Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2025-04-22 15:20:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

Added Alpine Linux support (#1567)

Browse source
This commit is contained in:
Giulio Coa 2022-07-26 15:20:35 +02:00 committed by GitHub
parent 718d3df573
commit edb36c08f7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
22 changed files with 852 additions and 459 deletions
Download patch file Download diff file Expand all files Collapse all files

10
scripts/backup.sh
View file

@ -18,6 +18,8 @@ date=$(date +%Y%m%d-%H%M%S)
setupVarsFile="setupVars.conf"
setupConfigDir="/etc/pivpn"
CHECK_PKG_INSTALLED='dpkg-query -s'
if [ -r "${setupConfigDir}/wireguard/${setupVarsFile}" ] && [ -r "${setupConfigDir}/openvpn/${setupVarsFile}" ]; then
# Two protocols have been installed, check if the script has passed
@ -57,6 +59,10 @@ fi
# shellcheck disable=SC1090
source "${setupVars}"
if [ "${PLAT}" == 'Alpine' ]; then
CHECK_PKG_INSTALLED='apk --no-cache info -e'
fi
checkbackupdir(){
# Disabling shellcheck error $install_home sourced from $setupVars
@ -90,8 +96,8 @@ backup_wireguard(){
}
if [[ ! $EUID -eq 0 ]];then
if [[ $(dpkg-query -s sudo) ]];then
if [[ ! $EUID -eq 0 ]]; then
if eval "${CHECK_PKG_INSTALLED} sudo" &> /dev/null; then
export SUDO="sudo"
else
echo "::: Please install sudo or run this as root."

6
scripts/openvpn/bash-completion
View file

@ -7,15 +7,13 @@ _pivpn()
prev="${COMP_WORDS[COMP_CWORD-1]}"
dashopts="-a -c -d -l -r -h -u -up -bk"
opts="debug add clients list revoke uninstall help update backup"
if [ "${#COMP_WORDS[@]}" -eq 2 ]
then
if [ "${#COMP_WORDS[@]}" -eq 2 ]; then
if [[ ${cur} == -* ]] ; then
COMPREPLY=( "$(compgen -W "${dashopts}" -- "${cur}")" )
else
COMPREPLY=( "$(compgen -W "${opts}" -- "${cur}")" )
fi
elif [[ ( "$prev" == "add" || "$prev" == "-a" ) && "${#COMP_WORDS[@]}" -eq 3 ]]
then
elif [[ ( "$prev" == "add" || "$prev" == "-a" ) && "${#COMP_WORDS[@]}" -eq 3 ]]; then
COMPREPLY=( "$(compgen -W "nopass" -- "${cur}")" )
fi
return 0

2
scripts/openvpn/listOVPN.sh
View file

@ -26,7 +26,7 @@ while read -r line || [ -n "$line" ]; do
STATUS=$(echo "$line" | awk '{print $1}')
NAME=$(echo "$line" | awk -FCN= '{print $2}')
EXPD=$(echo "$line" | awk '{if (length($2) == 15) print $2; else print "20"$2}' | cut -b 1-8 | date +"%b %d %Y" -f -)
if [ "${STATUS}" == "V" ]; then
printf "Valid \t %s \t %s\\n" "$(echo -e "$NAME")" "$EXPD"
elif [ "${STATUS}" == "R" ]; then

