Add .env configuration for easy environment customization
- Create .env.example with all configurable settings: - Server IPs (RU_VDS_IP, DE_VDS_IP) - WireGuard ports (WG_CLIENT_PORT, WG_TUNNEL_PORT) - VPN networks (USER_VPN_NETWORK, TUNNEL_NETWORK) - DNS settings, SSH port, timeouts - Add .gitignore to exclude .env from version control - Update setup-ru-vds.sh to read from .env - Update setup-de-vds.sh to read from .env - Update add-client.sh to use configuration - Setup scripts save config to /etc/wireguard/vpn.conf for runtime use - Update documentation with .env usage instructions This allows easy deployment to test environments by simply changing values in .env before running setup scripts. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
mguschin
@@ -3,6 +3,24 @@ set -e
|
||||
|
||||
# Script to add a new VPN client
|
||||
# Usage: ./add-client.sh <client_name>
|
||||
#
|
||||
# Configuration is loaded from .env file or /etc/wireguard/vpn.conf
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
|
||||
# Try to load from .env in project directory (for development)
|
||||
if [ -f "${SCRIPT_DIR}/../.env" ]; then
|
||||
source "${SCRIPT_DIR}/../.env"
|
||||
# Or from deployed config
|
||||
elif [ -f "/etc/wireguard/vpn.conf" ]; then
|
||||
source "/etc/wireguard/vpn.conf"
|
||||
fi
|
||||
|
||||
# Default values
|
||||
: "${RU_VDS_IP:=176.124.216.197}"
|
||||
: "${WG_CLIENT_PORT:=51820}"
|
||||
: "${USER_VPN_GATEWAY:=10.10.0.1}"
|
||||
: "${WG_KEEPALIVE:=25}"
|
||||
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
echo "ERROR: Please run as root"
|
||||
@@ -29,8 +47,11 @@ fi
|
||||
echo "Adding new VPN client: ${CLIENT_NAME}"
|
||||
echo ""
|
||||
|
||||
# Extract network prefix from gateway IP (e.g., 10.10.0 from 10.10.0.1)
|
||||
NETWORK_PREFIX=$(echo "$USER_VPN_GATEWAY" | sed 's/\.[0-9]*$//')
|
||||
|
||||
# Find next available IP
|
||||
USED_IPS=$(wg show ${WG_INTERFACE} allowed-ips 2>/dev/null | grep -oP '10\.10\.0\.\K[0-9]+' | sort -n)
|
||||
USED_IPS=$(wg show ${WG_INTERFACE} allowed-ips 2>/dev/null | grep -oP "${NETWORK_PREFIX//./\\.}\.\K[0-9]+" | sort -n)
|
||||
NEXT_IP=2
|
||||
for ip in $USED_IPS; do
|
||||
if [ $ip -ge $NEXT_IP ]; then
|
||||
@@ -39,11 +60,11 @@ for ip in $USED_IPS; do
|
||||
done
|
||||
|
||||
if [ $NEXT_IP -gt 254 ]; then
|
||||
echo "ERROR: No available IPs in 10.10.0.0/24 range"
|
||||
echo "ERROR: No available IPs in ${NETWORK_PREFIX}.0/24 range"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
CLIENT_IP="10.10.0.${NEXT_IP}"
|
||||
CLIENT_IP="${NETWORK_PREFIX}.${NEXT_IP}"
|
||||
|
||||
echo "[1/5] Generating client keys..."
|
||||
wg genkey | tee "${KEYS_DIR}/client_${CLIENT_NAME}.key" | wg pubkey > "${KEYS_DIR}/client_${CLIENT_NAME}.pub"
|
||||
@@ -66,13 +87,13 @@ cat > "${CLIENTS_DIR}/${CLIENT_NAME}.conf" << EOF
|
||||
[Interface]
|
||||
PrivateKey = ${CLIENT_PRIVATE_KEY}
|
||||
Address = ${CLIENT_IP}/32
|
||||
DNS = 10.10.0.1
|
||||
DNS = ${USER_VPN_GATEWAY}
|
||||
|
||||
[Peer]
|
||||
PublicKey = ${SERVER_PUBLIC_KEY}
|
||||
Endpoint = 176.124.216.197:51820
|
||||
Endpoint = ${RU_VDS_IP}:${WG_CLIENT_PORT}
|
||||
AllowedIPs = 0.0.0.0/0
|
||||
PersistentKeepalive = 25
|
||||
PersistentKeepalive = ${WG_KEEPALIVE}
|
||||
EOF
|
||||
|
||||
chmod 600 "${CLIENTS_DIR}/${CLIENT_NAME}.conf"
|
||||
|
||||
Reference in New Issue
Block a user