2021-01-11 15:14:35 +01:00

40 lines
968 B
Bash
Executable File

#!/bin/sh
set -eux
#
# on-board a new client
# connect it to the registry
#
VM=$1
ADDR=$2
SERVER_KEY=$(vagrant ssh registry -- cat /etc/wireguard/publickey)
vagrant ssh $VM -- sudo bash -s << EOF
wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey
# linux config
cat > /etc/wireguard/wg0.conf << CLIENTEOF
[Interface]
PrivateKey = \$(cat /etc/wireguard/privatekey)
Address = $ADDR/24
SaveConfig = True
ListenPort = 51820
[Peer]
PublicKey = $SERVER_KEY
Endpoint = 192.168.33.10:51820
AllowedIPs = 192.168.100.10/32
CLIENTEOF
chmod 600 /etc/wireguard/{privatekey,wg0.conf}
chmod 644 /etc/wireguard/publickey
chmod 711 /etc/wireguard
EOF
CLIENT_KEY=$(vagrant ssh $VM -- cat /etc/wireguard/publickey)
vagrant ssh registry -- sudo wg set wg0 peer $CLIENT_KEY allowed-ips $ADDR/32
vagrant ssh $VM -- sudo systemctl enable wg-quick@wg0
vagrant ssh $VM -- sudo systemctl restart wg-quick@wg0
vagrant ssh $VM -- ping -c2 192.168.100.10