From 3465faba774b3f7793380604c1bff37d36865b79 Mon Sep 17 00:00:00 2001
From: Simon Weber <siweber@student.ethz.ch>
Date: Wed, 19 May 2021 14:20:03 +0200
Subject: [PATCH 1/6] move DNS to client

---
 stage6-core/02-wireguard/01-run.sh                   | 9 ---------
 stage6-core/02-wireguard/files/full-tunnel/peer.conf | 1 +
 stage6-core/02-wireguard/files/server/wg0.conf       | 1 -
 3 files changed, 1 insertion(+), 10 deletions(-)

diff --git a/stage6-core/02-wireguard/01-run.sh b/stage6-core/02-wireguard/01-run.sh
index 10060c7..2e190c3 100755
--- a/stage6-core/02-wireguard/01-run.sh
+++ b/stage6-core/02-wireguard/01-run.sh
@@ -31,16 +31,7 @@ else
     echo "$server_public_key" > "${DEPLOY_DIR}/${IMG_FILENAME}-server_public.key"
 fi
 
-if [[ -z "$ROUTER_IP" ]]
-then
-    WIREGUARD_DNS="192.168.0.1"
-    log "No Router IP specified, assuming 192.168.0.1"
-else
-    WIREGUARD_DNS="${ROUTER_IP}"
-fi
-
 sed -i "s&server_private_key&${server_private_key}&g" "${ROOTFS_DIR}/etc/wireguard/wg0.conf"
-sed -i "s&replace_with_router_ip&${WIREGUARD_DNS}&g" "${ROOTFS_DIR}/etc/wireguard/wg0.conf"
 sed -i "s&server_ip&${DEVICE_DNS}&g"                 "${ROOTFS_DIR}/etc/wireguard/peer.conf"
 sed -i "s&server_public_key&${server_public_key}&g" "${ROOTFS_DIR}/etc/wireguard/peer.conf"
 ###########################################################################################################
diff --git a/stage6-core/02-wireguard/files/full-tunnel/peer.conf b/stage6-core/02-wireguard/files/full-tunnel/peer.conf
index ed5cec0..b8b05ae 100644
--- a/stage6-core/02-wireguard/files/full-tunnel/peer.conf
+++ b/stage6-core/02-wireguard/files/full-tunnel/peer.conf
@@ -1,6 +1,7 @@
 [Interface]
 Address = 10.243.243.user_id/32
 PrivateKey = client_private_key
+DNS = 10.243.243.1
 
 [Peer]
 PublicKey = server_public_key 
diff --git a/stage6-core/02-wireguard/files/server/wg0.conf b/stage6-core/02-wireguard/files/server/wg0.conf
index be063d5..24ba375 100644
--- a/stage6-core/02-wireguard/files/server/wg0.conf
+++ b/stage6-core/02-wireguard/files/server/wg0.conf
@@ -1,7 +1,6 @@
 [Interface]
 Address = 10.243.243.1/24
 ListenPort = 51820  
-DNS = replace_with_router_ip
 PrivateKey = server_private_key
 
 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-- 
GitLab


From 9e1d641eb0afd90c36f30b36d0fa58e76ddf92b0 Mon Sep 17 00:00:00 2001
From: Simon Weber <siweber@student.ethz.ch>
Date: Wed, 19 May 2021 15:10:29 +0200
Subject: [PATCH 2/6] move server wireguard key generation to first startup

---
 depends                                       |  1 -
 packages                                      |  1 -
 stage6-core/02-wireguard/01-run.sh            | 33 ++++++-------------
 .../02-wireguard/files/server/init-server.sh  |  9 +++++
 .../02-wireguard/files/server/wg-init.service |  9 +++++
 5 files changed, 28 insertions(+), 25 deletions(-)
 create mode 100644 stage6-core/02-wireguard/files/server/init-server.sh
 create mode 100644 stage6-core/02-wireguard/files/server/wg-init.service

