style: Adjust formatting to shfmt

This commit is contained in:
Goetz Epperlein 2024-03-16 16:50:27 +01:00
parent 364c93b9fe
commit a01b3cf4dc

View File

@ -9,121 +9,121 @@ GREEN='\033[0;32m'
NC='\033[0m' NC='\033[0m'
function isRoot() { function isRoot() {
if [ "${EUID}" -ne 0 ]; then if [ "${EUID}" -ne 0 ]; then
echo "You need to run this script as root" echo "You need to run this script as root"
exit 1 exit 1
fi fi
} }
function checkVirt() { function checkVirt() {
if [ "$(systemd-detect-virt)" == "openvz" ]; then if [ "$(systemd-detect-virt)" == "openvz" ]; then
echo "OpenVZ is not supported" echo "OpenVZ is not supported"
exit 1 exit 1
fi fi
if [ "$(systemd-detect-virt)" == "lxc" ]; then if [ "$(systemd-detect-virt)" == "lxc" ]; then
echo "LXC is not supported (yet)." echo "LXC is not supported (yet)."
echo "WireGuard can technically run in an LXC container," echo "WireGuard can technically run in an LXC container,"
echo "but the kernel module has to be installed on the host," echo "but the kernel module has to be installed on the host,"
echo "the container has to be run with some specific parameters" echo "the container has to be run with some specific parameters"
echo "and only the tools need to be installed in the container." echo "and only the tools need to be installed in the container."
exit 1 exit 1
fi fi
} }
function checkOS() { function checkOS() {
source /etc/os-release source /etc/os-release
OS="${ID}" OS="${ID}"
if [[ ${OS} == "debian" || ${OS} == "raspbian" ]]; then if [[ ${OS} == "debian" || ${OS} == "raspbian" ]]; then
if [[ ${VERSION_ID} -lt 10 ]]; then if [[ ${VERSION_ID} -lt 10 ]]; then
echo "Your version of Debian (${VERSION_ID}) is not supported. Please use Debian 10 Buster or later" echo "Your version of Debian (${VERSION_ID}) is not supported. Please use Debian 10 Buster or later"
exit 1 exit 1
fi fi
OS=debian # overwrite if raspbian OS=debian # overwrite if raspbian
elif [[ ${OS} == "ubuntu" ]]; then elif [[ ${OS} == "ubuntu" ]]; then
RELEASE_YEAR=$(echo "${VERSION_ID}" | cut -d'.' -f1) RELEASE_YEAR=$(echo "${VERSION_ID}" | cut -d'.' -f1)
if [[ ${RELEASE_YEAR} -lt 18 ]]; then if [[ ${RELEASE_YEAR} -lt 18 ]]; then
echo "Your version of Ubuntu (${VERSION_ID}) is not supported. Please use Ubuntu 18.04 or later" echo "Your version of Ubuntu (${VERSION_ID}) is not supported. Please use Ubuntu 18.04 or later"
exit 1 exit 1
fi fi
elif [[ ${OS} == "fedora" ]]; then elif [[ ${OS} == "fedora" ]]; then
if [[ ${VERSION_ID} -lt 32 ]]; then if [[ ${VERSION_ID} -lt 32 ]]; then
echo "Your version of Fedora (${VERSION_ID}) is not supported. Please use Fedora 32 or later" echo "Your version of Fedora (${VERSION_ID}) is not supported. Please use Fedora 32 or later"
exit 1 exit 1
fi fi
elif [[ ${OS} == 'centos' ]] || [[ ${OS} == 'almalinux' ]] || [[ ${OS} == 'rocky' ]]; then elif [[ ${OS} == 'centos' ]] || [[ ${OS} == 'almalinux' ]] || [[ ${OS} == 'rocky' ]]; then
if [[ ${VERSION_ID} == 7* ]]; then if [[ ${VERSION_ID} == 7* ]]; then
echo "Your version of CentOS (${VERSION_ID}) is not supported. Please use CentOS 8 or later" echo "Your version of CentOS (${VERSION_ID}) is not supported. Please use CentOS 8 or later"
exit 1 exit 1
fi fi
elif [[ -e /etc/oracle-release ]]; then elif [[ -e /etc/oracle-release ]]; then
source /etc/os-release source /etc/os-release
OS=oracle OS=oracle
elif [[ -e /etc/arch-release ]]; then elif [[ -e /etc/arch-release ]]; then
OS=arch OS=arch
else else
echo "Looks like you aren't running this installer on a Debian, Ubuntu, Fedora, CentOS, AlmaLinux, Oracle or Arch Linux system" echo "Looks like you aren't running this installer on a Debian, Ubuntu, Fedora, CentOS, AlmaLinux, Oracle or Arch Linux system"
exit 1 exit 1
fi fi
} }
function getHomeDirForClient() { function getHomeDirForClient() {
local CLIENT_NAME=$1 local CLIENT_NAME=$1
if [ -z "${CLIENT_NAME}" ]; then if [ -z "${CLIENT_NAME}" ]; then
echo "Error: getHomeDirForClient() requires a client name as argument" echo "Error: getHomeDirForClient() requires a client name as argument"
exit 1 exit 1
fi fi
# Home directory of the user, where the client configuration will be written # Home directory of the user, where the client configuration will be written
if [ -e "/home/${CLIENT_NAME}" ]; then if [ -e "/home/${CLIENT_NAME}" ]; then
# if $1 is a user name # if $1 is a user name
HOME_DIR="/home/${CLIENT_NAME}" HOME_DIR="/home/${CLIENT_NAME}"
elif [ "${SUDO_USER}" ]; then elif [ "${SUDO_USER}" ]; then
# if not, use SUDO_USER # if not, use SUDO_USER
if [ "${SUDO_USER}" == "root" ]; then if [ "${SUDO_USER}" == "root" ]; then
# If running sudo as root # If running sudo as root
HOME_DIR="/root" HOME_DIR="/root"
else else
HOME_DIR="/home/${SUDO_USER}" HOME_DIR="/home/${SUDO_USER}"
fi fi
else else
# if not SUDO_USER, use /root # if not SUDO_USER, use /root
HOME_DIR="/root" HOME_DIR="/root"
fi fi
echo "$HOME_DIR" echo "$HOME_DIR"
} }
function initialCheck() { function initialCheck() {
isRoot isRoot
checkVirt checkVirt
checkOS checkOS
} }
function installQuestions() { function installQuestions() {
echo "Welcome to the WireGuard installer!" echo "Welcome to the WireGuard installer!"