46
scripts/openvpn/makeOVPN.sh
View file

@ -42,14 +42,12 @@ if [ -z "$HELP_SHOWN" ]; then
fi
# Parse input arguments
while test $# -gt 0
do
while test $# -gt 0; do
_key="$1"
case "$_key" in
-n|--name|--name=*)
_val="${_key##--name=}"
if test "$_val" = "$_key"
then
if test "$_val" = "$_key"; then
test $# -lt 2 && echo "Missing value for the optional argument '$_key'." && exit 1
_val="$2"
shift
@ -58,8 +56,7 @@ do
;;
-p|--password|--password=*)
_val="${_key##--password=}"
if test "$_val" = "$_key"
then
if test "$_val" = "$_key"; then
test $# -lt 2 && echo "Missing value for the optional argument '$_key'." && exit 1
_val="$2"
shift
@ -68,8 +65,7 @@ do
;;
-d|--days|--days=*)
_val="${_key##--days=}"
if test "$_val" = "$_key"
then
if test "$_val" = "$_key"; then
test $# -lt 2 && echo "Missing value for the optional argument '$_key'." && exit 1
_val="$2"
shift
@ -96,8 +92,20 @@ do
if command -v bw > /dev/null; then
BITWARDEN="2"
else
echo "Bitwarden not found, please install bitwarden"
exit 1
echo 'Bitwarden not found, please install bitwarden'
if [ "${PLAT}" == 'Alpine' ]; then
echo 'You can download it through the following commands:'
echo $'\t' 'curl -fLo bitwarden.zip --no-cache https://github.com/bitwarden/clients/releases/download/cli-v2022.6.2/bw-linux-2022.6.2.zip'
echo $'\t' 'apk --no-cache -X https://dl-cdn.alpinelinux.org/alpine/edge/testing/ add atool'
echo $'\t' 'aunpack -F zip bitwarden.zip'
echo $'\t' 'mv bw /opt/bw'
echo $'\t' 'chmod 755 /opt/bw'
echo $'\t' 'rm bitwarden.zip'
echo $'\t' 'apk --no-cache --purge del -r atool'
fi
exit 1
fi
;;
@ -144,8 +152,7 @@ function useBitwarden() {
read -r NAME
# check name
until [[ "$NAME" =~ ^[a-zA-Z0-9.@_-]+$ && ${NAME::1} != "." && ${NAME::1} != "-" ]]
do
until [[ "$NAME" =~ ^[a-zA-Z0-9.@_-]+$ && ${NAME::1} != "." && ${NAME::1} != "-" ]]; do
echo "Name can only contain alphanumeric characters and these characters (.-@_). The name also cannot start with a dot (.) or a dash (-). Please try again."
# ask user for username again
printf "Enter the username: "
@ -158,8 +165,7 @@ function useBitwarden() {
read -r LENGTH
# check length
until [[ "$LENGTH" -gt 11 && "$LENGTH" -lt 129 ]]
do
until [[ "$LENGTH" -gt 11 && "$LENGTH" -lt 129 ]]; do
echo "Password must be between from 12 to 128 characters, please try again."
# ask user for length of password
printf "Enter the length of characters you want your password to be (minimum 12): "
@ -179,8 +185,7 @@ function keyPASS() {
if [[ -z "${PASSWD}" ]]; then
stty -echo
while true
do
while true; do
printf "Enter the password for the client: "
read -r PASSWD
printf "\n"
@ -198,15 +203,14 @@ function keyPASS() {
exit 1
fi
fi
if [ ${#PASSWD} -lt 4 ] || [ ${#PASSWD} -gt 1024 ]
then
if [ ${#PASSWD} -lt 4 ] || [ ${#PASSWD} -gt 1024 ]; then
echo "Password must be between from 4 to 1024 characters"
exit 1
fi
#Escape chars in PASSWD
PASSWD_UNESCAPED="${PASSWD}"
PASSWD=$(echo -n "${PASSWD}" | sed -e 's/\\/\\\\/g' -e 's/\//\\\//g' -e 's/\$/\\\$/g' -e 's/!/\\!/g' -e 's/\./\\\./g' -e "s/'/\\\'/g" -e 's/"/\\"/g' -e 's/\*/\\\*/g' -e 's/\@/\\\@/g' -e 's/\#/\\\#/g' -e 's/£/\\£/g' -e 's/%/\\%/g' -e 's/\^/\\\^/g' -e 's/\&/\\\&/g' -e 's/(/\\(/g' -e 's/)/\\)/g' -e 's/-/\\-/g' -e 's/_/\\_/g' -e 's/\+/\\\+/g' -e 's/=/\\=/g' -e 's/\[/\\\[/g' -e 's/\]/\\\]/g' -e 's/;/\\;/g' -e 's/:/\\:/g' -e 's/|/\\|/g' -e 's/</\\</g' -e 's/>/\\>/g' -e 's/,/\\,/g' -e 's/?/\\?/g' -e 's/~/\\~/g' -e 's/{/\\{/g' -e 's/}/\\}/g')
PASSWD=$(echo -n "${PASSWD}" | sed -E -e 's/\\/\\\\/g' -e 's/\//\\\//g' -e 's/\$/\\\$/g' -e 's/!/\\!/g' -e 's/\./\\\./g' -e "s/'/\\'/g" -e 's/"/\\"/g' -e 's/\*/\\\*/g' -e 's/@/\\@/g' -e 's/#/\\#/g' -e 's/£/\\£/g' -e 's/%/\\%/g' -e 's/\^/\\\^/g' -e 's/&/\\&/g' -e 's/\(/\\\(/g' -e 's/\)/\\\)/g' -e 's/\-/\\\-/g' -e 's/_/\\_/g' -e 's/\+/\\\+/g' -e 's/=/\\=/g' -e 's/\[/\\\[/g' -e 's/\]/\\\]/g' -e 's/;/\\;/g' -e 's/:/\\:/g' -e 's/\|/\\\|/g' -e 's/\</\\\</g' -e 's/\>/\\\>/g' -e 's/,/\\,/g' -e 's/\?/\\\?/g' -e 's/~/\\~/g' -e 's/\{/\\\{/g' -e 's/\}/\\\}/g')
#Build the client key and then encrypt the key
@ -362,7 +366,7 @@ if [ "$iOS" = "1" ]; then
#Next append the client Public Cert
echo "<cert>"
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' < "issued/${NAME}${CRT}"
sed -n -e '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' < "issued/${NAME}${CRT}"
echo "</cert>"
#Finally, append the tls Private Key
@ -401,7 +405,7 @@ else
#Next append the client Public Cert
echo "<cert>"
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' < "issued/${NAME}${CRT}"
sed -n -e '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' < "issued/${NAME}${CRT}"
echo "</cert>"
#Then, append the client Private Key

10
scripts/openvpn/pivpn.sh
View file

@ -1,8 +1,14 @@
#!/bin/bash
CHECK_PKG_INSTALLED='dpkg-query -s'
if grep -qsEe "^NAME\=['\"]?Alpine[a-zA-Z ]*['\"]?$" /etc/os-release; then
CHECK_PKG_INSTALLED='apk --no-cache info -e'
fi
# Must be root to use this tool
if [[ ! $EUID -eq 0 ]];then
if [[ $(dpkg-query -s sudo) ]];then
if [[ ! $EUID -eq 0 ]]; then
if eval "${CHECK_PKG_INSTALLED} sudo" &> /dev/null; then
export SUDO="sudo"
else
echo "::: Please install sudo or run this as root."

