diff --git a/deployer/archipel/Dockerfile b/deployer/archipel/Dockerfile index 2ae83d8..8e2a039 100644 --- a/deployer/archipel/Dockerfile +++ b/deployer/archipel/Dockerfile @@ -64,11 +64,13 @@ WORKDIR /root/ COPY ./deployer/archipel/start-chain.sh /usr/local/bin/ COPY ./deployer/archipel/start-orchestrator.sh /usr/local/bin/ COPY ./deployer/archipel/start-wireguard.sh /usr/local/bin/ +COPY ./deployer/archipel/wg-resolv-dns.sh /usr/local/bin/ COPY ./deployer/archipel/supervisord.conf /etc/supervisord/ RUN chmod +x /usr/local/bin/start-chain.sh RUN chmod +x /usr/local/bin/start-orchestrator.sh RUN chmod +x /usr/local/bin/start-wireguard.sh +RUN chmod +x /usr/local/bin/wg-resolv-dns.sh EXPOSE 51820/udp diff --git a/deployer/archipel/supervisord.conf b/deployer/archipel/supervisord.conf index 7cbc518..47b62ed 100644 --- a/deployer/archipel/supervisord.conf +++ b/deployer/archipel/supervisord.conf @@ -5,7 +5,7 @@ nodaemon=true priority=1 command=bash -c "sleep 5 && start-wireguard.sh" startsecs=10 -startretries=50 +startretries=250 stopwaitsecs=10 autorestart=true redirect_stderr=true @@ -31,3 +31,13 @@ directory=/usr/src/app/ redirect_stderr=true stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 + +[program:wg-resolv-dns] +priority=4 +command = bash -c "while true; do sleep 120 && wg-resolv-dns.sh /etc/wireguard/wg0.conf; done" +startsecs=5 +autostart=true +autorestart=true +redirect_stderr=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 diff --git a/deployer/archipel/wg-resolv-dns.sh b/deployer/archipel/wg-resolv-dns.sh new file mode 100644 index 0000000..4b103df --- /dev/null +++ b/deployer/archipel/wg-resolv-dns.sh @@ -0,0 +1,47 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# +# Copyright (C) 2015-2020 Jason A. Donenfeld . All Rights Reserved. + +set -e +shopt -s nocasematch +shopt -s extglob +export LC_ALL=C + +CONFIG_FILE="$1" +[[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,15}$ ]] && CONFIG_FILE="/etc/wireguard/$CONFIG_FILE.conf" +[[ $CONFIG_FILE =~ /?([a-zA-Z0-9_=+.-]{1,15})\.conf$ ]] +INTERFACE="${BASH_REMATCH[1]}" + +process_peer() { + [[ $PEER_SECTION -ne 1 || -z $PUBLIC_KEY || -z $ENDPOINT ]] && return 0 + [[ $(wg show "$INTERFACE" latest-handshakes) =~ ${PUBLIC_KEY//+/\\+}\ ([0-9]+) ]] || return 0 + (( ($(date +%s) - ${BASH_REMATCH[1]}) > 135 )) || return 0 + echo "[$(date)] - Resolving DNS for [$ENDPOINT] - $PUBLIC_KEY..." + wg set "$INTERFACE" peer "$PUBLIC_KEY" endpoint "$ENDPOINT" + reset_peer_section +} + +reset_peer_section() { + PEER_SECTION=0 + PUBLIC_KEY="" + ENDPOINT="" +} + +reset_peer_section +while read -r line || [[ -n $line ]]; do + stripped="${line%%\#*}" + key="${stripped%%=*}"; key="${key##*([[:space:]])}"; key="${key%%*([[:space:]])}" + value="${stripped#*=}"; value="${value##*([[:space:]])}"; value="${value%%*([[:space:]])}" + #[[ $key == "["* ]] && { process_peer; reset_peer_section; } + [[ $key == "[Peer]" ]] && PEER_SECTION=1 + if [[ $PEER_SECTION -eq 1 ]]; then + case "$key" in + PublicKey) PUBLIC_KEY="$value"; continue ;; + Endpoint) ENDPOINT="$value"; continue ;; + esac + fi + [[ $PEER_SECTION -eq 1 && ! -z $PUBLIC_KEY && ! -z $ENDPOINT ]] && { process_peer; reset_peer_section; } +done < "$CONFIG_FILE" +process_peer +