pivpn/scripts/wireguard/pivpnDEBUG.sh

#!/bin/bash

### Constants

setupVars="/etc/pivpn/wireguard/setupVars.conf"

# shellcheck disable=SC1090
source "${setupVars}"

### Funcions

err() {
  echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')]: $*" >&2
}

### Script

# This scripts runs as root
if [[ ! -f "${setupVars}" ]]; then
  err "::: Missing setup vars file!"
  exit 1
fi

echo -e "::::\t\t\e[4mPiVPN debug\e[0m\t\t ::::"
printf "=============================================\n"
echo -e "::::\t\t\e[4mLatest commit\e[0m\t\t ::::"
echo -n "Branch: "

git --git-dir /usr/local/src/pivpn/.git rev-parse --abbrev-ref HEAD
git \
  --git-dir /usr/local/src/pivpn/.git log -n 1 \
  --format='Commit: %H%nAuthor: %an%nDate: %ad%nSummary: %s'

printf "=============================================\n"
echo -e "::::\t    \e[4mInstallation settings\e[0m    \t ::::"

# Disabling SC2154 warning, variable is sourced externaly and may vary
# shellcheck disable=SC2154
sed "s/${pivpnHOST}/REDACTED/" < "${setupVars}"

printf "=============================================\n"
echo -e "::::  \e[4mServer configuration shown below\e[0m   ::::"

cd /etc/wireguard/keys || exit
cp ../wg0.conf ../wg0.tmp

# Replace every key in the server configuration with just its file name
for k in *; do
  sed "s#$(< "${k}")#${k}#" -i ../wg0.tmp
done

cat ../wg0.tmp
rm ../wg0.tmp

printf "=============================================\n"
echo -e "::::  \e[4mClient configuration shown below\e[0m   ::::"

EXAMPLE="$(head -1 /etc/wireguard/configs/clients.txt | awk '{print $1}')"

if [[ -n "${EXAMPLE}" ]]; then
  cp ../configs/"${EXAMPLE}".conf ../configs/"${EXAMPLE}".tmp

  for k in *; do
    sed "s#$(< "${k}")#${k}#" -i ../configs/"${EXAMPLE}".tmp
  done

  sed "s/${pivpnHOST}/REDACTED/" < ../configs/"${EXAMPLE}".tmp
  rm ../configs/"${EXAMPLE}".tmp
else
  echo "::: There are no clients yet"
fi

printf "=============================================\n"
echo -e ":::: \t\e[4mRecursive list of files in\e[0m\t ::::"
echo -e "::::\t\e[4m/etc/wireguard shown below\e[0m\t ::::"

ls -LR /etc/wireguard

printf "=============================================\n"
echo -e "::::\t\t\e[4mSelf check\e[0m\t\t ::::"

/opt/pivpn/self_check.sh "${VPN}"

printf "=============================================\n"
echo -e ":::: Having trouble connecting? Take a look at the FAQ:"
echo -e ":::: \e[1mhttps://docs.pivpn.io/faq\e[0m"
printf "=============================================\n"
echo -ne ":::: \e[1mWARNING\e[0m: This script should have "
echo -e "automatically masked sensitive       ::::"
echo -ne ":::: information, however, still make sure that "
echo -e "\e[4mPrivateKey\e[0m, \e[4mPublicKey\e[0m      ::::"
echo -ne ":::: and \e[4mPresharedKey\e[0m are masked before "
echo -e "reporting an issue. An example key ::::"
echo -n ":::: that you should NOT see in this log looks like this:"
echo "                  ::::"
echo -n ":::: YIAoJVsdIeyvXfGGDDadHh6AxsMRymZTnnzZoAb9cxRe"
echo "                          ::::"
printf "=============================================\n"
echo -e "::::\t\t\e[4mDebug complete\e[0m\t\t ::::"
Reformatted the code 2022-07-27 12:53:36 +00:00			`#!/bin/bash`
refactor(scripts): Structure code as per codestyle Fix #1636 Refactor code according to code style Constants, Functions, Script 2022-10-07 23:11:10 +00:00
			`### Constants`
Added missing script folder 2019-10-14 10:27:28 +00:00
initial dual install try 2020-04-28 22:44:56 +00:00			`setupVars="/etc/pivpn/wireguard/setupVars.conf"`
Added missing script folder 2019-10-14 10:27:28 +00:00
refactor(scripts): Structure code as per codestyle Fix #1636 Refactor code according to code style Constants, Functions, Script 2022-10-07 23:11:10 +00:00			`# shellcheck disable=SC1090`
			`source "${setupVars}"`