23
scripts/openvpn/pivpnDebug.sh
View file

@ -37,16 +37,19 @@ printf "=============================================\n"
echo -e ":::: Having trouble connecting? Take a look at the FAQ:"
echo -e ":::: \e[1mhttps://docs.pivpn.io/faq\e[0m"
printf "=============================================\n"
echo -e ":::: \e[4mSnippet of the server log\e[0m ::::"
OVPNLOG="$(tail -n 20 /var/log/openvpn.log)"
# Regular expession taken from https://superuser.com/a/202835, it will match invalid IPs
# like 123.456.789.012 but it's fine since the log only contains valid ones.
declare -a IPS_TO_HIDE=("$(grepcidr -v 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 <<< "$OVPNLOG" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | uniq)")
for IP in "${IPS_TO_HIDE[@]}"; do
OVPNLOG="${OVPNLOG//"$IP"/REDACTED}"
done
if [ "${PLAT}" != 'Alpine' ]; then
echo -e ":::: \e[4mSnippet of the server log\e[0m ::::"
OVPNLOG="$(tail -n 20 /var/log/openvpn.log)"
echo "$OVPNLOG"
printf "=============================================\n"
# Regular expession taken from https://superuser.com/a/202835, it will match invalid IPs
# like 123.456.789.012 but it's fine since the log only contains valid ones.
declare -a IPS_TO_HIDE=("$(grepcidr -v 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 <<< "$OVPNLOG" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | uniq)")
for IP in "${IPS_TO_HIDE[@]}"; do
OVPNLOG="${OVPNLOG//"$IP"/REDACTED}"
done
echo "$OVPNLOG"
printf "=============================================\n"
fi
echo -e "::::\t\t\e[4mDebug complete\e[0m\t\t ::::"

3
scripts/openvpn/removeOVPN.sh
View file

@ -25,8 +25,7 @@ helpFunc() {
}
# Parse input arguments
while test $# -gt 0
do
while test $# -gt 0; do
_key="$1"
case "$_key" in
-h|--help)

10
scripts/pivpn
View file

@ -1,8 +1,14 @@
#!/bin/bash
CHECK_PKG_INSTALLED='dpkg-query -s'
if grep -qsEe "^NAME\=['\"]?Alpine[a-zA-Z ]*['\"]?$" /etc/os-release; then
CHECK_PKG_INSTALLED='apk --no-cache info -e'
fi
# Must be root to use this tool
if [ $EUID -ne 0 ];then
if dpkg-query -s sudo &> /dev/null; then
if [ $EUID -ne 0 ]; then
if eval "${CHECK_PKG_INSTALLED} sudo" &> /dev/null; then
export SUDO="sudo"
else
echo "::: Please install sudo or run this as root."

