vaultsovereign/vm-skills
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eac77ef7b4b5a87f0a35a1181dacb4013b09b996
vm-skills/hetzner-bootstrap/scripts/21_wireguard_apply.sh
Vault Sovereign eac77ef7b4 Initial commit: VaultMesh Skills collection 
Collection of operational skills for VaultMesh infrastructure including:
- backup-sovereign: Backup and recovery operations
- btc-anchor: Bitcoin anchoring
- cloudflare-tunnel-manager: Cloudflare tunnel management
- container-registry: Container registry operations
- disaster-recovery: Disaster recovery procedures
- dns-sovereign: DNS management
- eth-anchor: Ethereum anchoring
- gitea-bootstrap: Gitea setup and configuration
- hetzner-bootstrap: Hetzner server provisioning
- merkle-forest: Merkle tree operations
- node-hardening: Node security hardening
- operator-bootstrap: Operator initialization
- proof-verifier: Cryptographic proof verification
- rfc3161-anchor: RFC3161 timestamping
- secrets-vault: Secrets management

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-27 00:25:00 +00:00

52 lines
1.3 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
SKILL_ROOT="$(dirname "$SCRIPT_DIR")"
source "$SCRIPT_DIR/_common.sh"
: "${WG_PORT:=51820}"
: "${WG_CIDR:=10.200.0.1/24}"
: "${OUTPUT_DIR:=$SKILL_ROOT/outputs}"
: "${BACKUP_DIR:=$OUTPUT_DIR/backups}"
main() {
require_root
confirm_gate
need wg
mkdir -p "$OUTPUT_DIR" "$BACKUP_DIR"
mkdir -p /etc/wireguard
backup_file "/etc/wireguard/wg0.conf" "$BACKUP_DIR"
if [[ ! -f /etc/wireguard/privatekey ]]; then
log_info "Generating WireGuard keys..."
wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
chown root:root /etc/wireguard/privatekey /etc/wireguard/publickey
chmod 600 /etc/wireguard/privatekey
chmod 644 /etc/wireguard/publickey || true
else
log_warn "WireGuard privatekey exists; not overwriting."
fi
privkey="$(cat /etc/wireguard/privatekey)"
cat > /etc/wireguard/wg0.conf <<EOF
[Interface]
Address = $WG_CIDR
ListenPort = $WG_PORT
PrivateKey = $privkey
# Add peers below. Never commit private keys to git.
# [Peer]
# PublicKey = <peer-public-key>
# AllowedIPs = 10.200.0.2/32
EOF
chmod 600 /etc/wireguard/wg0.conf
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0
log_info "WireGuard started. Public key:"
cat /etc/wireguard/publickey | tee "$OUTPUT_DIR/wireguard_publickey.txt"
}
main "$@"
Reference in New Issue View Git Blame Copy Permalink