echo "The git repository is available at: https://github.com/angristan/wireguard-install" echo "The git repository is available at: https://github.com/angristan/wireguard-install"
echo "" echo ""
echo "I need to ask you a few questions before starting the setup." echo "I need to ask you a few questions before starting the setup."
echo "You can keep the default options and just press enter if you are ok with them." echo "You can keep the default options and just press enter if you are ok with them."
echo "" echo ""
# Detect public IPv4 or IPv6 address and pre-fill for the user # Detect public IPv4 or IPv6 address and pre-fill for the user
SERVER_PUB_IP=${SERVER_PUB_IP:-$(ip -4 addr | sed -ne 's|^.* inet \([^/]*\)/.* scope global.*$|\1|p' | awk '{print $1}' | head -1)} SERVER_PUB_IP=${SERVER_PUB_IP:-$(ip -4 addr | sed -ne 's|^.* inet \([^/]*\)/.* scope global.*$|\1|p' | awk '{print $1}' | head -1)}
if [[ -z ${SERVER_PUB_IP} ]]; then if [[ -z ${SERVER_PUB_IP} ]]; then
# Detect public IPv6 address # Detect public IPv6 address
SERVER_PUB_IP=$(ip -6 addr | sed -ne 's|^.* inet6 \([^/]*\)/.* scope global.*$|\1|p' | head -1) SERVER_PUB_IP=$(ip -6 addr | sed -ne 's|^.* inet6 \([^/]*\)/.* scope global.*$|\1|p' | head -1)
fi fi
APPROVE_IP=${APPROVE_IP:-n} APPROVE_IP=${APPROVE_IP:-n}
if [[ ${APPROVE_IP} =~ n ]]; then if [[ ${APPROVE_IP} =~ n ]]; then
read -rp "IPv4 or IPv6 public address: " -e -i "${SERVER_PUB_IP}" SERVER_PUB_IP read -rp "IPv4 or IPv6 public address: " -e -i "${SERVER_PUB_IP}" SERVER_PUB_IP
fi fi
# Detect public interface and pre-fill for the user # Detect public interface and pre-fill for the user
SERVER_NIC="${SERVER_NIC:-$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)}" SERVER_NIC="${SERVER_NIC:-$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)}"
APPROVE_NIC=${APPROVE_NIC:-n} APPROVE_NIC=${APPROVE_NIC:-n}
if [[ ${APPROVE_IP} =~ n ]]; then if [[ ${APPROVE_IP} =~ n ]]; then
until [[ ${SERVER_PUB_NIC} =~ ^[a-zA-Z0-9_]+$ || ${APPROVE_NIC} =~ n ]]; do until [[ ${SERVER_PUB_NIC} =~ ^[a-zA-Z0-9_]+$ || ${APPROVE_NIC} =~ n ]]; do
read -rp "Public interface: " -e -i "${SERVER_NIC}" SERVER_PUB_NIC read -rp "Public interface: " -e -i "${SERVER_NIC}" SERVER_PUB_NIC
@ -132,50 +132,50 @@ function installQuestions() {
SERVER_PUB_NIC="${SERVER_NIC}" SERVER_PUB_NIC="${SERVER_NIC}"
fi fi
until [[ ${SERVER_WG_NIC} =~ ^[a-zA-Z0-9_]+$ && ${#SERVER_WG_NIC} -lt 16 ]]; do until [[ ${SERVER_WG_NIC} =~ ^[a-zA-Z0-9_]+$ && ${#SERVER_WG_NIC} -lt 16 ]]; do
read -rp "WireGuard interface name: " -e -i "${SERVER_WG_NIC_DEFAULT}" SERVER_WG_NIC read -rp "WireGuard interface name: " -e -i "${SERVER_WG_NIC_DEFAULT}" SERVER_WG_NIC
done done
until [[ ${SERVER_WG_IPV4} =~ ^([0-9]{1,3}\.){3} ]]; do until [[ ${SERVER_WG_IPV4} =~ ^([0-9]{1,3}\.){3} ]]; do
read -rp "Server WireGuard IPv4: " -e -i "${SERVER_WG_IPV4_DEFAULT}" SERVER_WG_IPV4 read -rp "Server WireGuard IPv4: " -e -i "${SERVER_WG_IPV4_DEFAULT}" SERVER_WG_IPV4
done done
until [[ ${SERVER_WG_IPV6} =~ ^([a-f0-9]{1,4}:){3,4}: ]]; do until [[ ${SERVER_WG_IPV6} =~ ^([a-f0-9]{1,4}:){3,4}: ]]; do
read -rp "Server WireGuard IPv6: " -e -i "${SERVER_WG_IPV6_DEFAULT}" SERVER_WG_IPV6 read -rp "Server WireGuard IPv6: " -e -i "${SERVER_WG_IPV6_DEFAULT}" SERVER_WG_IPV6
done done
# Generate random number within private ports range # Generate random number within private ports range
RANDOM_PORT=$(shuf -i49152-65535 -n1) RANDOM_PORT=$(shuf -i49152-65535 -n1)
until [[ ${SERVER_PORT} =~ ^[0-9]+$ ]] && [ "${SERVER_PORT}" -ge 1 ] && [ "${SERVER_PORT}" -le 65535 ]; do until [[ ${SERVER_PORT} =~ ^[0-9]+$ ]] && [ "${SERVER_PORT}" -ge 1 ] && [ "${SERVER_PORT}" -le 65535 ]; do
read -rp "Server WireGuard port [1-65535]: " -e -i "${RANDOM_PORT}" SERVER_PORT read -rp "Server WireGuard port [1-65535]: " -e -i "${RANDOM_PORT}" SERVER_PORT
done done
# Adguard DNS by default # Adguard DNS by default
until [[ ${CLIENT_DNS_1} =~ ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ ]]; do until [[ ${CLIENT_DNS_1} =~ ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ ]]; do
read -rp "First DNS resolver to use for the clients: " -e -i "${CLIENT_DNS_1_DEFAULT}" CLIENT_DNS_1 read -rp "First DNS resolver to use for the clients: " -e -i "${CLIENT_DNS_1_DEFAULT}" CLIENT_DNS_1
done done
until [[ ${CLIENT_DNS_2} =~ ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ ]]; do until [[ ${CLIENT_DNS_2} =~ ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ ]]; do
read -rp "Second DNS resolver to use for the clients (optional): " -e -i "${CLIENT_DNS_2_DEFAULT}" CLIENT_DNS_2 read -rp "Second DNS resolver to use for the clients (optional): " -e -i "${CLIENT_DNS_2_DEFAULT}" CLIENT_DNS_2
if [[ ${CLIENT_DNS_2} == "" ]]; then if [[ ${CLIENT_DNS_2} == "" ]]; then
CLIENT_DNS_2="${CLIENT_DNS_1}" CLIENT_DNS_2="${CLIENT_DNS_1}"
fi fi
done done
until [[ ${ALLOWED_IPS} =~ ^.+$ ]]; do until [[ ${ALLOWED_IPS} =~ ^.+$ ]]; do
echo -e "\nWireGuard uses a parameter called AllowedIPs to determine what is routed over the VPN." echo -e "\nWireGuard uses a parameter called AllowedIPs to determine what is routed over the VPN."
