wg-ns: wireguard network namespace setup helper

wg-ns

% cat bin/wg-ns
#!/bin/bash
set -exuo pipefail

name="${1?must provide name as argument}"
netns="${name}"
wg_conf="/etc/wireguard/wg.conf"
ipv4="$(grep Address "${wg_conf}" | grep -Po '([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\/32)')"
dnsaddr="$(grep DNS "${wg_conf}" | grep -Po '([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\/32)')"

ip netns add "${netns}"

# setup wireguard on main link
ip link add "${netns}" type wireguard
ip link set "${netns}" netns "${netns}"
ip netns exec "${netns}" ip addr add "${ipv4}" dev "${netns}"
ip netns exec "${netns}" wg setconf "${netns}" "${wg_conf}"
ip netns exec "${netns}" ip link set "lo" up
ip netns exec "${netns}" ip link set "${netns}" up
ip netns exec "${netns}" ip route add default dev "${netns}"

# setup veth to communicate with host
ip link add "${netns}-host" type veth peer name "${netns}-ns"
ip link set "${netns}-ns" netns "${netns}"
ip addr add 10.127.0.1 peer 10.127.0.2 dev "${netns}-host"
ip netns exec "${netns}" ip addr add 10.127.0.2 peer 10.127.0.1 dev "${netns}-ns"
ip link set "${netns}-host" up
ip netns exec "${netns}" ip link set "${netns}-ns" up

# configure nameserver for namespace
tee "/etc/netns/${netns}/resolv.conf" <<< "nameserver ${dnsaddr}"

wg.conf

[Interface]
PrivateKey = xxxxx
# Address = x.x.x.x/32
# DNS = x.x.x.x

[Peer]
AllowedIPs = 0.0.0.0/0,::0/0
Endpoint = x.x.x.x:xxxx
PublicKey = xxxxx