diff --git a/depends b/depends
index 015b40d..a827134 100644
--- a/depends
+++ b/depends
@@ -17,5 +17,4 @@ file
 git
 lsmod:kmod
 bc
-wg:wireguard-tools
 unzip
\ No newline at end of file
diff --git a/packages b/packages
index 78336da..6e2a052 100644
--- a/packages
+++ b/packages
@@ -19,7 +19,6 @@ rsync
 udev
 unzip
 vim
-wireguard-tools
 xxd
 xz-utils
 zerofree
diff --git a/stage6-core/02-wireguard/01-run.sh b/stage6-core/02-wireguard/01-run.sh
index 2e190c3..bac5420 100755
--- a/stage6-core/02-wireguard/01-run.sh
+++ b/stage6-core/02-wireguard/01-run.sh
@@ -24,19 +24,23 @@ then
     server_private_key=$(cat "$WG_SERVER_KEY") # the keys are base64 encoded, padded with =
     server_public_key=$(wg pubkey <<< "$server_private_key")
     echo "$server_public_key" > "${DEPLOY_DIR}/${IMG_FILENAME}-server_public.key"
+    sed -i "s&server_private_key&${server_private_key}&g" "${ROOTFS_DIR}/etc/wireguard/wg0.conf"
+    sed -i "s&server_public_key&${server_public_key}&g" "${ROOTFS_DIR}/etc/wireguard/peer.conf"
 else
-    log "Creating server's Wireguard key pair" # The server's private key is generated on the build computer
-    server_private_key=$(wg genkey) # the keys are base64 encoded, padded with =
-    server_public_key=$(wg pubkey <<< "$server_private_key")
-    echo "$server_public_key" > "${DEPLOY_DIR}/${IMG_FILENAME}-server_public.key"
+    log "Will create server's Wireguard key pair on first startup"
+    install -m 644 files/server/wg-init.service "${ROOTFS_DIR}/etc/systemd/system/wg-init.service"
+    install -m 700 -o 0 files/server/init-server.sh "${ROOTFS_DIR}/etc/wireguard/init-server.sh"
+    on_chroot << EOF
+        systemctl enable wg-init
+EOF
 fi
 
-sed -i "s&server_private_key&${server_private_key}&g" "${ROOTFS_DIR}/etc/wireguard/wg0.conf"
 sed -i "s&server_ip&${DEVICE_DNS}&g"                 "${ROOTFS_DIR}/etc/wireguard/peer.conf"
-sed -i "s&server_public_key&${server_public_key}&g" "${ROOTFS_DIR}/etc/wireguard/peer.conf"
+
 ###########################################################################################################
 #                                         Client config                                                   #
 ###########################################################################################################
+user_id="1"
 if test -f "$WG_CLIENTS"
 then
 # Set the needed variables
@@ -44,23 +48,6 @@ then
     user_id=$(grep '\[Peer\]' "$WG_CLIENTS" | wc -l | awk '{ print 1+$1 }')
     # Update the server's conf
     cat "$WG_CLIENTS" >> "${ROOTFS_DIR}/etc/wireguard/wg0.conf"
-else
-    log "Creating new client for Wireguard"
-    # Set the needed variables
-    user_id=$(awk '{ print 1+$1 }' "${ROOTFS_DIR}/etc/wireguard/counter_file")
-    client_private_key=$(wg genkey) # the keys are base64 encoded, padded with =
-    client_public_key=$(wg pubkey <<< "$client_private_key")
-    # Generate the client configuration
-    install -m 600 files/full-tunnel/peer.conf            "${DEPLOY_DIR}/${IMG_FILENAME}-peer.conf"
-    sed -i "s&client_private_key&${client_private_key}&g" "${DEPLOY_DIR}/${IMG_FILENAME}-peer.conf"
-    sed -i "s&server_public_key&${server_public_key}&g"   "${DEPLOY_DIR}/${IMG_FILENAME}-peer.conf"
-    sed -i "s&user_id&${user_id}&g"                       "${DEPLOY_DIR}/${IMG_FILENAME}-peer.conf"
-    sed -i "s&server_ip&${DEVICE_DNS}&g"                   "${DEPLOY_DIR}/${IMG_FILENAME}-peer.conf"
-    # Update the server's conf
-    cat files/full-tunnel/peer-fragment.conf | \
-    sed "s&client_public_key&${client_public_key}&g" | \
-    sed "s&user_id&${user_id}&g" >> "${ROOTFS_DIR}/etc/wireguard/wg0.conf"
 fi
 
 printf "%s" "$user_id" > "${ROOTFS_DIR}/etc/wireguard/counter_file"
-
diff --git a/stage6-core/02-wireguard/files/server/init-server.sh b/stage6-core/02-wireguard/files/server/init-server.sh
new file mode 100644
index 0000000..c865a40
--- /dev/null
+++ b/stage6-core/02-wireguard/files/server/init-server.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+server_private_key=$(wg genkey) # the keys are base64 encoded, padded with =
+server_public_key=$(wg pubkey <<< "$server_private_key"
+
+sed -i "s&server_public_key&${server_public_key}&g" "/etc/wireguard/peer.conf"
+sed -i "s&server_private_key&${server_private_key}&g" "$/etc/wireguard/wg0.conf"
+
+systemctl disable wg-init
\ No newline at end of file
diff --git a/stage6-core/02-wireguard/files/server/wg-init.service b/stage6-core/02-wireguard/files/server/wg-init.service
new file mode 100644
index 0000000..85b6045
--- /dev/null
+++ b/stage6-core/02-wireguard/files/server/wg-init.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Creates Wireguard Keys on First Startup
+
+[Service]
+ExecStart=/etc/wireguard/init-server.sh
+Type=oneshot
+
+[Install]
+WantedBy=multi-user.target
-- 
GitLab


From efed029a4a3ce72788d567ba5ffdfafda9255670 Mon Sep 17 00:00:00 2001
From: Simon Weber <siweber@student.ethz.ch>
Date: Wed, 19 May 2021 16:10:11 +0200
Subject: [PATCH 3/6] missing parenthesis

