Skip to content

Commit

Permalink
Add wireguard reresolv dns every 2 mins
Browse files Browse the repository at this point in the history
  • Loading branch information
vladostp committed Nov 19, 2020
1 parent b768c8d commit 87ed6b7
Show file tree
Hide file tree
Showing 3 changed files with 58 additions and 1 deletion.
2 changes: 2 additions & 0 deletions deployer/archipel/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -64,11 +64,13 @@ WORKDIR /root/
COPY ./deployer/archipel/start-chain.sh /usr/local/bin/
COPY ./deployer/archipel/start-orchestrator.sh /usr/local/bin/
COPY ./deployer/archipel/start-wireguard.sh /usr/local/bin/
COPY ./deployer/archipel/wg-resolv-dns.sh /usr/local/bin/
COPY ./deployer/archipel/supervisord.conf /etc/supervisord/

RUN chmod +x /usr/local/bin/start-chain.sh
RUN chmod +x /usr/local/bin/start-orchestrator.sh
RUN chmod +x /usr/local/bin/start-wireguard.sh
RUN chmod +x /usr/local/bin/wg-resolv-dns.sh

EXPOSE 51820/udp

Expand Down
10 changes: 9 additions & 1 deletion deployer/archipel/supervisord.conf
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ nodaemon=true
priority=1
command=bash -c "sleep 5 && start-wireguard.sh"
startsecs=10
startretries=50
startretries=250
stopwaitsecs=10
autorestart=true
redirect_stderr=true
Expand All @@ -31,3 +31,11 @@ directory=/usr/src/app/
redirect_stderr=true
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0

[program:wgresolvdns]
priority=4
command=bash -c "sleep 120 && wg-resolv-dns.sh /etc/wireguard/wg0.conf"
autorestart=true
redirect_stderr=true
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
47 changes: 47 additions & 0 deletions deployer/archipel/wg-resolv-dns.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
#
# Copyright (C) 2015-2020 Jason A. Donenfeld <[email protected]>. All Rights Reserved.

set -e
shopt -s nocasematch
shopt -s extglob
export LC_ALL=C

CONFIG_FILE="$1"
[[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,15}$ ]] && CONFIG_FILE="/etc/wireguard/$CONFIG_FILE.conf"
[[ $CONFIG_FILE =~ /?([a-zA-Z0-9_=+.-]{1,15})\.conf$ ]]
INTERFACE="${BASH_REMATCH[1]}"

process_peer() {
[[ $PEER_SECTION -ne 1 || -z $PUBLIC_KEY || -z $ENDPOINT ]] && return 0
[[ $(wg show "$INTERFACE" latest-handshakes) =~ ${PUBLIC_KEY//+/\\+}\ ([0-9]+) ]] || return 0
(( ($(date +%s) - ${BASH_REMATCH[1]}) > 135 )) || return 0
echo "[$(date)] - Resolving DNS for [$ENDPOINT] - $PUBLIC_KEY..."
wg set "$INTERFACE" peer "$PUBLIC_KEY" endpoint "$ENDPOINT"
reset_peer_section
}

reset_peer_section() {
PEER_SECTION=0
PUBLIC_KEY=""
ENDPOINT=""
}

reset_peer_section
while read -r line || [[ -n $line ]]; do
stripped="${line%%\#*}"
key="${stripped%%=*}"; key="${key##*([[:space:]])}"; key="${key%%*([[:space:]])}"
value="${stripped#*=}"; value="${value##*([[:space:]])}"; value="${value%%*([[:space:]])}"
#[[ $key == "["* ]] && { process_peer; reset_peer_section; }
[[ $key == "[Peer]" ]] && PEER_SECTION=1
if [[ $PEER_SECTION -eq 1 ]]; then
case "$key" in
PublicKey) PUBLIC_KEY="$value"; continue ;;
Endpoint) ENDPOINT="$value"; continue ;;
esac
fi
[[ $PEER_SECTION -eq 1 && ! -z $PUBLIC_KEY && ! -z $ENDPOINT ]] && { process_peer; reset_peer_section; }
done < "$CONFIG_FILE"
process_peer

0 comments on commit 87ed6b7

Please sign in to comment.