read -rp "Allowed IPs list for generated clients (leave default to route everything): " -e -i '0.0.0.0/0,::/0' ALLOWED_IPS read -rp "Allowed IPs list for generated clients (leave default to route everything): " -e -i '0.0.0.0/0,::/0' ALLOWED_IPS
if [[ ${ALLOWED_IPS} == "" ]]; then if [[ ${ALLOWED_IPS} == "" ]]; then
ALLOWED_IPS="${ALLOWED_IPS_DEFAULTS}" ALLOWED_IPS="${ALLOWED_IPS_DEFAULTS}"
fi fi
done done
echo "" echo ""
echo "Okay, that was all I needed. We are ready to setup your WireGuard server now." echo "Okay, that was all I needed. We are ready to setup your WireGuard server now."
echo "You will be able to generate a client at the end of the installation." echo "You will be able to generate a client at the end of the installation."
APPROVE_INSTALL=${APPROVE_INSTALL:-n} APPROVE_INSTALL=${APPROVE_INSTALL:-n}
if [[ $APPROVE_INSTALL =~ n ]]; then if [[ $APPROVE_INSTALL =~ n ]]; then
read -n1 -r -p "Press any key to continue..." read -n1 -r -p "Press any key to continue..."
fi fi
} }
function installWireGuard() { function installWireGuard() {
@ -187,71 +187,71 @@ function installWireGuard() {
ALLOWED_IPS_DEFAULTS="0.0.0.0/0,::/0" ALLOWED_IPS_DEFAULTS="0.0.0.0/0,::/0"
if [[ ${APPROVE_INSTALL} == "y" ]]; then if [[ ${APPROVE_INSTALL} == "y" ]]; then
# Set default choices so that no questions will be asked. # Set default choices so that no questions will be asked.
APPROVE_IP=${APPROVE_IP:-y} APPROVE_IP=${APPROVE_IP:-y}
APPROVE_NIC=${APPROVE_NIC:-y} APPROVE_NIC=${APPROVE_NIC:-y}
SERVER_WG_NIC=${SERVER_WG_NIC:-$SERVER_WG_NIC_DEFAULT} SERVER_WG_NIC=${SERVER_WG_NIC:-$SERVER_WG_NIC_DEFAULT}
SERVER_WG_IPV4=${SERVER_WG_IPV4:-$SERVER_WG_IPV4_DEFAULT} SERVER_WG_IPV4=${SERVER_WG_IPV4:-$SERVER_WG_IPV4_DEFAULT}
SERVER_WG_IPV6=${SERVER_WG_IPV6:-$SERVER_WG_IPV6_DEFAULT} SERVER_WG_IPV6=${SERVER_WG_IPV6:-$SERVER_WG_IPV6_DEFAULT}
SERVER_PORT=${SERVER_PORT:-$(shuf -i49152-65535 -n1)} SERVER_PORT=${SERVER_PORT:-$(shuf -i49152-65535 -n1)}
