move wg-backbone script to separately directory

salt/freifunk/base/wireguard/backbone.sls

@@ -4,9 +4,9 @@
 {# install only than Kernel Package available #}
 {% if kernel_pkg_check == '1' %}
 
-/etc/wireguard/wg-backbone.sh:
+/etc/wireguard-backbone/wg-backbone.sh:
   file.managed:
-    - source: salt://wireguard/etc/wireguard/wg-backbone.sh
+    - source: salt://wireguard/etc/wireguard-backbone/wg-backbone.sh
     - user: root
     - group: root
     - mode: 755
@@ -15,9 +15,9 @@
 
 /usr/local/bin/wg-backbone.sh:
   file.symlink:
-    - target: /etc/wireguard/wg-backbone.sh
+    - target: /etc/wireguard-backbone/wg-backbone.sh
     - force: True
     - require:
-      - file: /etc/wireguard/wg-backbone.sh
+      - file: /etc/wireguard-backbone/wg-backbone.sh
 
 {% endif %}

salt/freifunk/base/wireguard/etc/wireguard/wg-backbone.sh → salt/freifunk/base/wireguard/etc/wireguard-backbone/wg-backbone.sh

-#!/bin/bash
+#!/usr/bin/env bash
 
-VERSION="uci V1.0"
+VERSION='uci V1.0'
 
-wg_ifname=tbb_wg
-port=5003
-peers_dir="/etc/wireguard-backbone/peers"
+wg_ifname='tbb_wg'
+port='5003'
+peers_dir='/etc/wireguard-backbone/peers'
 
 if [ -z "$(which uci)" ]; then
-	echo "Error: command 'uci' not found"
+	printf "Error: command 'uci' not found\n"
 	exit 1
 fi
 
 
-local_node=$(uci get ffdd.sys.ddmesh_node)
+local_node="$(uci get ffdd.sys.ddmesh_node)"
 eval $(ddmesh-ipcalc.sh -n $local_node)
 
-echo "DEVEL: manuall calculation of _ddmesh_wireguard_ip"
-local_wireguard_ip=${_ddmesh_ip/10\.200\./10.203.}
+printf 'DEVEL: manuall calculation of _ddmesh_wireguard_ip\n'
+local_wireguard_ip="${_ddmesh_ip/10\.200\./10.203.}"
 local_wgX_ip="$_ddmesh_nonprimary_ip/$_ddmesh_netpre"
 
 start_wg()
@@ -28,43 +28,43 @@ start_wg()
 	fi
 
 	# create key
-	secret=$(uci -q get ffdd.wireguard.secret)
+	secret="$(uci -q get ffdd.wireguard.secret)"
 	if [ -z "$secret" ]; then
-		echo "create wireguard key"
-		secret=$(wg genkey)
+		printf 'create wireguard key\n'
+		secret="$(wg genkey)"
 		uci -q set ffdd.wireguard.secret="$secret"
 	fi
 
 	# store public
-	public=$(echo $secret | wg pubkey)
+	public=$(echo "$secret" | wg pubkey)
 	uci -q set ffdd.wireguard.public="$public"
 
 	# save config
 	uci commit
 
-	secret_file=$(tempfile)
-	echo $secret > $secret_file
+	secret_file="$(tempfile)"
+	echo "$secret" > "$secret_file"
 
 	# create interface
-	echo "create wireguard interface [$wg_ifname]"
-
-echo	ip link add $wg_ifname type wireguard
-	ip link add $wg_ifname type wireguard
-echo	ip addr add "$local_wireguard_ip/32" dev $wg_ifname
-	ip addr add "$local_wireguard_ip/32" dev $wg_ifname
-echo	wg set $wg_ifname private-key $secret_file
-	wg set $wg_ifname private-key $secret_file
-echo	wg set $wg_ifname listen-port $port
-	wg set $wg_ifname listen-port $port
-echo	ip link set $wg_ifname up
-	ip link set $wg_ifname up
-	rm $secret_file
+	printf 'create wireguard interface [%s]\n' "$wg_ifname"
+
+echo	ip link add "$wg_ifname" type wireguard
+	ip link add "$wg_ifname" type wireguard
+echo	ip addr add "$local_wireguard_ip/32" dev "$wg_ifname"
+	ip addr add "$local_wireguard_ip/32" dev "$wg_ifname"
+echo	wg set "$wg_ifname" private-key "$secret_file"
+	wg set "$wg_ifname" private-key "$secret_file"
+echo	wg set "$wg_ifname" listen-port "$port"
+	wg set "$wg_ifname" listen-port "$port"
+echo	ip link set "$wg_ifname" up
+	ip link set "$wg_ifname" up
+	rm "$secret_file"
 
 	ip rule add to 10.203.0.0/16 table main prio 304
-	ip route add 10.203.0.0/16 dev tbb_wg src $local_wireguard_ip
+	ip route add 10.203.0.0/16 dev tbb_wg src "$local_wireguard_ip"
 	WAN_DEV="$(uci get ffdd.sys.ifname)"
-	iptables -w -D INPUT -i $WAN_DEV -p udp --dport $port -j ACCEPT
-	iptables -w -I INPUT -i $WAN_DEV -p udp --dport $port -j ACCEPT
+	iptables -w -D INPUT -i "$WAN_DEV" -p udp --dport "$port" -j ACCEPT
+	iptables -w -I INPUT -i "$WAN_DEV" -p udp --dport "$port" -j ACCEPT
 	iptables -w -D INPUT -i tbb_wg+ -j ACCEPT
 	iptables -w -I INPUT -i tbb_wg+ -j ACCEPT
 }
@@ -72,13 +72,13 @@ echo	ip link set $wg_ifname up
 
 stop_wg()
 {
-	LS=$(which ls)
+	LS="$(which ls)"
 	IFS='
 '
 	for i in $($LS -1d  /sys/class/net/$wg_ifname* 2>/dev/null | sed 's#.*/##')
 	do
-		[ "$i" != "$wg_ifname" ] && bmxd -c dev=-$i
-		ip link del $i 2>/dev/null
+		[ "$i" != "$wg_ifname" ] && bmxd -c dev=-"$i"
+		ip link del "$i" 2>/dev/null
 	done
 	unset IFS
 
@@ -87,38 +87,37 @@ stop_wg()
 
 accept_peer()
 {
-	node=$1
-	key=$2
-	store=$3	# if 1 it will write config
+	node="$1"
+	key="$2"
+	store="$3"	# if 1 it will write config
 
 
 	eval $(ddmesh-ipcalc.sh -n $node)
 	echo "DEVEL: manuall calculation of _ddmesh_wireguard_ip"
-	remote_wireguard_ip=${_ddmesh_ip/10\.200\./10.203.}
+	remote_wireguard_ip="${_ddmesh_ip/10\.200\./10.203.}"
 
-	wg set $wg_ifname  peer $key persistent-keepalive 25 allowed-ips $remote_wireguard_ip/32
+	wg set "$wg_ifname" peer "$key" persistent-keepalive 25 allowed-ips "$remote_wireguard_ip"/32
 
 	# add ipip tunnel
 	sub_ifname="$wg_ifname$node"
-	#ip link add $sub_ifname type ipip remote $remote_wireguard_ip local $local_wireguard_ip
-	ip link add $sub_ifname type ipip remote $remote_wireguard_ip local $local_wireguard_ip
-	ip addr add $local_wgX_ip broadcast $_ddmesh_broadcast dev $sub_ifname
-	ip link set $sub_ifname up
+	ip link add "$sub_ifname" type ipip remote "$remote_wireguard_ip" local "$local_wireguard_ip"
+	ip addr add "$local_wgX_ip" broadcast "$_ddmesh_broadcast" dev "$sub_ifname"
+	ip link set "$sub_ifname" up
 
-	bmxd -c dev=$sub_ifname /linklayer 1
+	bmxd -c dev="$sub_ifname" /linklayer 1
 
 	if [ "$store" = "1" ]; then
-		echo "node $node" > $peers_dir/accept_$node
-		echo "key $key" >> $peers_dir/accept_$node
+		echo "node $node" > "$peers_dir"/accept_$node
+		echo "key $key" >> "$peers_dir"/accept_$node
 	fi
 }
 
 remove_peer()
 {
-	node=$1
-	key=$2
+	node="$1"
+	key="$2"
 	wg set tbb_wg peer "$key" remove
-	rm "$peers_dir/accept_$node"
+	rm "$peers_dir"/accept_"$node"
 }
 
 load_accept_peers()
@@ -126,13 +125,13 @@ load_accept_peers()
 	for peer in $(ls $peers_dir/accept_* 2>/dev/null)
 	do
 		eval "$(awk '/^node/{printf("node=%s\n",$2)} /^key/{printf("key=%s\n",$2)}' $peer)"
-		accept_peer $node $key 0
+		accept_peer "$node" "$key" 0
 	done
 }
 
 case $1 in
 	start)
-		mkdir -p $peers_dir
+		test ! -d "$peers_dir" && mkdir -p "$peers_dir"
 		start_wg
 		load_accept_peers
 		;;
@@ -146,25 +145,25 @@ case $1 in
 		;;
 
 	accept)
-		node=$2
-		key=$3
+		node="$2"
+		key="$3"
 		if [ -z "$3" ]; then
-			echo "missing parameters"
+			printf 'missing parameters\n'
 			exit 1
 		fi
 		# check if we have already accepted for this node
 		# It prevents accidential overwriting working configs
 		if [ -f "$peers_dir/accept_$node" ]; then
-			echo "Error: node already accepted"
+			printf 'Error: node already accepted\n'
 			exit 1
 		fi
-		accept_peer $node $key 1
+		accept_peer "$node" "$key" 1
 		;;
 
 	delete)
 		node=$2
 		if [ -z "$2" ]; then
-			echo "missing parameters"
+			printf 'missing parameters\n'
 			exit 1
 		fi
 
@@ -173,19 +172,18 @@ case $1 in
 		read -s -p "delete $node [y/N]: " -n 1 -a input && echo ${input[0]}
 		if [ "${input[0]}" = "y" ]; then
 			remove_peer $node $key
-			echo "peer $node deleted"
+			printf 'peer %s deleted\n' "$node"
 		else
-			echo "keep peer $node"
+			printf 'keep peer %s\n' "$node"
 		fi
 		;;
 
 	status)
-		wg show $wg_ifname
+		wg show "$wg_ifname"
 		;;
 
 	*)
-		echo "$(basename $0) Version $VERSION"
-		echo "$(basename $0) [start | stop | reload | status | accept <node> <pubkey> | delete <node> ]"
-		echo ""
+		printf '%s Version %s\n' "$(basename $0)" "$VERSION"
+		printf '%s [start | stop | reload | status | accept <node> <pubkey> | delete <node> ]\n\n' "$(basename $0)"
 		;;
 esac