Last active
December 19, 2021 15:17
-
-
Save alessionossa/5c3d839330571559df37643eeccb2a07 to your computer and use it in GitHub Desktop.
Setup a server with https://github.com/jwhited/wgsd
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
apt update -qq | |
wget -q https://github.com/jwhited/wgsd/releases/download/v0.3.1/wgsd_0.3.1_linux_amd64.tar.gz | |
mkdir wgsd | |
tar -xzf wgsd_0.3.1_linux_amd64.tar.gz -C ./wgsd | |
mv wgsd/coredns /usr/bin/ | |
apt install -y wireguard | |
PRIVATE_KEY=$(wg genkey) | |
PUB_KEY=$(echo "$PRIVATE_KEY" | wg pubkey) | |
cat > /etc/wireguard/wg0.conf <<EOF | |
[Interface] | |
PrivateKey = $PRIVATE_KEY | |
ListenPort = 51820 | |
Address = 10.180.0.254/32 | |
# Client 1 | |
[Peer] | |
PublicKey = your_public_key1 | |
AllowedIPs = 10.180.0.3/32 | |
# Client2 | |
[Peer] | |
PublicKey = your_public_key2 | |
AllowedIPs = 10.180.0.4/32 | |
EOF | |
systemctl enable wg-quick@wg0.service | |
useradd coredns -s /sbin/nologin -c 'coredns user' | |
# The following file is hardcoded because of the error reported at https://github.com/coredns/deployment/issues/207 . Ptherwise, the following command could be used | |
# (curl https://raw.githubusercontent.com/coredns/deployment/master/systemd/coredns.service) > /etc/systemd/system/coredns.service | |
cat > /etc/systemd/system/coredns.service <<EOF | |
[Unit] | |
Description=CoreDNS DNS server | |
Documentation=https://coredns.io | |
After=network.target | |
[Service] | |
PermissionsStartOnly=true | |
LimitNOFILE=1048576 | |
LimitNPROC=512 | |
CapabilityBoundingSet=CAP_NET_BIND_SERVICE | |
AmbientCapabilities=CAP_NET_BIND_SERVICE | |
NoNewPrivileges=true | |
User=coredns | |
ExecStart=/usr/bin/coredns -conf=/etc/coredns/Corefile | |
ExecReload=/bin/kill -SIGUSR1 $MAINPID | |
Restart=on-failure | |
[Install] | |
WantedBy=multi-user.target | |
EOF | |
mkdir /etc/coredns/ | |
cat > /etc/coredns/Corefile <<EOF | |
.:5353 { | |
debug | |
# bind 10.180.0.254 | |
wgsd yourdomain.com wg0 | |
} | |
EOF | |
systemctl daemon-reload | |
systemctl enable coredns.service | |
systemctl start coredns.service | |
systemctl --no-pager status coredns.service | |
# /usr/bin/coredns -conf /etc/coredns/Corefile | |
ufw allow OpenSSH | |
ufw allow 51820/udp | |
ufw allow in on wg0 to any | |
ufw --force enable | |
printf "\n\nPubkey:" | |
# echo $PUB_KEY | |
printf "\nAll setup. Reboot..." | |
sleep 2 | |
reboot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment