contrib: add reresolve-dns
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
parent
2207025c2f
commit
225882ccc4
2 changed files with 48 additions and 0 deletions
9
contrib/reresolve-dns/README
Normal file
9
contrib/reresolve-dns/README
Normal file
|
@ -0,0 +1,9 @@
|
|||
reresolve-dns
|
||||
=============
|
||||
|
||||
Run this script from cron every thirty seconds or so, and it will ensure
|
||||
that if, when using a dynamic DNS service, the DNS entry for a hosts
|
||||
changes, the kernel will get the update to the DNS entry.
|
||||
|
||||
This works by parsing configuration files, and simply running:
|
||||
$ wg set wg0 peer ... endpoint ...
|
39
contrib/reresolve-dns/reresolve-dns.sh
Executable file
39
contrib/reresolve-dns/reresolve-dns.sh
Executable file
|
@ -0,0 +1,39 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
shopt -s nocasematch
|
||||
shopt -s extglob
|
||||
export LC_ALL=C
|
||||
|
||||
CONFIG_FILE="$1"
|
||||
[[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,16}$ ]] && CONFIG_FILE="/etc/wireguard/$CONFIG_FILE.conf"
|
||||
[[ $CONFIG_FILE =~ /?([a-zA-Z0-9_=+.-]{1,16})\.conf$ ]]
|
||||
INTERFACE="${BASH_REMATCH[1]}"
|
||||
|
||||
process_peer() {
|
||||
[[ $PEER_SECTION -ne 1 || -z $PUBLIC_KEY || -z $ENDPOINT ]] && return 0
|
||||
[[ $(wg show "$INTERFACE" latest-handshakes) =~ ^${PUBLIC_KEY//+/\\+}\ ([0-9]+)$ ]] || return 0
|
||||
(( ($(date +%s) - ${BASH_REMATCH[1]}) > 135 )) || return 0
|
||||
wg set "$INTERFACE" peer "$PUBLIC_KEY" endpoint "$ENDPOINT"
|
||||
reset_peer_section
|
||||
}
|
||||
|
||||
reset_peer_section() {
|
||||
PEER_SECTION=0
|
||||
PUBLIC_KEY=""
|
||||
ENDPOINT=""
|
||||
}
|
||||
|
||||
reset_peer_section
|
||||
while read -r line || [[ -n $line ]]; do
|
||||
key="${line%%=*}"; key="${key##*( )}"; key="${key%%*( )}"
|
||||
value="${line#*=}"; value="${value##*( )}"; value="${value%%*( )}"
|
||||
[[ $key == "["* ]] && { process_peer; reset_peer_section; }
|
||||
[[ $key == "[Peer]" ]] && PEER_SECTION=1
|
||||
if [[ $PEER_SECTION -eq 1 ]]; then
|
||||
case "$key" in
|
||||
PublicKey) PUBLIC_KEY="$value"; continue ;;
|
||||
Endpoint) ENDPOINT="$value"; continue ;;
|
||||
esac
|
||||
fi
|
||||
done < "$CONFIG_FILE"
|
||||
process_peer
|
Loading…
Reference in a new issue