79
scripts/self_check.sh
View file

@ -1,5 +1,7 @@
#!/bin/bash
PLAT=$(grep -sEe '^NAME\=' /etc/os-release | sed -E -e "s/NAME\=[\'\"]?([^ ]*).*/\1/")
# dual protocol, VPN type supplied as $1
VPN=$1
setupVars="/etc/pivpn/${VPN}/setupVars.conf"
@ -16,6 +18,11 @@ source "${setupVars}"
if [ "$VPN" = "wireguard" ]; then
VPN_SERVICE="wg-quick@wg0"
if [ "${PLAT}" == 'Alpine' ]; then
VPN_SERVICE='wg-quick'
fi
VPN_PRETTY_NAME="WireGuard"
elif [ "$VPN" = "openvpn" ]; then
VPN_SERVICE="openvpn"
@ -135,25 +142,54 @@ else
fi
if systemctl is-active -q "${VPN_SERVICE}"; then
echo ":: [OK] ${VPN_PRETTY_NAME} is running"
else
ERR=1
read -r -p ":: [ERR] ${VPN_PRETTY_NAME} is not running, try to start now? [Y/n] " REPLY
if [[ ${REPLY} =~ ^[Yy]$ ]] || [[ -z ${REPLY} ]]; then
systemctl start "${VPN_SERVICE}"
echo "Done"
fi
fi
if [ "${PLAT}" == 'Alpine' ]; then
if [ "$(rc-service "${VPN_SERVICE}" status | sed -E -e 's/.*status\: (.*)/\1/')" == 'started' ]; then
echo ":: [OK] ${VPN_PRETTY_NAME} is running"
else
ERR=1
read -r -p ":: [ERR] ${VPN_PRETTY_NAME} is not running, try to start now? [Y/n] " REPLY
if systemctl is-enabled -q "${VPN_SERVICE}"; then
echo ":: [OK] ${VPN_PRETTY_NAME} is enabled (it will automatically start on reboot)"
if [[ ${REPLY} =~ ^[Yy]$ ]] || [[ -z ${REPLY} ]]; then
rc-service -s "${VPN_SERVICE}" restart
rc-service -N "${VPN_SERVICE}" start
echo "Done"
fi
fi
if rc-update show default | grep -sEe "\s*${VPN_SERVICE} .*" &> /dev/null; then
echo ":: [OK] ${VPN_PRETTY_NAME} is enabled (it will automatically start on reboot)"
else
ERR=1
read -r -p ":: [ERR] ${VPN_PRETTY_NAME} is not enabled, try to enable now? [Y/n] " REPLY
if [[ ${REPLY} =~ ^[Yy]$ ]] || [[ -z ${REPLY} ]]; then
rc-update add "${VPN_SERVICE}" default
echo "Done"
fi
fi
else
ERR=1
read -r -p ":: [ERR] ${VPN_PRETTY_NAME} is not enabled, try to enable now? [Y/n] " REPLY
if [[ ${REPLY} =~ ^[Yy]$ ]] || [[ -z ${REPLY} ]]; then
systemctl enable "${VPN_SERVICE}"
echo "Done"
if systemctl is-active -q "${VPN_SERVICE}"; then
echo ":: [OK] ${VPN_PRETTY_NAME} is running"
else
ERR=1
read -r -p ":: [ERR] ${VPN_PRETTY_NAME} is not running, try to start now? [Y/n] " REPLY
if [[ ${REPLY} =~ ^[Yy]$ ]] || [[ -z ${REPLY} ]]; then
systemctl start "${VPN_SERVICE}"
echo "Done"
fi
fi
if systemctl is-enabled -q "${VPN_SERVICE}"; then
echo ":: [OK] ${VPN_PRETTY_NAME} is enabled (it will automatically start on reboot)"
else
ERR=1
read -r -p ":: [ERR] ${VPN_PRETTY_NAME} is not enabled, try to enable now? [Y/n] " REPLY
if [[ ${REPLY} =~ ^[Yy]$ ]] || [[ -z ${REPLY} ]]; then
systemctl enable "${VPN_SERVICE}"
echo "Done"
fi
fi
fi
@ -163,8 +199,15 @@ if netstat -antu | grep -wqE "${pivpnPROTO}.*${pivpnPORT}"; then
else
ERR=1
read -r -p ":: [ERR] ${VPN_PRETTY_NAME} is not listening, try to restart now? [Y/n] " REPLY
if [[ ${REPLY} =~ ^[Yy]$ ]] || [[ -z ${REPLY} ]]; then
systemctl restart "${VPN_SERVICE}"
if [ "${PLAT}" == 'Alpine' ]; then
rc-service -s "${VPN_SERVICE}" restart
rc-service -N "${VPN_SERVICE}" start
else
systemctl restart "${VPN_SERVICE}"
fi
echo "Done"
fi
fi

