51820 - -[Peer] -PublicKey = h8ZYEEVMForvv9p5Wx+9+eZ87t692hTN7sks5Noedw8= -AllowedIPs = 0.0.0.0/0 -Endpoint = 35.194.71.194:443 -PersistentKeepalive = 25 diff --git a/developer/source/wg/stage/etc/wireguard/x6.conf b/developer/source/wg/stage/etc/wireguard/x6.conf deleted file mode 100644 index adb17bd..0000000 --- a/developer/source/wg/stage/etc/wireguard/x6.conf +++ /dev/null @@ -1,10 +0,0 @@ -[Interface] -PrivateKey = 0OUqldVHE0GSUM2XUw4o9kgc/OR6smcwED6Wk1HJgGQ= -Table = off -# ListenPort = 51820 - -[Peer] -PublicKey = pcbDlC1ZVoBYaN83/zAsvIvhgw0iQOL1YZKX5hcAqno= -AllowedIPs = 0.0.0.0/0 -Endpoint = 66.248.243.113:51820 -PersistentKeepalive = 25 diff --git a/developer/source/wg/stage/usr/local/bin/apply_ip_state.sh b/developer/source/wg/stage/usr/local/bin/apply_ip_state.sh deleted file mode 100755 index 705ea5d..0000000 --- a/developer/source/wg/stage/usr/local/bin/apply_ip_state.sh +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/env bash -# apply IP state for selected interfaces (addresses, routes, rules) — idempotent -set -euo pipefail - -ALL_ARGS=("$@") - -want_iface(){ - local t=$1 - if [ ${#ALL_ARGS[@]} -eq 0 ]; then return 0; fi - for a in "${ALL_ARGS[@]}"; do [ "$a" = "$t" ] && return 0; done - return 1 -} - -exists_iface(){ ip -o link show dev "$1" >/dev/null 2>&1; } - -# Reset address: delete the exact CIDR if present, then add it back. -reset_addr(){ - local iface=$1; local cidr=$2 - ip -4 addr del "$cidr" dev "$iface" >/dev/null 2>&1 || true - if ip -4 addr add "$cidr" dev "$iface"; then - logger "addr set: $iface $cidr" - else - logger "addr add failed (non-fatal): $iface $cidr" - fi -} - -# Ensure route using replace; log but do not fail the unit if kernel says 'exists'. -ensure_route(){ - local table=$1; local cidr=$2; local dev=$3; local via=${4:-}; local metric=${5:-} - if [ -n "$via" ] && [ -n "$metric" ]; then - if ip -4 route replace "$cidr" via "$via" dev "$dev" table "$table" metric "$metric" 2>/dev/null; then - logger "route ensure: table=$table cidr=$cidr dev=$dev via=$via metric=$metric" - else - logger "route ensure (tolerated failure): table=$table cidr=$cidr dev=$dev via=$via metric=$metric" - fi - elif [ -n "$via" ]; then - if ip -4 route replace "$cidr" via "$via" dev "$dev" table "$table" 2>/dev/null; then - logger "route ensure: table=$table cidr=$cidr dev=$dev via=$via" - else - logger "route ensure (tolerated failure): table=$table cidr=$cidr dev=$dev via=$via" - fi - elif [ -n "$metric" ]; then - if ip -4 route replace "$cidr" dev "$dev" table "$table" metric "$metric" 2>/dev/null; then - logger "route ensure: table=$table cidr=$cidr dev=$dev metric=$metric" - else - logger "route ensure (tolerated failure): table=$table cidr=$cidr dev=$dev metric=$metric" - fi - else - if ip -4 route replace "$cidr" dev "$dev" table "$table" 2>/dev/null; then - logger "route ensure: table=$table cidr=$cidr dev=$dev" - else - logger "route ensure (tolerated failure): table=$table cidr=$cidr dev=$dev" - fi - fi -} - -# Reset a policy rule by numeric preference: delete-by-pref, then add. -reset_IP_rule(){ - # Usage: reset_IP_rule - local pref=$1; shift - ip -4 rule del pref "$pref" >/dev/null 2>&1 || true - if ip -4 rule add "$@" pref "$pref"; then - logger "rule set: pref=$pref $*" - else - logger "rule add failed (non-fatal): pref=$pref $*" - fi -} - -if want_iface x6; then - if exists_iface x6; then reset_addr x6 10.8.0.2/32; else logger "skip: iface missing: x6"; fi -fi -if want_iface US; then - if exists_iface US; then reset_addr US 10.0.0.1/32; else logger "skip: iface missing: US"; fi -fi -if want_iface x6; then - if exists_iface x6; then ensure_route "x6" "0.0.0.0/0" "x6" "" ""; else logger "skip: iface missing: x6"; fi -fi -if want_iface US; then - if exists_iface US; then ensure_route "US" "0.0.0.0/0" "US" "" ""; else logger "skip: iface missing: US"; fi -fi -if want_iface x6; then - reset_IP_rule 17010 from "10.8.0.2/32" lookup "x6" -fi -if want_iface x6; then - reset_IP_rule 17011 uidrange "2018-2018" lookup "x6" -fi -if want_iface US; then - reset_IP_rule 17020 from "10.0.0.1/32" lookup "US" -fi -if want_iface US; then - reset_IP_rule 17021 uidrange "2017-2017" lookup "US" -fi -reset_IP_rule 18050 from "10.0.0.0/24" prohibit -- 2.20.1