CLIENT_DNS_1=${CLIENT_DNS_1:-$CLIENT_DNS_1_DEFAULT} CLIENT_DNS_1=${CLIENT_DNS_1:-$CLIENT_DNS_1_DEFAULT}
CLIENT_DNS_2=${CLIENT_DNS_2:-$CLIENT_DNS_2_DEFAULT} CLIENT_DNS_2=${CLIENT_DNS_2:-$CLIENT_DNS_2_DEFAULT}
CLIENT_NAME=${CLIENT_NAME:-client} CLIENT_NAME=${CLIENT_NAME:-client}
ALLOWED_IPS=${ALLOWED_IPS:-$ALLOWED_IPS_DEFAULTS} ALLOWED_IPS=${ALLOWED_IPS:-$ALLOWED_IPS_DEFAULTS}
# Behind NAT, we'll default to the publicly reachable IPv4. # Behind NAT, we'll default to the publicly reachable IPv4.
SERVER_PUB_IP=${SERVER_PUB_IP:-$(curl -s https://api.ipify.org)} SERVER_PUB_IP=${SERVER_PUB_IP:-$(curl -s https://api.ipify.org)}
fi fi
# Run setup questions first # Run setup questions first
installQuestions installQuestions
# Install WireGuard tools and module # Install WireGuard tools and module
if [[ ${OS} == 'ubuntu' ]] || [[ ${OS} == 'debian' && ${VERSION_ID} -gt 10 ]]; then if [[ ${OS} == 'ubuntu' ]] || [[ ${OS} == 'debian' && ${VERSION_ID} -gt 10 ]]; then
apt-get update apt-get update
apt-get install -y wireguard iptables resolvconf qrencode apt-get install -y wireguard iptables resolvconf qrencode
elif [[ ${OS} == 'debian' ]]; then elif [[ ${OS} == 'debian' ]]; then
if ! grep -rqs "^deb .* buster-backports" /etc/apt/; then if ! grep -rqs "^deb .* buster-backports" /etc/apt/; then
echo "deb http://deb.debian.org/debian buster-backports main" >/etc/apt/sources.list.d/backports.list echo "deb http://deb.debian.org/debian buster-backports main" >/etc/apt/sources.list.d/backports.list
apt-get update apt-get update
fi fi
apt update apt update
apt-get install -y iptables resolvconf qrencode apt-get install -y iptables resolvconf qrencode
apt-get install -y -t buster-backports wireguard apt-get install -y -t buster-backports wireguard
elif [[ ${OS} == 'fedora' ]]; then elif [[ ${OS} == 'fedora' ]]; then
if [[ ${VERSION_ID} -lt 32 ]]; then if [[ ${VERSION_ID} -lt 32 ]]; then
dnf install -y dnf-plugins-core dnf install -y dnf-plugins-core
dnf copr enable -y jdoss/wireguard dnf copr enable -y jdoss/wireguard
dnf install -y wireguard-dkms dnf install -y wireguard-dkms
fi fi
dnf install -y wireguard-tools iptables qrencode dnf install -y wireguard-tools iptables qrencode
elif [[ ${OS} == 'centos' ]] || [[ ${OS} == 'almalinux' ]] || [[ ${OS} == 'rocky' ]]; then elif [[ ${OS} == 'centos' ]] || [[ ${OS} == 'almalinux' ]] || [[ ${OS} == 'rocky' ]]; then
if [[ ${VERSION_ID} == 8* ]]; then if [[ ${VERSION_ID} == 8* ]]; then
yum install -y epel-release elrepo-release yum install -y epel-release elrepo-release
yum install -y kmod-wireguard yum install -y kmod-wireguard
yum install -y qrencode # not available on release 9 yum install -y qrencode # not available on release 9
fi fi
yum install -y wireguard-tools iptables yum install -y wireguard-tools iptables
elif [[ ${OS} == 'oracle' ]]; then elif [[ ${OS} == 'oracle' ]]; then
dnf install -y oraclelinux-developer-release-el8 dnf install -y oraclelinux-developer-release-el8
dnf config-manager --disable -y ol8_developer dnf config-manager --disable -y ol8_developer
dnf config-manager --enable -y ol8_developer_UEKR6 dnf config-manager --enable -y ol8_developer_UEKR6
dnf config-manager --save -y --setopt=ol8_developer_UEKR6.includepkgs='wireguard-tools*' dnf config-manager --save -y --setopt=ol8_developer_UEKR6.includepkgs='wireguard-tools*'
dnf install -y wireguard-tools qrencode iptables dnf install -y wireguard-tools qrencode iptables
elif [[ ${OS} == 'arch' ]]; then elif [[ ${OS} == 'arch' ]]; then
pacman -S --needed --noconfirm wireguard-tools qrencode pacman -S --needed --noconfirm wireguard-tools qrencode
fi fi
# Make sure the directory exists (this does not seem the be the case on fedora) # Make sure the directory exists (this does not seem the be the case on fedora)
mkdir /etc/wireguard >/dev/null 2>&1 mkdir /etc/wireguard >/dev/null 2>&1
chmod 600 -R /etc/wireguard/ chmod 600 -R /etc/wireguard/
SERVER_PRIV_KEY=$(wg genkey) SERVER_PRIV_KEY=$(wg genkey)
SERVER_PUB_KEY=$(echo "${SERVER_PRIV_KEY}" | wg pubkey) SERVER_PUB_KEY=$(echo "${SERVER_PRIV_KEY}" | wg pubkey)
# Save WireGuard settings # Save WireGuard settings
echo "SERVER_PUB_IP=${SERVER_PUB_IP} echo "SERVER_PUB_IP=${SERVER_PUB_IP}
SERVER_PUB_NIC=${SERVER_PUB_NIC} SERVER_PUB_NIC=${SERVER_PUB_NIC}
SERVER_WG_NIC=${SERVER_WG_NIC} SERVER_WG_NIC=${SERVER_WG_NIC}
SERVER_WG_IPV4=${SERVER_WG_IPV4} SERVER_WG_IPV4=${SERVER_WG_IPV4}
@ -263,19 +263,19 @@ CLIENT_DNS_1=${CLIENT_DNS_1}
CLIENT_DNS_2=${CLIENT_DNS_2} CLIENT_DNS_2=${CLIENT_DNS_2}
ALLOWED_IPS=${ALLOWED_IPS}" >/etc/wireguard/params ALLOWED_IPS=${ALLOWED_IPS}" >/etc/wireguard/params
# Add server interface # Add server interface
echo "[Interface] echo "[Interface]
Address = ${SERVER_WG_IPV4}/24,${SERVER_WG_IPV6}/64 Address = ${SERVER_WG_IPV4}/24,${SERVER_WG_IPV6}/64
ListenPort = ${SERVER_PORT} ListenPort = ${SERVER_PORT}
PrivateKey = ${SERVER_PRIV_KEY}" >"/etc/wireguard/${SERVER_WG_NIC}.conf" PrivateKey = ${SERVER_PRIV_KEY}" >"/etc/wireguard/${SERVER_WG_NIC}.conf"
if pgrep firewalld; then if pgrep firewalld; then
FIREWALLD_IPV4_ADDRESS=$(echo "${SERVER_WG_IPV4}" | cut -d"." -f1-3)".0" FIREWALLD_IPV4_ADDRESS=$(echo "${SERVER_WG_IPV4}" | cut -d"." -f1-3)".0"
FIREWALLD_IPV6_ADDRESS=$(echo "${SERVER_WG_IPV6}" | sed 's/:[^:]*$/:0/') FIREWALLD_IPV6_ADDRESS=$(echo "${SERVER_WG_IPV6}" | sed 's/:[^:]*$/:0/')