118
scripts/uninstall.sh
View file

@ -17,13 +17,22 @@ r=$(( r < 20 ? 20 : r ))
c=$(( c < 70 ? 70 : c ))
PKG_MANAGER="apt-get"
UPDATE_PKG_CACHE="${PKG_MANAGER} update"
PKG_REMOVE="${PKG_MANAGER} -y remove --purge"
dnsmasqConfig="/etc/dnsmasq.d/02-pivpn.conf"
setupVarsFile="setupVars.conf"
setupConfigDir="/etc/pivpn"
pivpnFilesDir="/usr/local/src/pivpn"
pivpnScriptDir="/opt/pivpn"
PLAT=$(grep -sEe '^NAME\=' /etc/os-release | sed -E -e "s/NAME\=[\'\"]?([^ ]*).*/\1/")
if [ "${PLAT}" == 'Alpine' ]; then
PKG_MANAGER='apk'
PKG_REMOVE="${PKG_MANAGER} --no-cache --purge del -r"
fi
UPDATE_PKG_CACHE="${PKG_MANAGER} update"
if [ -r "${setupConfigDir}/wireguard/${setupVarsFile}" ] && [ -r "${setupConfigDir}/openvpn/${setupVarsFile}" ]; then
vpnStillExists=1
@ -84,12 +93,22 @@ removeAll(){
# Stopping and disabling services
echo "::: Stopping and disabling services..."
if [ "$VPN" = "wireguard" ]; then
systemctl stop wg-quick@wg0
systemctl disable wg-quick@wg0 &> /dev/null
elif [ "$VPN" = "openvpn" ]; then
systemctl stop openvpn
systemctl disable openvpn &> /dev/null
if [ "${PLAT}" == 'Alpine' ]; then
if [ "${VPN}" = "wireguard" ]; then
rc-service wg-quick stop
rc-update del wg-quick default &> /dev/null
elif [ "${VPN}" = "openvpn" ]; then
rc-service openvpn stop
rc-update del openvpn default &> /dev/null
fi
else
if [ "${VPN}" = "wireguard" ]; then
systemctl stop wg-quick@wg0
systemctl disable wg-quick@wg0 &> /dev/null
elif [ "${VPN}" = "openvpn" ]; then
systemctl stop openvpn
systemctl disable openvpn &> /dev/null
fi
fi
# Removing firewall rules.
@ -137,58 +156,85 @@ removeAll(){
while true; do
read -rp "::: Do you wish to remove $i from your system? [Y/n]: " yn
case $yn in
[Yy]* ) if [ "${i}" = "wireguard-tools" ]; then
[Yy]* )
if [ "${PLAT}" == 'Alpine' ]; then
if [ "${i}" == 'openvpn' ]; then
deluser openvpn
rm -f /etc/rsyslog.d/30-openvpn.conf /etc/logrotate.d/openvpn
fi
else
if [ "${i}" == "wireguard-tools" ]; then
# The bullseye repo may not exist if wireguard was available at the
# time of installation.
if [ -f /etc/apt/sources.list.d/pivpn-bullseye-repo.list ]; then
echo "::: Removing Debian Bullseye repo..."
rm -f /etc/apt/sources.list.d/pivpn-bullseye-repo.list
rm -f /etc/apt/preferences.d/pivpn-limit-bullseye
echo "::: Updating package cache..."
${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
${UPDATE_PKG_CACHE} &> /dev/null &
spinner $!
fi
if [ -f /etc/systemd/system/wg-quick@.service.d/override.conf ]; then
rm -f /etc/systemd/system/wg-quick@.service.d/override.conf
fi
elif [ "${i}" = "unattended-upgrades" ]; then
rm -rf /var/log/unattended-upgrades
rm -rf /etc/apt/apt.conf.d/*periodic
rm -rf /var/log/unattended-upgrades /etc/apt/apt.conf.d/*periodic
rm -rf /etc/apt/apt.conf.d/*unattended-upgrades
elif [ "${i}" = "openvpn" ]; then
if [ -f /etc/apt/sources.list.d/pivpn-openvpn-repo.list ]; then
echo "::: Removing OpenVPN software repo..."
rm -f /etc/apt/sources.list.d/pivpn-openvpn-repo.list
echo "::: Updating package cache..."
${UPDATE_PKG_CACHE} &> /dev/null & spinner $!
fi
deluser openvpn
rm -f /etc/rsyslog.d/30-openvpn.conf
rm -f /etc/logrotate.d/openvpn
rm -f /etc/apt/sources.list.d/pivpn-openvpn-repo.list
echo "::: Updating package cache..."
${UPDATE_PKG_CACHE} &> /dev/null &
spinner $!
fi
deluser openvpn
rm -f /etc/rsyslog.d/30-openvpn.conf /etc/logrotate.d/openvpn
fi
printf ":::\\tRemoving %s..." "$i"; $PKG_MANAGER -y remove --purge "$i" &> /dev/null & spinner $!; printf "done!\\n";
break
;;
[Nn]* ) printf ":::\\tSkipping %s\\n" "$i";
break
;;
* ) printf "::: You must answer yes or no!\\n";;
fi
printf ":::\\tRemoving %s..." "$i"
"${PKG_REMOVE}" "$i" &> /dev/null &
spinner $!
printf "done!\\n";
break
;;
[Nn]* )
printf ":::\\tSkipping %s\\n" "$i";
break
;;
* )
printf "::: You must answer yes or no!\\n"
;;
esac
done
done
# Take care of any additional package cleaning
printf "::: Auto removing remaining dependencies..."
$PKG_MANAGER -y autoremove &> /dev/null & spinner $!; printf "done!\\n";
printf "::: Auto cleaning remaining dependencies..."
$PKG_MANAGER -y autoclean &> /dev/null & spinner $!; printf "done!\\n";
if [ "${PLAT}" != 'Alpine' ]; then
# Take care of any additional package cleaning
printf "::: Auto removing remaining dependencies..."
"${PKG_MANAGER}" -y autoremove &> /dev/null &
spinner $!
printf "done!\\n";
printf "::: Auto cleaning remaining dependencies..."
"${PKG_MANAGER}" -y autoclean &> /dev/null &
spinner $!
printf "done!\\n";
fi
if [ -f "$dnsmasqConfig" ]; then
rm -f "$dnsmasqConfig"
@ -255,7 +301,7 @@ askreboot(){
if [[ ${REPLY} =~ ^[Yy]$ ]]; then
printf "\\nRebooting system...\\n"
sleep 3
shutdown -r now
reboot
fi
}

3
scripts/wireguard/bash-completion
View file

@ -6,8 +6,7 @@ _pivpn()
cur="${COMP_WORDS[COMP_CWORD]}"
dashopts="-a -c -d -l -qr -r -h -u -up -bk -off -on"
opts="add clients debug list qrcode remove help uninstall update backup (temp) off (temp) on"
if [ "${#COMP_WORDS[@]}" -eq 2 ]
then
if [ "${#COMP_WORDS[@]}" -eq 2 ]; then
if [[ ${cur} == -* ]] ; then
COMPREPLY=( "$(compgen -W "${dashopts}" -- "${cur}")" )
else

