-
-
Save kpine/affe1dd35258afc93e5308a5b3173552 to your computer and use it in GitHub Desktop.
WireGuard on Vyatta
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -e | |
| # vyatta-wireguard | |
| # | |
| # Usage: `./wireguard.sh [upgrade|uninstall]`. | |
| # | |
| # When called without arguments, the latest version will be fetched and installed. | |
| # | |
| # To automatically install the latest version of WireGuard after Firmware upgrades, | |
| # this script should be placed in `/config/scripts/post-config.d/wireguard.sh`. | |
| # | |
| # Change `BOARD` to match your hardware. See: https://github.com/Lochnair/vyatta-wireguard/releases | |
| BOARD=e300 # ER4 | |
| # Don't touch the lines below | |
| CMD_WRAPPER=/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper | |
| echo "Fetching WireGuard releases..." | |
| releases=$(curl -sSL https://api.github.com/repos/Lochnair/vyatta-wireguard/releases) | |
| is_installed () { | |
| dpkg -s wireguard >/dev/null 2>&1 | |
| } | |
| get_local_version () { | |
| ! is_installed && return | |
| dpkg-query --showformat='${Version}' --show wireguard | |
| } | |
| get_latest_version () { | |
| echo $releases | jq -r --arg version "wireguard-$BOARD" \ | |
| '[.[] | select(.assets | .[].browser_download_url | contains($version))][0] | .tag_name' | |
| } | |
| get_latest_download_url () { | |
| echo $releases | jq -r --arg version "wireguard-$BOARD" \ | |
| '[.[].assets | .[] | select(.browser_download_url | contains($version))][0] | .browser_download_url' | |
| } | |
| install_latest_version () { | |
| curl -L -o "/tmp/wireguard-$BOARD.deb" $(get_latest_download_url) | |
| dpkg -i "/tmp/wireguard-$BOARD.deb" | |
| rm "/tmp/wireguard-$BOARD.deb" | |
| } | |
| uninstall () { | |
| $CMD_WRAPPER begin | |
| $CMD_WRAPPER set interfaces wireguard wg0 route-allowed-ips false | |
| $CMD_WRAPPER commit | |
| $CMD_WRAPPER delete interfaces wireguard | |
| $CMD_WRAPPER commit | |
| sudo rmmod wireguard | |
| sudo dpkg --purge wireguard | |
| } | |
| # uninstall | |
| if [ "$1" = "uninstall" ]; then | |
| ! is_installed && (echo "WireGuard is not installed."; exit 1) | |
| echo "Uninstalling WireGuard..." | |
| uninstall | |
| exit 0 | |
| fi | |
| # upgrade | |
| if [ "$1" = "upgrade" ]; then | |
| latest_version=$(get_latest_version) | |
| local_version=$(get_local_version) | |
| if [[ "$latest_version" = "$local_version" || "${latest_version}-1" = "$local_version" ]]; then | |
| echo "WireGuard is up-to-date. (local: $(get_local_version); remote: $latest_version)" | |
| exit 0 | |
| fi | |
| if ! is_installed; then | |
| echo "WireGuard is not installed yet. Run script without arguments to install." | |
| exit 1 | |
| fi | |
| echo "Upgrading WireGuard from $local_version to $latest_version..." | |
| uninstall | |
| install_latest_version | |
| sudo modprobe wireguard | |
| $CMD_WRAPPER load | |
| $CMD_WRAPPER commit | |
| echo "Upgrade done." | |
| exit 0 | |
| fi | |
| # install | |
| if is_installed; then | |
| echo "WireGuard $(get_local_version) is already installed." | |
| exit 1 | |
| fi | |
| echo "Installing latest WireGuard version..." | |
| install_latest_version | |
| $CMD_WRAPPER begin | |
| $CMD_WRAPPER load | |
| $CMD_WRAPPER commit | |
| $CMD_WRAPPER end | |
| echo "Installation done." | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment