From 364c93b9feed02b7f5330bc2f758f06707874e3e Mon Sep 17 00:00:00 2001 From: Goetz Epperlein Date: Sat, 16 Mar 2024 16:37:20 +0100 Subject: [PATCH] feat: Enable headless installation without interaction --- README.md | 33 +++++++++++++++++++ wireguard-install.sh | 75 +++++++++++++++++++++++++++++++++++--------- 2 files changed, 93 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index a8fe265..7fb688e 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,39 @@ It will install WireGuard (kernel module and tools) on the server, configure it, Run the script again to add or remove clients! +## Headless installation + +It's also possible to run the script headless, e.g. without waiting for user input, in an automated way. + +Example usage: + +```bash +APPROVE_INSTALL=y ./wireguard-install.sh + +# or + +export APPROVE_INSTALL=y +./wireguard-install.sh +``` + +This will set a default set of variables, bypassing any user input. + +If you want to customise your installation, you can use variables, as shown below: + +``` +export APPROVE_INSTALL=y +export SERVER_PUB_IP="54.14.1.48" +export SERVER_PORT=64567 +export CLIENT_NAME=client +``` + +If the server is behind NAT, you can specify its endpoint with the `SERVER_PUB_IP` variable. If the endpoint is the public IP address which it is behind, you can use `SERVER_PUB_IP=$(curl -s https://api.ipify.org)` (the script defaults to this). The endpoint can be an IP or a domain. + +The headless installation involves adding a new user. Adding `CLIENT_NAME=foo` will change the name of the new user to `foo` instead of the default. + +Other variables can be set as required on your choice (`SERVER_NIC`). You can find them in the `installQuestions()` function of the script. + + ## Providers I recommend these cheap cloud providers for your VPN server: diff --git a/wireguard-install.sh b/wireguard-install.sh index 2f95ecb..ce73a07 100644 --- a/wireguard-install.sh +++ b/wireguard-install.sh @@ -110,29 +110,38 @@ function installQuestions() { echo "" # Detect public IPv4 or IPv6 address and pre-fill for the user - SERVER_PUB_IP=$(ip -4 addr | sed -ne 's|^.* inet \([^/]*\)/.* scope global.*$|\1|p' | awk '{print $1}' | head -1) + SERVER_PUB_IP=${SERVER_PUB_IP:-$(ip -4 addr | sed -ne 's|^.* inet \([^/]*\)/.* scope global.*$|\1|p' | awk '{print $1}' | head -1)} if [[ -z ${SERVER_PUB_IP} ]]; then # Detect public IPv6 address SERVER_PUB_IP=$(ip -6 addr | sed -ne 's|^.* inet6 \([^/]*\)/.* scope global.*$|\1|p' | head -1) fi - read -rp "IPv4 or IPv6 public address: " -e -i "${SERVER_PUB_IP}" SERVER_PUB_IP + + APPROVE_IP=${APPROVE_IP:-n} + if [[ ${APPROVE_IP} =~ n ]]; then + read -rp "IPv4 or IPv6 public address: " -e -i "${SERVER_PUB_IP}" SERVER_PUB_IP + fi # Detect public interface and pre-fill for the user - SERVER_NIC="$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)" - until [[ ${SERVER_PUB_NIC} =~ ^[a-zA-Z0-9_]+$ ]]; do - read -rp "Public interface: " -e -i "${SERVER_NIC}" SERVER_PUB_NIC - done + SERVER_NIC="${SERVER_NIC:-$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)}" + APPROVE_NIC=${APPROVE_NIC:-n} + if [[ ${APPROVE_IP} =~ n ]]; then + until [[ ${SERVER_PUB_NIC} =~ ^[a-zA-Z0-9_]+$ || ${APPROVE_NIC} =~ n ]]; do + read -rp "Public interface: " -e -i "${SERVER_NIC}" SERVER_PUB_NIC + done + else + SERVER_PUB_NIC="${SERVER_NIC}" + fi until [[ ${SERVER_WG_NIC} =~ ^[a-zA-Z0-9_]+$ && ${#SERVER_WG_NIC} -lt 16 ]]; do - read -rp "WireGuard interface name: " -e -i wg0 SERVER_WG_NIC + read -rp "WireGuard interface name: " -e -i "${SERVER_WG_NIC_DEFAULT}" SERVER_WG_NIC done until [[ ${SERVER_WG_IPV4} =~ ^([0-9]{1,3}\.){3} ]]; do - read -rp "Server WireGuard IPv4: " -e -i 10.66.66.1 SERVER_WG_IPV4 + read -rp "Server WireGuard IPv4: " -e -i "${SERVER_WG_IPV4_DEFAULT}" SERVER_WG_IPV4 done until [[ ${SERVER_WG_IPV6} =~ ^([a-f0-9]{1,4}:){3,4}: ]]; do - read -rp "Server WireGuard IPv6: " -e -i fd42:42:42::1 SERVER_WG_IPV6 + read -rp "Server WireGuard IPv6: " -e -i "${SERVER_WG_IPV6_DEFAULT}" SERVER_WG_IPV6 done # Generate random number within private ports range @@ -143,10 +152,10 @@ function installQuestions() { # Adguard DNS by default until [[ ${CLIENT_DNS_1} =~ ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ ]]; do - read -rp "First DNS resolver to use for the clients: " -e -i 1.1.1.1 CLIENT_DNS_1 + read -rp "First DNS resolver to use for the clients: " -e -i "${CLIENT_DNS_1_DEFAULT}" CLIENT_DNS_1 done until [[ ${CLIENT_DNS_2} =~ ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ ]]; do - read -rp "Second DNS resolver to use for the clients (optional): " -e -i 1.0.0.1 CLIENT_DNS_2 + read -rp "Second DNS resolver to use for the clients (optional): " -e -i "${CLIENT_DNS_2_DEFAULT}" CLIENT_DNS_2 if [[ ${CLIENT_DNS_2} == "" ]]; then CLIENT_DNS_2="${CLIENT_DNS_1}" fi @@ -156,17 +165,44 @@ function installQuestions() { echo -e "\nWireGuard uses a parameter called AllowedIPs to determine what is routed over the VPN." read -rp "Allowed IPs list for generated clients (leave default to route everything): " -e -i '0.0.0.0/0,::/0' ALLOWED_IPS if [[ ${ALLOWED_IPS} == "" ]]; then - ALLOWED_IPS="0.0.0.0/0,::/0" + ALLOWED_IPS="${ALLOWED_IPS_DEFAULTS}" fi done echo "" echo "Okay, that was all I needed. We are ready to setup your WireGuard server now." echo "You will be able to generate a client at the end of the installation." - read -n1 -r -p "Press any key to continue..." + APPROVE_INSTALL=${APPROVE_INSTALL:-n} + if [[ $APPROVE_INSTALL =~ n ]]; then + read -n1 -r -p "Press any key to continue..." + fi } function installWireGuard() { + SERVER_WG_NIC_DEFAULT="wg0" + SERVER_WG_IPV4_DEFAULT="10.66.66.1" + SERVER_WG_IPV6_DEFAULT="fd42:42:42::1" + CLIENT_DNS_1_DEFAULT="1.1.1.1" + CLIENT_DNS_2_DEFAULT="1.0.0.1" + ALLOWED_IPS_DEFAULTS="0.0.0.0/0,::/0" + + if [[ ${APPROVE_INSTALL} == "y" ]]; then + # Set default choices so that no questions will be asked. + APPROVE_IP=${APPROVE_IP:-y} + APPROVE_NIC=${APPROVE_NIC:-y} + SERVER_WG_NIC=${SERVER_WG_NIC:-$SERVER_WG_NIC_DEFAULT} + SERVER_WG_IPV4=${SERVER_WG_IPV4:-$SERVER_WG_IPV4_DEFAULT} + SERVER_WG_IPV6=${SERVER_WG_IPV6:-$SERVER_WG_IPV6_DEFAULT} + SERVER_PORT=${SERVER_PORT:-$(shuf -i49152-65535 -n1)} + CLIENT_DNS_1=${CLIENT_DNS_1:-$CLIENT_DNS_1_DEFAULT} + CLIENT_DNS_2=${CLIENT_DNS_2:-$CLIENT_DNS_2_DEFAULT} + CLIENT_NAME=${CLIENT_NAME:-client} + ALLOWED_IPS=${ALLOWED_IPS:-$ALLOWED_IPS_DEFAULTS} + + # Behind NAT, we'll default to the publicly reachable IPv4. + SERVER_PUB_IP=${SERVER_PUB_IP:-$(curl -s https://api.ipify.org)} + fi + # Run setup questions first installQuestions @@ -295,6 +331,7 @@ function newClient() { echo "" echo "The client name must consist of alphanumeric character(s). It may also include underscores or dashes and can't exceed 15 chars." + CLIENT_EXISTS=$(grep -c -E "^### Client ${CLIENT_NAME}\$" "/etc/wireguard/${SERVER_WG_NIC}.conf") until [[ ${CLIENT_NAME} =~ ^[a-zA-Z0-9_-]+$ && ${CLIENT_EXISTS} == '0' && ${#CLIENT_NAME} -lt 16 ]]; do read -rp "Client name: " -e CLIENT_NAME CLIENT_EXISTS=$(grep -c -E "^### Client ${CLIENT_NAME}\$" "/etc/wireguard/${SERVER_WG_NIC}.conf") @@ -321,7 +358,11 @@ function newClient() { BASE_IP=$(echo "$SERVER_WG_IPV4" | awk -F '.' '{ print $1"."$2"."$3 }') until [[ ${IPV4_EXISTS} == '0' ]]; do - read -rp "Client WireGuard IPv4: ${BASE_IP}." -e -i "${DOT_IP}" DOT_IP + + if [[ $APPROVE_INSTALL =~ n ]]; then + read -rp "Client WireGuard IPv4: ${BASE_IP}." -e -i "${DOT_IP}" DOT_IP + fi + CLIENT_WG_IPV4="${BASE_IP}.${DOT_IP}" IPV4_EXISTS=$(grep -c "$CLIENT_WG_IPV4/32" "/etc/wireguard/${SERVER_WG_NIC}.conf") @@ -334,7 +375,11 @@ function newClient() { BASE_IP=$(echo "$SERVER_WG_IPV6" | awk -F '::' '{ print $1 }') until [[ ${IPV6_EXISTS} == '0' ]]; do - read -rp "Client WireGuard IPv6: ${BASE_IP}::" -e -i "${DOT_IP}" DOT_IP + + if [[ $APPROVE_INSTALL =~ n ]]; then + read -rp "Client WireGuard IPv6: ${BASE_IP}::" -e -i "${DOT_IP}" DOT_IP + fi + CLIENT_WG_IPV6="${BASE_IP}::${DOT_IP}" IPV6_EXISTS=$(grep -c "${CLIENT_WG_IPV6}/128" "/etc/wireguard/${SERVER_WG_NIC}.conf")