155
scripts/wireguard/disableCONF.sh
View file

@ -3,119 +3,126 @@
setupVars="/etc/pivpn/wireguard/setupVars.conf"
if [ ! -f "${setupVars}" ]; then
echo "::: Missing setup vars file!"
exit 1
echo "::: Missing setup vars file!"
exit 1
fi
# shellcheck disable=SC1090
source "${setupVars}"
helpFunc(){
echo "::: Disable client conf profiles"
echo ":::"
echo "::: Usage: pivpn <-off|off> [-h|--help] [-v] [<client-1> ... [<client-2>] ...] "
echo ":::"
echo "::: Commands:"
echo "::: [none] Interactive mode"
echo "::: <client> Client"
echo "::: -y,--yes Disable client(s) without confirmation"
echo "::: -v Show disabled clients only"
echo "::: -h,--help Show this help dialog"
echo "::: Disable client conf profiles"
echo ":::"
echo "::: Usage: pivpn <-off|off> [-h|--help] [-v] [<client-1> ... [<client-2>] ...] "
echo ":::"
echo "::: Commands:"
echo "::: [none] Interactive mode"
echo "::: <client> Client"
echo "::: -y,--yes Disable client(s) without confirmation"
echo "::: -v Show disabled clients only"
echo "::: -h,--help Show this help dialog"
}
# Parse input arguments
while test $# -gt 0
do
_key="$1"
case "$_key" in
-h|--help)
helpFunc
exit 0
;;
-y|--yes)
CONFIRM=true
;;
-v)
DISPLAY_DISABLED=true
;;
while test $# -gt 0; do
_key="$1"
case "$_key" in
-h|--help)
helpFunc
exit 0
;;
-y|--yes)
CONFIRM=true
;;
-v)
DISPLAY_DISABLED=true
;;
*)
CLIENTS_TO_CHANGE+=("$1")
;;
esac
shift
CLIENTS_TO_CHANGE+=("$1")
;;
esac
shift
done
cd /etc/wireguard || exit
if [ ! -s configs/clients.txt ]; then
echo "::: There are no clients to change"
exit 1
echo "::: There are no clients to change"
exit 1
fi
if [ "$DISPLAY_DISABLED" ]; then
grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'
exit 1
grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'
exit 1
fi
mapfile -t LIST < <(awk '{print $1}' configs/clients.txt)
if [ "${#CLIENTS_TO_CHANGE[@]}" -eq 0 ]; then
echo -e "::\e[4m Client list \e[0m::"
len=${#LIST[@]}
COUNTER=1
while [ $COUNTER -le "${len}" ]; do
printf "%0${#len}s) %s\r\n" "${COUNTER}" "${LIST[(($COUNTER-1))]}"
((COUNTER++))
done
echo -e "::\e[4m Client list \e[0m::"
len=${#LIST[@]}
COUNTER=1
while [ $COUNTER -le "${len}" ]; do
printf "%0${#len}s) %s\r\n" "${COUNTER}" "${LIST[(($COUNTER-1))]}"
((COUNTER++))
done
read -r -p "Please enter the Index/Name of the Client to be removed from the list above: " CLIENTS_TO_CHANGE
read -r -p "Please enter the Index/Name of the Client to be removed from the list above: " CLIENTS_TO_CHANGE
if [ -z "${CLIENTS_TO_CHANGE}" ]; then
echo "::: You can not leave this blank!"
exit 1
fi
if [ -z "${CLIENTS_TO_CHANGE}" ]; then
echo "::: You can not leave this blank!"
exit 1
fi
fi
CHANGED_COUNT=0
for CLIENT_NAME in "${CLIENTS_TO_CHANGE[@]}"; do
re='^[0-9]+$'
if [[ ${CLIENT_NAME} =~ $re ]] ; then
CLIENT_NAME=${LIST[$((CLIENT_NAME -1))]}
fi
re='^[0-9]+$'
if [[ ${CLIENT_NAME} =~ $re ]] ; then
CLIENT_NAME=${LIST[$((CLIENT_NAME -1))]}
fi
if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then
echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
elif grep -q "#\[disabled\] ### begin ${CLIENT_NAME}" wg0.conf; then
echo -e "::: \e[1m${CLIENT_NAME}\e[0m is already disabled"
else
if [ -n "$CONFIRM" ]; then
REPLY="y"
else
read -r -p "Confirm you want to disable $CLIENT_NAME? [Y/n] "
fi
if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then
echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
elif grep -q "#\[disabled\] ### begin ${CLIENT_NAME}" wg0.conf; then
echo -e "::: \e[1m${CLIENT_NAME}\e[0m is already disabled"
else
if [ -n "$CONFIRM" ]; then
REPLY="y"
else
read -r -p "Confirm you want to disable $CLIENT_NAME? [Y/n] "
fi
if [[ $REPLY =~ ^[Yy]$ ]]; then
if [[ $REPLY =~ ^[Yy]$ ]]; then
# Disable the peer section from the server config
echo "${CLIENT_NAME}"
sed -e "/### begin ${CLIENT_NAME}/,/end ${CLIENT_NAME}/ s/^/#\[disabled\] /" -i wg0.conf
echo "::: Updated server config"
# Disable the peer section from the server config
echo "${CLIENT_NAME}"
sed -e "/### begin ${CLIENT_NAME}/,/end ${CLIENT_NAME}/ s/^/#\[disabled\] /" -i wg0.conf
echo "::: Updated server config"
((CHANGED_COUNT++))
echo "::: Successfully disabled ${CLIENT_NAME}"
((CHANGED_COUNT++))
echo "::: Successfully disabled ${CLIENT_NAME}"
fi
fi
fi
fi
done
# Restart WireGuard only if some clients were actually deleted
if [ "${CHANGED_COUNT}" -gt 0 ]; then
if systemctl reload wg-quick@wg0; then
echo "::: WireGuard reloaded"
else
echo "::: Failed to reload WireGuard"
fi
if [ "${PLAT}" == 'Alpine' ]; then
if rc-service wg-quick restart; then
echo "::: WireGuard reloaded"
else
echo "::: Failed to reload WireGuard"
fi
else
if systemctl reload wg-quick@wg0; then
echo "::: WireGuard reloaded"
else
echo "::: Failed to reload WireGuard"
fi
fi
fi

151
scripts/wireguard/enableCONF.sh
View file

@ -3,115 +3,122 @@
setupVars="/etc/pivpn/wireguard/setupVars.conf"
if [ ! -f "${setupVars}" ]; then
echo "::: Missing setup vars file!"
exit 1
echo "::: Missing setup vars file!"
exit 1
fi
# shellcheck disable=SC1090
source "${setupVars}"
helpFunc(){
echo "::: Enables client conf profiles"
echo ":::"
echo "::: Usage: pivpn <-on|on> [-h|--help] [-v] [<client-1> ... [<client-2>] ...] "
echo ":::"
echo "::: Commands:"
echo "::: [none] Interactive mode"
echo "::: <client> Client"
echo "::: -y,--yes Enable client(s) without confirmation"
echo "::: -v Show disabled clients only"
echo "::: -h,--help Show this help dialog"
echo "::: Enables client conf profiles"
echo ":::"
echo "::: Usage: pivpn <-on|on> [-h|--help] [-v] [<client-1> ... [<client-2>] ...] "
echo ":::"
echo "::: Commands:"
echo "::: [none] Interactive mode"
echo "::: <client> Client"
echo "::: -y,--yes Enable client(s) without confirmation"
echo "::: -v Show disabled clients only"
echo "::: -h,--help Show this help dialog"
}
# Parse input arguments
while test $# -gt 0
do
_key="$1"
case "$_key" in
-h|--help)
helpFunc
exit 0
;;
-y|--yes)
CONFIRM=true
;;
-v)
DISPLAY_DISABLED=true
;;
while test $# -gt 0; do
_key="$1"
case "$_key" in
-h|--help)
helpFunc
exit 0
;;
-y|--yes)
CONFIRM=true
;;
-v)
DISPLAY_DISABLED=true
;;
*)
CLIENTS_TO_CHANGE+=("$1")
;;
esac
shift
CLIENTS_TO_CHANGE+=("$1")
;;
esac
shift
done
cd /etc/wireguard || exit
if [ ! -s configs/clients.txt ]; then
echo "::: There are no clients to change"
exit 1
echo "::: There are no clients to change"
exit 1
fi
if [ "$DISPLAY_DISABLED" ]; then
grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'
exit 1
grep '\[disabled\] ### begin' wg0.conf | sed 's/#//g; s/begin//'
exit 1
fi
mapfile -t LIST < <(awk '{print $1}' configs/clients.txt)
if [ "${#CLIENTS_TO_CHANGE[@]}" -eq 0 ]; then
echo -e "::\e[4m Client list \e[0m::"
len=${#LIST[@]}
COUNTER=1
while [ $COUNTER -le "${len}" ]; do
printf "%0${#len}s) %s\r\n" "${COUNTER}" "${LIST[(($COUNTER-1))]}"
((COUNTER++))
done
echo -e "::\e[4m Client list \e[0m::"
len=${#LIST[@]}
COUNTER=1
while [ $COUNTER -le "${len}" ]; do
printf "%0${#len}s) %s\r\n" "${COUNTER}" "${LIST[(($COUNTER-1))]}"
((COUNTER++))
done
read -r -p "Please enter the Index/Name of the Client to be enabled from the list above: " CLIENTS_TO_CHANGE
read -r -p "Please enter the Index/Name of the Client to be enabled from the list above: " CLIENTS_TO_CHANGE
if [ -z "${CLIENTS_TO_CHANGE}" ]; then
echo "::: You can not leave this blank!"
exit 1
fi
if [ -z "${CLIENTS_TO_CHANGE}" ]; then
echo "::: You can not leave this blank!"
exit 1
fi
fi
CHANGED_COUNT=0
for CLIENT_NAME in "${CLIENTS_TO_CHANGE[@]}"; do
re='^[0-9]+$'
if [[ ${CLIENT_NAME} =~ $re ]] ; then
CLIENT_NAME=${LIST[$((CLIENT_NAME -1))]}
fi
re='^[0-9]+$'
if [[ ${CLIENT_NAME} =~ $re ]] ; then
CLIENT_NAME=${LIST[$((CLIENT_NAME -1))]}
fi
if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then
echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
else
if [ -n "$CONFIRM" ]; then
REPLY="y"
else
read -r -p "Confirm you want to enable $CLIENT_NAME? [Y/n] "
fi
if ! grep -q "^${CLIENT_NAME} " configs/clients.txt; then
echo -e "::: \e[1m${CLIENT_NAME}\e[0m does not exist"
else
if [ -n "$CONFIRM" ]; then
REPLY="y"
else
read -r -p "Confirm you want to enable $CLIENT_NAME? [Y/n] "
fi
if [[ $REPLY =~ ^[Yy]$ ]]; then
if [[ $REPLY =~ ^[Yy]$ ]]; then
# Enable the peer section from the server config
echo "${CLIENT_NAME}"
sed -e "/begin ${CLIENT_NAME}/,/end ${CLIENT_NAME}/ s/#\[disabled\] //" -i wg0.conf
echo "::: Updated server config"
# Enable the peer section from the server config
echo "${CLIENT_NAME}"
sed -e "/begin ${CLIENT_NAME}/,/end ${CLIENT_NAME}/ s/#\[disabled\] //" -i wg0.conf
echo "::: Updated server config"
((CHANGED_COUNT++))
echo "::: Successfully enabled ${CLIENT_NAME}"
((CHANGED_COUNT++))
echo "::: Successfully enabled ${CLIENT_NAME}"
fi
fi
fi
fi
done
# Restart WireGuard only if some clients were actually deleted
if [ "${CHANGED_COUNT}" -gt 0 ]; then
if systemctl reload wg-quick@wg0; then
echo "::: WireGuard reloaded"
else
echo "::: Failed to reload WireGuard"
fi
if [ "${PLAT}" == 'Alpine' ]; then
if rc-service wg-quick restart; then
echo "::: WireGuard reloaded"
else
echo "::: Failed to reload WireGuard"
fi
else
if systemctl reload wg-quick@wg0; then
echo "::: WireGuard reloaded"
else
echo "::: Failed to reload WireGuard"
fi
fi
fi