echo "PostUp = firewall-cmd --add-port ${SERVER_PORT}/udp && firewall-cmd --add-rich-rule='rule family=ipv4 source address=${FIREWALLD_IPV4_ADDRESS}/24 masquerade' && firewall-cmd --add-rich-rule='rule family=ipv6 source address=${FIREWALLD_IPV6_ADDRESS}/24 masquerade' echo "PostUp = firewall-cmd --add-port ${SERVER_PORT}/udp && firewall-cmd --add-rich-rule='rule family=ipv4 source address=${FIREWALLD_IPV4_ADDRESS}/24 masquerade' && firewall-cmd --add-rich-rule='rule family=ipv6 source address=${FIREWALLD_IPV6_ADDRESS}/24 masquerade'
PostDown = firewall-cmd --remove-port ${SERVER_PORT}/udp && firewall-cmd --remove-rich-rule='rule family=ipv4 source address=${FIREWALLD_IPV4_ADDRESS}/24 masquerade' && firewall-cmd --remove-rich-rule='rule family=ipv6 source address=${FIREWALLD_IPV6_ADDRESS}/24 masquerade'" >>"/etc/wireguard/${SERVER_WG_NIC}.conf" PostDown = firewall-cmd --remove-port ${SERVER_PORT}/udp && firewall-cmd --remove-rich-rule='rule family=ipv4 source address=${FIREWALLD_IPV4_ADDRESS}/24 masquerade' && firewall-cmd --remove-rich-rule='rule family=ipv6 source address=${FIREWALLD_IPV6_ADDRESS}/24 masquerade'" >>"/etc/wireguard/${SERVER_WG_NIC}.conf"
else else
echo "PostUp = iptables -I INPUT -p udp --dport ${SERVER_PORT} -j ACCEPT echo "PostUp = iptables -I INPUT -p udp --dport ${SERVER_PORT} -j ACCEPT
PostUp = iptables -I FORWARD -i ${SERVER_PUB_NIC} -o ${SERVER_WG_NIC} -j ACCEPT PostUp = iptables -I FORWARD -i ${SERVER_PUB_NIC} -o ${SERVER_WG_NIC} -j ACCEPT
PostUp = iptables -I FORWARD -i ${SERVER_WG_NIC} -j ACCEPT PostUp = iptables -I FORWARD -i ${SERVER_WG_NIC} -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE PostUp = iptables -t nat -A POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE
@ -287,118 +287,118 @@ PostDown = iptables -D FORWARD -i ${SERVER_WG_NIC} -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE PostDown = iptables -t nat -D POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE
PostDown = ip6tables -D FORWARD -i ${SERVER_WG_NIC} -j ACCEPT PostDown = ip6tables -D FORWARD -i ${SERVER_WG_NIC} -j ACCEPT
PostDown = ip6tables -t nat -D POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE" >>"/etc/wireguard/${SERVER_WG_NIC}.conf" PostDown = ip6tables -t nat -D POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE" >>"/etc/wireguard/${SERVER_WG_NIC}.conf"
fi fi
# Enable routing on the server # Enable routing on the server
echo "net.ipv4.ip_forward = 1 echo "net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1" >/etc/sysctl.d/wg.conf net.ipv6.conf.all.forwarding = 1" >/etc/sysctl.d/wg.conf
sysctl --system sysctl --system
systemctl start "wg-quick@${SERVER_WG_NIC}" systemctl start "wg-quick@${SERVER_WG_NIC}"
systemctl enable "wg-quick@${SERVER_WG_NIC}" systemctl enable "wg-quick@${SERVER_WG_NIC}"
newClient newClient
echo -e "${GREEN}If you want to add more clients, you simply need to run this script another time!${NC}" echo -e "${GREEN}If you want to add more clients, you simply need to run this script another time!${NC}"
# Check if WireGuard is running # Check if WireGuard is running
systemctl is-active --quiet "wg-quick@${SERVER_WG_NIC}" systemctl is-active --quiet "wg-quick@${SERVER_WG_NIC}"
WG_RUNNING=$? WG_RUNNING=$?
# WireGuard might not work if we updated the kernel. Tell the user to reboot # WireGuard might not work if we updated the kernel. Tell the user to reboot
if [[ ${WG_RUNNING} -ne 0 ]]; then if [[ ${WG_RUNNING} -ne 0 ]]; then
echo -e "\n${RED}WARNING: WireGuard does not seem to be running.${NC}" echo -e "\n${RED}WARNING: WireGuard does not seem to be running.${NC}"
echo -e "${ORANGE}You can check if WireGuard is running with: systemctl status wg-quick@${SERVER_WG_NIC}${NC}" echo -e "${ORANGE}You can check if WireGuard is running with: systemctl status wg-quick@${SERVER_WG_NIC}${NC}"
echo -e "${ORANGE}If you get something like \"Cannot find device ${SERVER_WG_NIC}\", please reboot!${NC}" echo -e "${ORANGE}If you get something like \"Cannot find device ${SERVER_WG_NIC}\", please reboot!${NC}"
else # WireGuard is running else # WireGuard is running
echo -e "\n${GREEN}WireGuard is running.${NC}" echo -e "\n${GREEN}WireGuard is running.${NC}"
echo -e "${GREEN}You can check the status of WireGuard with: systemctl status wg-quick@${SERVER_WG_NIC}\n\n${NC}" echo -e "${GREEN}You can check the status of WireGuard with: systemctl status wg-quick@${SERVER_WG_NIC}\n\n${NC}"
echo -e "${ORANGE}If you don't have internet connectivity from your client, try to reboot the server.${NC}" echo -e "${ORANGE}If you don't have internet connectivity from your client, try to reboot the server.${NC}"
fi fi
} }
function newClient() { function newClient() {
# If SERVER_PUB_IP is IPv6, add brackets if missing # If SERVER_PUB_IP is IPv6, add brackets if missing
if [[ ${SERVER_PUB_IP} =~ .*:.* ]]; then if [[ ${SERVER_PUB_IP} =~ .*:.* ]]; then
if [[ ${SERVER_PUB_IP} != *"["* ]] || [[ ${SERVER_PUB_IP} != *"]"* ]]; then if [[ ${SERVER_PUB_IP} != *"["* ]] || [[ ${SERVER_PUB_IP} != *"]"* ]]; then
SERVER_PUB_IP="[${SERVER_PUB_IP}]" SERVER_PUB_IP="[${SERVER_PUB_IP}]"
fi fi
fi fi
ENDPOINT="${SERVER_PUB_IP}:${SERVER_PORT}" ENDPOINT="${SERVER_PUB_IP}:${SERVER_PORT}"
echo "" echo ""
echo "Client configuration" echo "Client configuration"
echo "" echo ""
echo "The client name must consist of alphanumeric character(s). It may also include underscores or dashes and can't exceed 15 chars." echo "The client name must consist of alphanumeric character(s). It may also include underscores or dashes and can't exceed 15 chars."