			`### Funcions`

Reformatted the code 2022-07-27 12:53:36 +00:00			`err() {`
			`echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')]: $*" >&2`
			`}`

refactor(scripts): Structure code as per codestyle Fix #1636 Refactor code according to code style Constants, Functions, Script 2022-10-07 23:11:10 +00:00			`### Script`

			`# This scripts runs as root`
Reformatted the code 2022-07-27 12:53:36 +00:00			`if [[ ! -f "${setupVars}" ]]; then`
			`err "::: Missing setup vars file!"`
			`exit 1`
Added missing script folder 2019-10-14 10:27:28 +00:00			`fi`

			`echo -e "::::\t\t\e[4mPiVPN debug\e[0m\t\t ::::"`
			`printf "=============================================\n"`
			`echo -e "::::\t\t\e[4mLatest commit\e[0m\t\t ::::"`
More compact commit log - Do not show the full commit body - Show the branch 2021-05-12 16:17:35 +00:00			`echo -n "Branch: "`
Reformatted the code 2022-07-27 12:53:36 +00:00
More compact commit log - Do not show the full commit body - Show the branch 2021-05-12 16:17:35 +00:00			`git --git-dir /usr/local/src/pivpn/.git rev-parse --abbrev-ref HEAD`
Reformatted the code 2022-07-27 12:53:36 +00:00			`git \`
refactor: improve code style Improve the code style of some pieces of code 2022-08-09 08:09:25 +00:00			`--git-dir /usr/local/src/pivpn/.git log -n 1 \`
Reformatted the code 2022-07-27 12:53:36 +00:00			`--format='Commit: %H%nAuthor: %an%nDate: %ad%nSummary: %s'`

Added missing script folder 2019-10-14 10:27:28 +00:00			`printf "=============================================\n"`
			`echo -e "::::\t \e[4mInstallation settings\e[0m \t ::::"`
Reformatted the code 2022-07-27 12:53:36 +00:00
Shellcheck compliance scripts/wireguard/pivpnDEBUG.sh * SC1090: ShellCheck can't follow non-constant source. Use a directive to specify location. * Disabled warning * SC2154: <VarName> is referenced but not assigned. * Disabled warning * SC2086: Double quote to prevent globbing and word splitting. * Added double quotes 2021-11-03 17:07:19 +00:00			`# Disabling SC2154 warning, variable is sourced externaly and may vary`
			`# shellcheck disable=SC2154`
Reformatted the code 2022-07-27 12:53:36 +00:00			`sed "s/${pivpnHOST}/REDACTED/" < "${setupVars}"`

Added missing script folder 2019-10-14 10:27:28 +00:00			`printf "=============================================\n"`
			`echo -e ":::: \e[4mServer configuration shown below\e[0m ::::"`
Reformatted the code 2022-07-27 12:53:36 +00:00
Fixed shellcheck warning SC2164: "Use 'cd ... \|\| exit' or 'cd ... \|\| return' in case cd fails." 2021-02-13 11:09:11 +00:00			`cd /etc/wireguard/keys \|\| exit`
Added missing script folder 2019-10-14 10:27:28 +00:00			`cp ../wg0.conf ../wg0.tmp`
Reformatted the code 2022-07-27 12:53:36 +00:00
Unattended installation 2019-11-16 13:58:58 +00:00			`# Replace every key in the server configuration with just its file name`
Added missing script folder 2019-10-14 10:27:28 +00:00			`for k in *; do`
Reformatted the code 2022-07-27 12:53:36 +00:00			`sed "s#$(< "${k}")#${k}#" -i ../wg0.tmp`
Added missing script folder 2019-10-14 10:27:28 +00:00			`done`
Reformatted the code 2022-07-27 12:53:36 +00:00
Added missing script folder 2019-10-14 10:27:28 +00:00			`cat ../wg0.tmp`
			`rm ../wg0.tmp`
Reformatted the code 2022-07-27 12:53:36 +00:00
Added missing script folder 2019-10-14 10:27:28 +00:00			`printf "=============================================\n"`
			`echo -e ":::: \e[4mClient configuration shown below\e[0m ::::"`
Reformatted the code 2022-07-27 12:53:36 +00:00
Merge test (#929) * added link to server status dashboard * Replaced Header with bold instead * More safeguards, some fixes, standardized some code, WireGuard update script, removed redundant code - Add curl as a dependency for those who run the script without 'curl URL \| bash'. - Use POSIX 'command -v' instead of 'hash'. - Check if packages have actually been installed and abort execution if they have not. - Fixed issue with getStaticIPv4Settings() that prevented existing network settings to be used as static IP settings when running the script unattended with empty $IPv4addr and $IPv4gw variables. - Exit if processing wireguard-linux-compat fails. - Exit if 50unattended-upgrades fails to extract. - Exit clientSTAT.sh if the wg0 interface is not available. - Moved the Self Check to a single script since dedicated versions were very similar. - Add 'pivpn -wg' to update WireGuard for users running Raspbian with armv6l kernel. * Fixed cosmetic issue with spinner, added missing spinner to some APT commands * Detect current netmask, validate user input when configuring a static IP * Inform the user when updating the package cache, which can be slow on some RPis * Invalidate $IPv4Addr and $IPv4gw when the user claims those settings are not correct * Restart pihole in the more appropriate restartServices() function * Improve static IP selection, validate public DNS name of the server - Default to 'No' when asking if the RPi has DHCP reservation, considered that the user may not be fully aware, furthermore, setting a static IP anyways doesn't do harm. - Validate existing IPv4 settings (address, gateway, DNS) to avoid filling '/etc/dhcpcd.conf' with invalid data. - Validate public DNS name of the server inside askPublicIPOrDNS() function * Check DH parameters, fix 'pivpn -c', improvements when dealing with external repositories - Added a basic sanity check to downloaded DH paramenters, which doubles as a check for missing .pem file. - Fix 'pivpn -c' showing the month number instead of the day of the month when using WireGuard. - Removing APT keys is risky, it would break APT update/upgrade if the user already was already using the unstable repo. - Replaced 'Checking for $i... installed' in favor of a more clear 'Checking for $i... already installed'. - Check whether the OpenVPN repo and the Debian unstable repo are already used. * Improvements to getStaticIPv4Settings() - Use a regular expression to extract IPs from the 'ip' command. With this, there is a little need to validate output. Even though the regex will match invalid IPs like 192.168.23.444, 'ip' can't return them, and even if it did, the script would not have reached this function due to previous functions using the network with broken routes and addresses. - Get the IP address from the selected interface rather then from the 'ip route' command as it's not guaranteed that such IP is the same of the interface the user decided to use (though on a Raspberry Pi inside a home LAN, most likely it is, but it also maskes easier to get the IP in the CIDR notation with a single 'ip \| grep' pipe). * Moved command substitution to specific functions to avoid unnecessary execution - Moved $availableInterfaces and $CurrentIPv4gw from the script header to their relevant function, considered that if the OS is not Raspbian a static IP is not set, so those variables are not used. * Copy files from git repo using the 'install' command, switch DH params from 2ton.com.au to RFC 7919 - Now using DH parameters suggested by the RFC 7919 for use by TLS servers (the user can still generate his own if he wishes). https://wiki.mozilla.org/Security/Archive/Server_Side_TLS_4.0#Pre-defined_DHE_groups 2020-01-31 15:40:09 +00:00			`EXAMPLE="$(head -1 /etc/wireguard/configs/clients.txt \| awk '{print $1}')"`
Reformatted the code 2022-07-27 12:53:36 +00:00
			`if [[ -n "${EXAMPLE}" ]]; then`
			`cp ../configs/"${EXAMPLE}".conf ../configs/"${EXAMPLE}".tmp`

			`for k in *; do`
			`sed "s#$(< "${k}")#${k}#" -i ../configs/"${EXAMPLE}".tmp`
			`done`

			`sed "s/${pivpnHOST}/REDACTED/" < ../configs/"${EXAMPLE}".tmp`
			`rm ../configs/"${EXAMPLE}".tmp`
Added missing script folder 2019-10-14 10:27:28 +00:00			`else`
Reformatted the code 2022-07-27 12:53:36 +00:00			`echo "::: There are no clients yet"`
Added missing script folder 2019-10-14 10:27:28 +00:00			`fi`

			`printf "=============================================\n"`
Reformatted the code 2022-07-27 12:53:36 +00:00			`echo -e ":::: \t\e[4mRecursive list of files in\e[0m\t ::::"`
			`echo -e "::::\t\e[4m/etc/wireguard shown below\e[0m\t ::::"`

Added missing script folder 2019-10-14 10:27:28 +00:00			`ls -LR /etc/wireguard`
Reformatted the code 2022-07-27 12:53:36 +00:00
Added missing script folder 2019-10-14 10:27:28 +00:00			`printf "=============================================\n"`
			`echo -e "::::\t\t\e[4mSelf check\e[0m\t\t ::::"`
Reformatted the code 2022-07-27 12:53:36 +00:00
Shellcheck compliance scripts/wireguard/pivpnDEBUG.sh * SC1090: ShellCheck can't follow non-constant source. Use a directive to specify location. * Disabled warning * SC2154: <VarName> is referenced but not assigned. * Disabled warning * SC2086: Double quote to prevent globbing and word splitting. * Added double quotes 2021-11-03 17:07:19 +00:00			`/opt/pivpn/self_check.sh "${VPN}"`
Reformatted the code 2022-07-27 12:53:36 +00:00
Added missing script folder 2019-10-14 10:27:28 +00:00			`printf "=============================================\n"`
Suggest the user to take a look at the FAQ 2020-02-01 20:04:32 +00:00			`echo -e ":::: Having trouble connecting? Take a look at the FAQ:"`
Changed link for the FAQ to https://docs.pivpn.io/faq 2021-05-11 13:22:52 +00:00			`echo -e ":::: \e[1mhttps://docs.pivpn.io/faq\e[0m"`
Suggest the user to take a look at the FAQ 2020-02-01 20:04:32 +00:00			`printf "=============================================\n"`
Reformatted the code 2022-07-27 12:53:36 +00:00			`echo -ne ":::: \e[1mWARNING\e[0m: This script should have "`
			`echo -e "automatically masked sensitive ::::"`
			`echo -ne ":::: information, however, still make sure that "`
			`echo -e "\e[4mPrivateKey\e[0m, \e[4mPublicKey\e[0m ::::"`
			`echo -ne ":::: and \e[4mPresharedKey\e[0m are masked before "`
			`echo -e "reporting an issue. An example key ::::"`
			`echo -n ":::: that you should NOT see in this log looks like this:"`
			`echo " ::::"`
			`echo -n ":::: YIAoJVsdIeyvXfGGDDadHh6AxsMRymZTnnzZoAb9cxRe"`
			`echo " ::::"`
Added missing script folder 2019-10-14 10:27:28 +00:00			`printf "=============================================\n"`
			`echo -e "::::\t\t\e[4mDebug complete\e[0m\t\t ::::"`