14
scripts/wireguard/makeCONF.sh
View file

@ -171,10 +171,18 @@ if [ -f /etc/pivpn/hosts.wireguard ]; then
fi
fi
if systemctl reload wg-quick@wg0; then
echo "::: WireGuard reloaded"
if [ "${PLAT}" == 'Alpine' ]; then
if rc-service wg-quick restart; then
echo "::: WireGuard reloaded"
else
echo "::: Failed to reload WireGuard"
fi
else
echo "::: Failed to reload WireGuard"
if systemctl reload wg-quick@wg0; then
echo "::: WireGuard reloaded"
else
echo "::: Failed to reload WireGuard"
fi
fi
cp "configs/${CLIENT_NAME}.conf" "${install_home}/configs/${CLIENT_NAME}.conf"

10
scripts/wireguard/pivpn.sh
View file

@ -1,8 +1,14 @@
#!/bin/bash
CHECK_PKG_INSTALLED='dpkg-query -s'
if grep -qsEe "^NAME\=['\"]?Alpine[a-zA-Z ]*['\"]?$" /etc/os-release; then
CHECK_PKG_INSTALLED='apk --no-cache info -e'
fi
# Must be root to use this tool
if [ $EUID -ne 0 ];then
if dpkg-query -s sudo &> /dev/null; then
if [ $EUID -ne 0 ]; then
if eval "${CHECK_PKG_INSTALLED} sudo" &> /dev/null; then
export SUDO="sudo"
else
echo "::: Please install sudo or run this as root."

5
scripts/wireguard/qrcodeCONF.sh
View file

@ -15,8 +15,7 @@ helpFunc(){
# Parse input arguments
encoding="ansiutf8"
while test $# -gt 0
do
while test $# -gt 0; do
_key="$1"
case "$_key" in
-h|--help)
@ -65,7 +64,7 @@ for CLIENT_NAME in "${CLIENTS_TO_SHOW[@]}"; do
exit 1
elif [[ ${CLIENT_NAME} =~ $re ]] ; then
CLIENT_NAME=${LIST[$((CLIENT_NAME -1))]}
fi
fi
if grep -qw "${CLIENT_NAME}" clients.txt; then
echo -e "::: Showing client \e[1m${CLIENT_NAME}\e[0m below"
echo "====================================================================="

14
scripts/wireguard/removeCONF.sh
View file

@ -144,9 +144,17 @@ done
# Restart WireGuard only if some clients were actually deleted
if [ "${DELETED_COUNT}" -gt 0 ]; then
if systemctl reload wg-quick@wg0; then
echo "::: WireGuard reloaded"
if [ "${PLAT}" == 'Alpine' ]; then
if rc-service wg-quick restart; then
echo "::: WireGuard reloaded"
else
echo "::: Failed to reload WireGuard"
fi
else
echo "::: Failed to reload WireGuard"
if systemctl reload wg-quick@wg0; then
echo "::: WireGuard reloaded"
else
echo "::: Failed to reload WireGuard"
fi
fi
fi