---
 stage6-core/02-wireguard/files/server/init-server.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stage6-core/02-wireguard/files/server/init-server.sh b/stage6-core/02-wireguard/files/server/init-server.sh
index c865a40..8bf1f02 100644
--- a/stage6-core/02-wireguard/files/server/init-server.sh
+++ b/stage6-core/02-wireguard/files/server/init-server.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 server_private_key=$(wg genkey) # the keys are base64 encoded, padded with =
-server_public_key=$(wg pubkey <<< "$server_private_key"
+server_public_key=$(wg pubkey <<< "$server_private_key")
 
 sed -i "s&server_public_key&${server_public_key}&g" "/etc/wireguard/peer.conf"
 sed -i "s&server_private_key&${server_private_key}&g" "$/etc/wireguard/wg0.conf"
-- 
GitLab


From 03aa544cd779e1a87630c01ca63818fd0d49850e Mon Sep 17 00:00:00 2001
From: Simon Weber <siweber@student.ethz.ch>
Date: Thu, 24 Jun 2021 20:33:35 +0200
Subject: [PATCH 4/6] combating dollar inflation

---
 stage6-core/02-wireguard/files/server/init-server.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stage6-core/02-wireguard/files/server/init-server.sh b/stage6-core/02-wireguard/files/server/init-server.sh
index 8bf1f02..8cf3d74 100644
--- a/stage6-core/02-wireguard/files/server/init-server.sh
+++ b/stage6-core/02-wireguard/files/server/init-server.sh
@@ -4,6 +4,6 @@ server_private_key=$(wg genkey) # the keys are base64 encoded, padded with =
 server_public_key=$(wg pubkey <<< "$server_private_key")
 
 sed -i "s&server_public_key&${server_public_key}&g" "/etc/wireguard/peer.conf"
-sed -i "s&server_private_key&${server_private_key}&g" "$/etc/wireguard/wg0.conf"
+sed -i "s&server_private_key&${server_private_key}&g" "/etc/wireguard/wg0.conf"
 
 systemctl disable wg-init
\ No newline at end of file
-- 
GitLab


From 889c6185fca5134c9961414d1059fc1413230b00 Mon Sep 17 00:00:00 2001
From: Simon Weber <siweber@student.ethz.ch>
Date: Fri, 25 Jun 2021 14:22:57 +0200
Subject: [PATCH 5/6] actually start the interface after creating keys

---
 stage6-core/02-wireguard/files/server/init-server.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/stage6-core/02-wireguard/files/server/init-server.sh b/stage6-core/02-wireguard/files/server/init-server.sh
index 8cf3d74..6ba340c 100644
--- a/stage6-core/02-wireguard/files/server/init-server.sh
+++ b/stage6-core/02-wireguard/files/server/init-server.sh
@@ -6,4 +6,6 @@ server_public_key=$(wg pubkey <<< "$server_private_key")
 sed -i "s&server_public_key&${server_public_key}&g" "/etc/wireguard/peer.conf"
 sed -i "s&server_private_key&${server_private_key}&g" "/etc/wireguard/wg0.conf"
 
+wg-quick up wg0
+
 systemctl disable wg-init
\ No newline at end of file
-- 
GitLab


From 808dd0441d13c853fe2aa13dce76facdf0d9292f Mon Sep 17 00:00:00 2001
From: Jean Kaufmann <jeank@student.ethz.ch>
Date: Sun, 14 Nov 2021 17:45:20 +0100
Subject: [PATCH 6/6] Always start WG

---
 stage6-core/02-wireguard/01-run.sh | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/stage6-core/02-wireguard/01-run.sh b/stage6-core/02-wireguard/01-run.sh
index bac5420..36fa92c 100755
--- a/stage6-core/02-wireguard/01-run.sh
+++ b/stage6-core/02-wireguard/01-run.sh
@@ -28,13 +28,12 @@ then
     sed -i "s&server_public_key&${server_public_key}&g" "${ROOTFS_DIR}/etc/wireguard/peer.conf"
 else
     log "Will create server's Wireguard key pair on first startup"
-    install -m 644 files/server/wg-init.service "${ROOTFS_DIR}/etc/systemd/system/wg-init.service"
-    install -m 700 -o 0 files/server/init-server.sh "${ROOTFS_DIR}/etc/wireguard/init-server.sh"
-    on_chroot << EOF
-        systemctl enable wg-init
-EOF
 fi
-
+install -m 644 files/server/wg-init.service "${ROOTFS_DIR}/etc/systemd/system/wg-init.service"
+install -m 700 -o 0 files/server/init-server.sh "${ROOTFS_DIR}/etc/wireguard/init-server.sh"
+on_chroot << EOF
+    systemctl enable wg-init
+EOF
 sed -i "s&server_ip&${DEVICE_DNS}&g"                 "${ROOTFS_DIR}/etc/wireguard/peer.conf"
 
 ###########################################################################################################
-- 
GitLab