-
-
Notifications
You must be signed in to change notification settings - Fork 504
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
+ DietPi-Software | WireGuard: Assure WireGuard server starts after DietPi-Boot: #3175
- Loading branch information
Showing
1 changed file
with
30 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -9482,7 +9482,7 @@ _EOF_ | |
| # Server choice | ||
| if [[ $G_WHIP_RETURNED_VALUE == 'Server' ]]; then | ||
|
|
||
| # - Public IP/domain and desired WireGuard server port | ||
| # Public IP/domain and desired WireGuard server port | ||
| local invalid_text='' | ||
| local domain=$(hostname -f) | ||
| while : | ||
|
|
@@ -9523,19 +9523,19 @@ NB: This port needs to be forwarded by your router and/or opened in your firewal | |
|
|
||
| done | ||
|
|
||
| # - Create everything inside WireGuard config dir | ||
| # Create everything inside WireGuard config dir | ||
| cd /etc/wireguard | ||
|
|
||
| # - For securiy reasons set umask to 077 | ||
| # For security reasons set umask to 077 | ||
| umask 077 | ||
|
|
||
| # - Create server and client keys | ||
| # Create server and client keys | ||
| [[ -f 'server_private.key' ]] || wg genkey > server_private.key | ||
| [[ -f 'server_public.key' ]] || wg pubkey < server_private.key > server_public.key | ||
| [[ -f 'client_private.key' ]] || wg genkey > client_private.key | ||
| [[ -f 'client_public.key' ]] || wg pubkey < client_private.key > client_public.key | ||
|
|
||
| # - Server config | ||
| # Server config | ||
| [[ -f 'wg0.conf' ]] || cat << _EOF_ > wg0.conf | ||
| [Interface] | ||
| Address = 10.9.0.1/24 | ||
|
|
@@ -9561,16 +9561,16 @@ AllowedIPs = 10.9.0.2/32 | |
| #AllowedIPs = 10.9.0.3/32 | ||
| _EOF_ | ||
|
|
||
| # - Server local network IP | ||
| # Server local network IP | ||
| local server_ip=$(sed -n 4p /DietPi/dietpi/.network) | ||
|
|
||
| # - Server DNS nameserver | ||
| # Server DNS nameserver | ||
| local server_dns=$(mawk '/nameserver/ {print $2;exit}' /etc/resolv.conf) | ||
| # Replace "127.0.0.1"/"localhost" loopback entries by server wg0 IP: https://github.com/MichaIng/DietPi/issues/2482 | ||
| # - Replace "127.0.0.1"/"localhost" loopback entries by server wg0 IP: https://github.com/MichaIng/DietPi/issues/2482 | ||
| server_dns=${server_dns//127.0.0.1/10.9.0.1} | ||
| server_dns=${server_dns//localhost/10.9.0.1} | ||
|
|
||
| # - Client config | ||
| # Client config | ||
| [[ -f 'wg0-client.conf' ]] || cat << _EOF_ > wg0-client.conf | ||
| [Interface] | ||
| Address = 10.9.0.2/24 | ||
|
|
@@ -9598,18 +9598,21 @@ Endpoint = $domain:$port | |
| # Uncomment the following, if you're behind a NAT and want the connection to be kept alive. | ||
| #PersistentKeepalive = 25 | ||
| _EOF_ | ||
|
|
||
| # - Start WireGuard interface via systemd unit | ||
| (( $module_active )) && systemctl start wg-quick@wg0 | ||
| # persistent | ||
| systemctl enable wg-quick@wg0 | ||
|
|
||
| # - Set umask back to default 022 | ||
| # Set umask back to default 022 | ||
| umask 022 | ||
|
|
||
| # - Navigate back to DietPi-Software working dir | ||
| # Navigate back to DietPi-Software working dir | ||
| cd /tmp/$G_PROGRAM_NAME | ||
|
|
||
| # Use [email protected] to start VPN on boot | ||
| # - Assure DietPi-Boot has finished first: https://github.com/MichaIng/DietPi/issues/3175#issuecomment-544607657 | ||
| mkdir -p /etc/systemd/system/[email protected] | ||
| echo -e '[Unit]\nAfter=dietpi-boot.service' > /etc/systemd/system/[email protected]/dietpi.conf | ||
| systemctl daemon-reload | ||
| systemctl enable wg-quick@wg0 | ||
| # - Start now if module is active already | ||
| (( $module_active )) && systemctl start wg-quick@wg0 | ||
|
|
||
| # Client choice | ||
| elif [[ $G_WHIP_RETURNED_VALUE == 'Client' ]]; then | ||
|
|
||
|
|
@@ -13401,6 +13404,7 @@ _EOF_ | |
| Banner_Uninstalling | ||
| G_AGP wireguard* | ||
| [[ -d '/etc/wireguard' ]] && rm -R /etc/wireguard | ||
| [[ -d '/etc/systemd/system/[email protected]' ]] && rm -R /etc/systemd/system/[email protected] | ||
| [[ -f '/etc/apt/sources.list.d/dietpi-wireguard.list' ]] && rm /etc/apt/sources.list.d/dietpi-wireguard.list | ||
| [[ -f '/etc/apt/preferences.d/dietpi-wireguard' ]] && rm /etc/apt/preferences.d/dietpi-wireguard | ||
|
|
||
|
|
@@ -13410,8 +13414,15 @@ _EOF_ | |
| if (( ${aSOFTWARE_INSTALL_STATE[$software_id]} == -1 )); then | ||
|
|
||
| Banner_Uninstalling | ||
| rm -R /etc/openvpn/ovpn_tcp/*nordvpn* /etc/openvpn/ovpn_udp/*nordvpn* | ||
| rm -R /var/lib/dietpi/dietpi-software/installed/dietpi-nordvpn /lib/systemd/system/dietpi-nordvpn.service &> /dev/null | ||
| if [[ -f '/etc/systemd/system/dietpi-nordvpn.service' ]]; then | ||
|
|
||
| systemctl disable --now dietpi-nordvpn | ||
| rm /etc/systemd/system/dietpi-nordvpn.service | ||
|
|
||
| fi | ||
| rm -Rf /etc/openvpn/ovpn_{tcp,udp}/*nordvpn* | ||
| rmdir --ignore-fail-on-non-empty /etc/openvpn/ovpn_{tcp,udp} | ||
| [[ -d '/var/lib/dietpi/dietpi-software/installed/dietpi-nordvpn' ]] && rm -R /var/lib/dietpi/dietpi-software/installed/dietpi-nordvpn | ||
|
|
||
| fi | ||
|
|
||
|
|
||