CLIENT_EXISTS=$(grep -c -E "^### Client ${CLIENT_NAME}\$" "/etc/wireguard/${SERVER_WG_NIC}.conf") CLIENT_EXISTS=$(grep -c -E "^### Client ${CLIENT_NAME}\$" "/etc/wireguard/${SERVER_WG_NIC}.conf")
until [[ ${CLIENT_NAME} =~ ^[a-zA-Z0-9_-]+$ && ${CLIENT_EXISTS} == '0' && ${#CLIENT_NAME} -lt 16 ]]; do until [[ ${CLIENT_NAME} =~ ^[a-zA-Z0-9_-]+$ && ${CLIENT_EXISTS} == '0' && ${#CLIENT_NAME} -lt 16 ]]; do
read -rp "Client name: " -e CLIENT_NAME read -rp "Client name: " -e CLIENT_NAME
CLIENT_EXISTS=$(grep -c -E "^### Client ${CLIENT_NAME}\$" "/etc/wireguard/${SERVER_WG_NIC}.conf") CLIENT_EXISTS=$(grep -c -E "^### Client ${CLIENT_NAME}\$" "/etc/wireguard/${SERVER_WG_NIC}.conf")
if [[ ${CLIENT_EXISTS} != 0 ]]; then if [[ ${CLIENT_EXISTS} != 0 ]]; then
echo "" echo ""
echo -e "${ORANGE}A client with the specified name was already created, please choose another name.${NC}" echo -e "${ORANGE}A client with the specified name was already created, please choose another name.${NC}"
echo "" echo ""
fi fi
done done
for DOT_IP in {2..254}; do for DOT_IP in {2..254}; do
DOT_EXISTS=$(grep -c "${SERVER_WG_IPV4::-1}${DOT_IP}" "/etc/wireguard/${SERVER_WG_NIC}.conf") DOT_EXISTS=$(grep -c "${SERVER_WG_IPV4::-1}${DOT_IP}" "/etc/wireguard/${SERVER_WG_NIC}.conf")
if [[ ${DOT_EXISTS} == '0' ]]; then if [[ ${DOT_EXISTS} == '0' ]]; then
break break
fi fi
done done
if [[ ${DOT_EXISTS} == '1' ]]; then if [[ ${DOT_EXISTS} == '1' ]]; then
echo "" echo ""
echo "The subnet configured supports only 253 clients." echo "The subnet configured supports only 253 clients."
exit 1 exit 1
fi fi
BASE_IP=$(echo "$SERVER_WG_IPV4" | awk -F '.' '{ print $1"."$2"."$3 }') BASE_IP=$(echo "$SERVER_WG_IPV4" | awk -F '.' '{ print $1"."$2"."$3 }')
until [[ ${IPV4_EXISTS} == '0' ]]; do until [[ ${IPV4_EXISTS} == '0' ]]; do
if [[ $APPROVE_INSTALL =~ n ]]; then if [[ $APPROVE_INSTALL =~ n ]]; then
read -rp "Client WireGuard IPv4: ${BASE_IP}." -e -i "${DOT_IP}" DOT_IP read -rp "Client WireGuard IPv4: ${BASE_IP}." -e -i "${DOT_IP}" DOT_IP
fi fi
CLIENT_WG_IPV4="${BASE_IP}.${DOT_IP}" CLIENT_WG_IPV4="${BASE_IP}.${DOT_IP}"
IPV4_EXISTS=$(grep -c "$CLIENT_WG_IPV4/32" "/etc/wireguard/${SERVER_WG_NIC}.conf") IPV4_EXISTS=$(grep -c "$CLIENT_WG_IPV4/32" "/etc/wireguard/${SERVER_WG_NIC}.conf")
if [[ ${IPV4_EXISTS} != 0 ]]; then if [[ ${IPV4_EXISTS} != 0 ]]; then
echo "" echo ""
echo -e "${ORANGE}A client with the specified IPv4 was already created, please choose another IPv4.${NC}" echo -e "${ORANGE}A client with the specified IPv4 was already created, please choose another IPv4.${NC}"
echo "" echo ""
fi fi
done done
BASE_IP=$(echo "$SERVER_WG_IPV6" | awk -F '::' '{ print $1 }') BASE_IP=$(echo "$SERVER_WG_IPV6" | awk -F '::' '{ print $1 }')
until [[ ${IPV6_EXISTS} == '0' ]]; do until [[ ${IPV6_EXISTS} == '0' ]]; do
if [[ $APPROVE_INSTALL =~ n ]]; then if [[ $APPROVE_INSTALL =~ n ]]; then
read -rp "Client WireGuard IPv6: ${BASE_IP}::" -e -i "${DOT_IP}" DOT_IP read -rp "Client WireGuard IPv6: ${BASE_IP}::" -e -i "${DOT_IP}" DOT_IP
fi fi
CLIENT_WG_IPV6="${BASE_IP}::${DOT_IP}" CLIENT_WG_IPV6="${BASE_IP}::${DOT_IP}"
IPV6_EXISTS=$(grep -c "${CLIENT_WG_IPV6}/128" "/etc/wireguard/${SERVER_WG_NIC}.conf") IPV6_EXISTS=$(grep -c "${CLIENT_WG_IPV6}/128" "/etc/wireguard/${SERVER_WG_NIC}.conf")
if [[ ${IPV6_EXISTS} != 0 ]]; then if [[ ${IPV6_EXISTS} != 0 ]]; then
echo "" echo ""
echo -e "${ORANGE}A client with the specified IPv6 was already created, please choose another IPv6.${NC}" echo -e "${ORANGE}A client with the specified IPv6 was already created, please choose another IPv6.${NC}"
echo "" echo ""
fi fi
done done
# Generate key pair for the client # Generate key pair for the client
CLIENT_PRIV_KEY=$(wg genkey) CLIENT_PRIV_KEY=$(wg genkey)
CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey)
CLIENT_PRE_SHARED_KEY=$(wg genpsk) CLIENT_PRE_SHARED_KEY=$(wg genpsk)
HOME_DIR=$(getHomeDirForClient "${CLIENT_NAME}") HOME_DIR=$(getHomeDirForClient "${CLIENT_NAME}")
# Create client file and add the server as a peer # Create client file and add the server as a peer
echo "[Interface] echo "[Interface]
PrivateKey = ${CLIENT_PRIV_KEY} PrivateKey = ${CLIENT_PRIV_KEY}
Address = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128 Address = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128
DNS = ${CLIENT_DNS_1},${CLIENT_DNS_2} DNS = ${CLIENT_DNS_1},${CLIENT_DNS_2}
@ -409,157 +409,157 @@ PresharedKey = ${CLIENT_PRE_SHARED_KEY}
Endpoint = ${ENDPOINT} Endpoint = ${ENDPOINT}
AllowedIPs = ${ALLOWED_IPS}" >"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" AllowedIPs = ${ALLOWED_IPS}" >"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf"
# Add the client as a peer to the server # Add the client as a peer to the server
echo -e "\n### Client ${CLIENT_NAME} echo -e "\n### Client ${CLIENT_NAME}
[Peer] [Peer]
PublicKey = ${CLIENT_PUB_KEY} PublicKey = ${CLIENT_PUB_KEY}
PresharedKey = ${CLIENT_PRE_SHARED_KEY} PresharedKey = ${CLIENT_PRE_SHARED_KEY}
AllowedIPs = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128" >>"/etc/wireguard/${SERVER_WG_NIC}.conf" AllowedIPs = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128" >>"/etc/wireguard/${SERVER_WG_NIC}.conf"
wg syncconf "${SERVER_WG_NIC}" <(wg-quick strip "${SERVER_WG_NIC}") wg syncconf "${SERVER_WG_NIC}" <(wg-quick strip "${SERVER_WG_NIC}")
# Generate QR code if qrencode is installed # Generate QR code if qrencode is installed
if command -v qrencode &>/dev/null; then if command -v qrencode &>/dev/null; then
echo -e "${GREEN}\nHere is your client config file as a QR Code:\n${NC}" echo -e "${GREEN}\nHere is your client config file as a QR Code:\n${NC}"
qrencode -t ansiutf8 -l L <"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" qrencode -t ansiutf8 -l L <"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf"
echo "" echo ""
fi fi
echo -e "${GREEN}Your client config file is in ${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf${NC}" echo -e "${GREEN}Your client config file is in ${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf${NC}"
} }
function listClients() { function listClients() {
NUMBER_OF_CLIENTS=$(grep -c -E "^### Client" "/etc/wireguard/${SERVER_WG_NIC}.conf") NUMBER_OF_CLIENTS=$(grep -c -E "^### Client" "/etc/wireguard/${SERVER_WG_NIC}.conf")
if [[ ${NUMBER_OF_CLIENTS} -eq 0 ]]; then if [[ ${NUMBER_OF_CLIENTS} -eq 0 ]]; then
echo "" echo ""
echo "You have no existing clients!" echo "You have no existing clients!"
exit 1 exit 1
fi fi
grep -E "^### Client" "/etc/wireguard/${SERVER_WG_NIC}.conf" | cut -d ' ' -f 3 | nl -s ') ' grep -E "^### Client" "/etc/wireguard/${SERVER_WG_NIC}.conf" | cut -d ' ' -f 3 | nl -s ') '
} }
function revokeClient() { function revokeClient() {
NUMBER_OF_CLIENTS=$(grep -c -E "^### Client" "/etc/wireguard/${SERVER_WG_NIC}.conf") NUMBER_OF_CLIENTS=$(grep -c -E "^### Client" "/etc/wireguard/${SERVER_WG_NIC}.conf")
if [[ ${NUMBER_OF_CLIENTS} == '0' ]]; then if [[ ${NUMBER_OF_CLIENTS} == '0' ]]; then
echo "" echo ""
echo "You have no existing clients!" echo "You have no existing clients!"
exit 1 exit 1
fi fi
echo "" echo ""
echo "Select the existing client you want to revoke" echo "Select the existing client you want to revoke"
grep -E "^### Client" "/etc/wireguard/${SERVER_WG_NIC}.conf" | cut -d ' ' -f 3 | nl -s ') ' grep -E "^### Client" "/etc/wireguard/${SERVER_WG_NIC}.conf" | cut -d ' ' -f 3 | nl -s ') '
until [[ ${CLIENT_NUMBER} -ge 1 && ${CLIENT_NUMBER} -le ${NUMBER_OF_CLIENTS} ]]; do until [[ ${CLIENT_NUMBER} -ge 1 && ${CLIENT_NUMBER} -le ${NUMBER_OF_CLIENTS} ]]; do
if [[ ${CLIENT_NUMBER} == '1' ]]; then if [[ ${CLIENT_NUMBER} == '1' ]]; then
read -rp "Select one client [1]: " CLIENT_NUMBER read -rp "Select one client [1]: " CLIENT_NUMBER
else else
read -rp "Select one client [1-${NUMBER_OF_CLIENTS}]: " CLIENT_NUMBER read -rp "Select one client [1-${NUMBER_OF_CLIENTS}]: " CLIENT_NUMBER
fi fi
done done
# match the selected number to a client name # match the selected number to a client name
CLIENT_NAME=$(grep -E "^### Client" "/etc/wireguard/${SERVER_WG_NIC}.conf" | cut -d ' ' -f 3 | sed -n "${CLIENT_NUMBER}"p) CLIENT_NAME=$(grep -E "^### Client" "/etc/wireguard/${SERVER_WG_NIC}.conf" | cut -d ' ' -f 3 | sed -n "${CLIENT_NUMBER}"p)
# remove [Peer] block matching $CLIENT_NAME # remove [Peer] block matching $CLIENT_NAME
sed -i "/^### Client ${CLIENT_NAME}\$/,/^$/d" "/etc/wireguard/${SERVER_WG_NIC}.conf" sed -i "/^### Client ${CLIENT_NAME}\$/,/^$/d" "/etc/wireguard/${SERVER_WG_NIC}.conf"
# remove generated client file # remove generated client file
HOME_DIR=$(getHomeDirForClient "${CLIENT_NAME}") HOME_DIR=$(getHomeDirForClient "${CLIENT_NAME}")
rm -f "${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" rm -f "${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf"
# restart wireguard to apply changes # restart wireguard to apply changes
wg syncconf "${SERVER_WG_NIC}" <(wg-quick strip "${SERVER_WG_NIC}") wg syncconf "${SERVER_WG_NIC}" <(wg-quick strip "${SERVER_WG_NIC}")
} }
function uninstallWg() { function uninstallWg() {
echo "" echo ""
echo -e "\n${RED}WARNING: This will uninstall WireGuard and remove all the configuration files!${NC}" echo -e "\n${RED}WARNING: This will uninstall WireGuard and remove all the configuration files!${NC}"
echo -e "${ORANGE}Please backup the /etc/wireguard directory if you want to keep your configuration files.\n${NC}" echo -e "${ORANGE}Please backup the /etc/wireguard directory if you want to keep your configuration files.\n${NC}"
read -rp "Do you really want to remove WireGuard? [y/n]: " -e REMOVE read -rp "Do you really want to remove WireGuard? [y/n]: " -e REMOVE
REMOVE=${REMOVE:-n} REMOVE=${REMOVE:-n}
if [[ $REMOVE == 'y' ]]; then if [[ $REMOVE == 'y' ]]; then
checkOS checkOS
systemctl stop "wg-quick@${SERVER_WG_NIC}" systemctl stop "wg-quick@${SERVER_WG_NIC}"
systemctl disable "wg-quick@${SERVER_WG_NIC}" systemctl disable "wg-quick@${SERVER_WG_NIC}"
if [[ ${OS} == 'ubuntu' ]]; then if [[ ${OS} == 'ubuntu' ]]; then
apt-get remove -y wireguard wireguard-tools qrencode apt-get remove -y wireguard wireguard-tools qrencode
elif [[ ${OS} == 'debian' ]]; then elif [[ ${OS} == 'debian' ]]; then
apt-get remove -y wireguard wireguard-tools qrencode apt-get remove -y wireguard wireguard-tools qrencode
elif [[ ${OS} == 'fedora' ]]; then elif [[ ${OS} == 'fedora' ]]; then
dnf remove -y --noautoremove wireguard-tools qrencode dnf remove -y --noautoremove wireguard-tools qrencode
if [[ ${VERSION_ID} -lt 32 ]]; then if [[ ${VERSION_ID} -lt 32 ]]; then
dnf remove -y --noautoremove wireguard-dkms dnf remove -y --noautoremove wireguard-dkms
dnf copr disable -y jdoss/wireguard dnf copr disable -y jdoss/wireguard
fi fi
elif [[ ${OS} == 'centos' ]] || [[ ${OS} == 'almalinux' ]] || [[ ${OS} == 'rocky' ]]; then elif [[ ${OS} == 'centos' ]] || [[ ${OS} == 'almalinux' ]] || [[ ${OS} == 'rocky' ]]; then
yum remove -y --noautoremove wireguard-tools yum remove -y --noautoremove wireguard-tools
if [[ ${VERSION_ID} == 8* ]]; then if [[ ${VERSION_ID} == 8* ]]; then
yum remove --noautoremove kmod-wireguard qrencode yum remove --noautoremove kmod-wireguard qrencode
fi fi
elif [[ ${OS} == 'oracle' ]]; then elif [[ ${OS} == 'oracle' ]]; then
yum remove --noautoremove wireguard-tools qrencode yum remove --noautoremove wireguard-tools qrencode
elif [[ ${OS} == 'arch' ]]; then elif [[ ${OS} == 'arch' ]]; then
pacman -Rs --noconfirm wireguard-tools qrencode pacman -Rs --noconfirm wireguard-tools qrencode
fi fi
rm -rf /etc/wireguard rm -rf /etc/wireguard
rm -f /etc/sysctl.d/wg.conf rm -f /etc/sysctl.d/wg.conf
# Reload sysctl # Reload sysctl
sysctl --system sysctl --system
# Check if WireGuard is running # Check if WireGuard is running
systemctl is-active --quiet "wg-quick@${SERVER_WG_NIC}" systemctl is-active --quiet "wg-quick@${SERVER_WG_NIC}"
WG_RUNNING=$? WG_RUNNING=$?
if [[ ${WG_RUNNING} -eq 0 ]]; then if [[ ${WG_RUNNING} -eq 0 ]]; then
echo "WireGuard failed to uninstall properly." echo "WireGuard failed to uninstall properly."
exit 1 exit 1
else else
echo "WireGuard uninstalled successfully." echo "WireGuard uninstalled successfully."
exit 0 exit 0
fi fi
else else
echo "" echo ""
echo "Removal aborted!" echo "Removal aborted!"
fi fi
} }
function manageMenu() { function manageMenu() {
echo "Welcome to WireGuard-install!" echo "Welcome to WireGuard-install!"
echo "The git repository is available at: https://github.com/angristan/wireguard-install" echo "The git repository is available at: https://github.com/angristan/wireguard-install"
echo "" echo ""
echo "It looks like WireGuard is already installed." echo "It looks like WireGuard is already installed."
echo "" echo ""
echo "What do you want to do?" echo "What do you want to do?"
echo " 1) Add a new user" echo " 1) Add a new user"
echo " 2) List all users" echo " 2) List all users"
echo " 3) Revoke existing user" echo " 3) Revoke existing user"
echo " 4) Uninstall WireGuard" echo " 4) Uninstall WireGuard"
echo " 5) Exit" echo " 5) Exit"
until [[ ${MENU_OPTION} =~ ^[1-5]$ ]]; do until [[ ${MENU_OPTION} =~ ^[1-5]$ ]]; do
read -rp "Select an option [1-5]: " MENU_OPTION read -rp "Select an option [1-5]: " MENU_OPTION
done done
case "${MENU_OPTION}" in case "${MENU_OPTION}" in
1) 1)
newClient newClient
;; ;;
2) 2)
listClients listClients
;; ;;
3) 3)
revokeClient revokeClient
;; ;;
4) 4)
uninstallWg uninstallWg
;; ;;
5) 5)
exit 0 exit 0
;; ;;
esac esac
} }
# Check for root, virt, OS... # Check for root, virt, OS...
@ -567,8 +567,8 @@ initialCheck
# Check if WireGuard is already installed and load params # Check if WireGuard is already installed and load params
if [[ -e /etc/wireguard/params ]]; then if [[ -e /etc/wireguard/params ]]; then
source /etc/wireguard/params source /etc/wireguard/params
manageMenu manageMenu
else else
installWireGuard installWireGuard
fi fi