From 244180d01402d63feba1875b67f3f9db79c6ea08 Mon Sep 17 00:00:00 2001 From: Matthew Tran Date: Tue, 5 Sep 2023 11:42:09 +0000 Subject: [PATCH] WIP wireguard helper script --- .gitignore | 4 + README.md | 23 +++- Dockerfile => website/Dockerfile | 0 {nginx => website}/matthewtran.com/html/bg.js | 0 .../matthewtran.com/html/fade.js | 0 .../matthewtran.com/html/imgs/bg0.jpg | Bin .../matthewtran.com/html/imgs/bg1.jpg | Bin .../matthewtran.com/html/imgs/bg10.jpg | Bin .../matthewtran.com/html/imgs/bg11.jpg | Bin .../matthewtran.com/html/imgs/bg12.jpg | Bin .../matthewtran.com/html/imgs/bg13.jpg | Bin .../matthewtran.com/html/imgs/bg2.jpg | Bin .../matthewtran.com/html/imgs/bg3.jpg | Bin .../matthewtran.com/html/imgs/bg4.jpg | Bin .../matthewtran.com/html/imgs/bg5.jpg | Bin .../matthewtran.com/html/imgs/bg6.jpg | Bin .../matthewtran.com/html/imgs/bg7.jpg | Bin .../matthewtran.com/html/imgs/bg8.jpg | Bin .../matthewtran.com/html/imgs/bg9.jpg | Bin .../imgs/favicons/android-chrome-192x192.png | Bin .../imgs/favicons/android-chrome-512x512.png | Bin .../html/imgs/favicons/apple-touch-icon.png | Bin .../html/imgs/favicons/browserconfig.xml | 0 .../html/imgs/favicons/favicon-16x16.png | Bin .../html/imgs/favicons/favicon-32x32.png | Bin .../html/imgs/favicons/favicon.ico | Bin .../html/imgs/favicons/mstile-150x150.png | Bin .../html/imgs/favicons/safari-pinned-tab.svg | 0 .../html/imgs/favicons/site.webmanifest | 0 .../matthewtran.com/html/imgs/social.jpg | Bin .../matthewtran.com/html/index.html | 0 .../matthewtran.com/html/sitemap.xml | 0 .../matthewtran.com/html/style.css | 0 wireguard/setup | 127 ++++++++++++++++++ 34 files changed, 153 insertions(+), 1 deletion(-) rename Dockerfile => website/Dockerfile (100%) rename {nginx => website}/matthewtran.com/html/bg.js (100%) rename {nginx => website}/matthewtran.com/html/fade.js (100%) rename {nginx => website}/matthewtran.com/html/imgs/bg0.jpg (100%) rename {nginx => website}/matthewtran.com/html/imgs/bg1.jpg (100%) rename {nginx => website}/matthewtran.com/html/imgs/bg10.jpg (100%) rename {nginx => website}/matthewtran.com/html/imgs/bg11.jpg (100%) rename {nginx => website}/matthewtran.com/html/imgs/bg12.jpg (100%) rename {nginx => website}/matthewtran.com/html/imgs/bg13.jpg (100%) rename {nginx => website}/matthewtran.com/html/imgs/bg2.jpg (100%) rename {nginx => website}/matthewtran.com/html/imgs/bg3.jpg (100%) rename {nginx => website}/matthewtran.com/html/imgs/bg4.jpg (100%) rename {nginx => website}/matthewtran.com/html/imgs/bg5.jpg (100%) rename {nginx => website}/matthewtran.com/html/imgs/bg6.jpg (100%) rename {nginx => website}/matthewtran.com/html/imgs/bg7.jpg (100%) rename {nginx => website}/matthewtran.com/html/imgs/bg8.jpg (100%) rename {nginx => website}/matthewtran.com/html/imgs/bg9.jpg (100%) rename {nginx => website}/matthewtran.com/html/imgs/favicons/android-chrome-192x192.png (100%) rename {nginx => website}/matthewtran.com/html/imgs/favicons/android-chrome-512x512.png (100%) rename {nginx => website}/matthewtran.com/html/imgs/favicons/apple-touch-icon.png (100%) rename {nginx => website}/matthewtran.com/html/imgs/favicons/browserconfig.xml (100%) rename {nginx => website}/matthewtran.com/html/imgs/favicons/favicon-16x16.png (100%) rename {nginx => website}/matthewtran.com/html/imgs/favicons/favicon-32x32.png (100%) rename {nginx => website}/matthewtran.com/html/imgs/favicons/favicon.ico (100%) rename {nginx => website}/matthewtran.com/html/imgs/favicons/mstile-150x150.png (100%) rename {nginx => website}/matthewtran.com/html/imgs/favicons/safari-pinned-tab.svg (100%) rename {nginx => website}/matthewtran.com/html/imgs/favicons/site.webmanifest (100%) rename {nginx => website}/matthewtran.com/html/imgs/social.jpg (100%) rename {nginx => website}/matthewtran.com/html/index.html (100%) rename {nginx => website}/matthewtran.com/html/sitemap.xml (100%) rename {nginx => website}/matthewtran.com/html/style.css (100%) create mode 100755 wireguard/setup diff --git a/.gitignore b/.gitignore index e43b0f9..ac712cf 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,5 @@ .DS_Store +__pycache__ + +# wireguard +wireguard/*.conf diff --git a/README.md b/README.md index b16a5b6..ae2c1fa 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,28 @@ Stuff that's deployed on matthewtran.com. +## setup + +Tested on Ubuntu Server 22.04.3 LTS. + +### port forwarding + +Forward the following ports to the server. + +| service | port | +|-----------|---------| +| website | 80, 443 | +| p2pool | 3333 | +| monerod | 18081 | +| minecraft | 25565 | +| wireguard | 51820 | + +### build + +TODO all of this + ``` make -make run +make install # add service that runs on boot +make backup ``` diff --git a/Dockerfile b/website/Dockerfile similarity index 100% rename from Dockerfile rename to website/Dockerfile diff --git a/nginx/matthewtran.com/html/bg.js b/website/matthewtran.com/html/bg.js similarity index 100% rename from nginx/matthewtran.com/html/bg.js rename to website/matthewtran.com/html/bg.js diff --git a/nginx/matthewtran.com/html/fade.js b/website/matthewtran.com/html/fade.js similarity index 100% rename from nginx/matthewtran.com/html/fade.js rename to website/matthewtran.com/html/fade.js diff --git a/nginx/matthewtran.com/html/imgs/bg0.jpg b/website/matthewtran.com/html/imgs/bg0.jpg similarity index 100% rename from nginx/matthewtran.com/html/imgs/bg0.jpg rename to website/matthewtran.com/html/imgs/bg0.jpg diff --git a/nginx/matthewtran.com/html/imgs/bg1.jpg b/website/matthewtran.com/html/imgs/bg1.jpg similarity index 100% rename from nginx/matthewtran.com/html/imgs/bg1.jpg rename to website/matthewtran.com/html/imgs/bg1.jpg diff --git a/nginx/matthewtran.com/html/imgs/bg10.jpg b/website/matthewtran.com/html/imgs/bg10.jpg similarity index 100% rename from nginx/matthewtran.com/html/imgs/bg10.jpg rename to website/matthewtran.com/html/imgs/bg10.jpg diff --git a/nginx/matthewtran.com/html/imgs/bg11.jpg b/website/matthewtran.com/html/imgs/bg11.jpg similarity index 100% rename from nginx/matthewtran.com/html/imgs/bg11.jpg rename to website/matthewtran.com/html/imgs/bg11.jpg diff --git a/nginx/matthewtran.com/html/imgs/bg12.jpg b/website/matthewtran.com/html/imgs/bg12.jpg similarity index 100% rename from nginx/matthewtran.com/html/imgs/bg12.jpg rename to website/matthewtran.com/html/imgs/bg12.jpg diff --git a/nginx/matthewtran.com/html/imgs/bg13.jpg b/website/matthewtran.com/html/imgs/bg13.jpg similarity index 100% rename from nginx/matthewtran.com/html/imgs/bg13.jpg rename to website/matthewtran.com/html/imgs/bg13.jpg diff --git a/nginx/matthewtran.com/html/imgs/bg2.jpg b/website/matthewtran.com/html/imgs/bg2.jpg similarity index 100% rename from nginx/matthewtran.com/html/imgs/bg2.jpg rename to website/matthewtran.com/html/imgs/bg2.jpg diff --git a/nginx/matthewtran.com/html/imgs/bg3.jpg b/website/matthewtran.com/html/imgs/bg3.jpg similarity index 100% rename from nginx/matthewtran.com/html/imgs/bg3.jpg rename to website/matthewtran.com/html/imgs/bg3.jpg diff --git a/nginx/matthewtran.com/html/imgs/bg4.jpg b/website/matthewtran.com/html/imgs/bg4.jpg similarity index 100% rename from nginx/matthewtran.com/html/imgs/bg4.jpg rename to website/matthewtran.com/html/imgs/bg4.jpg diff --git a/nginx/matthewtran.com/html/imgs/bg5.jpg b/website/matthewtran.com/html/imgs/bg5.jpg similarity index 100% rename from nginx/matthewtran.com/html/imgs/bg5.jpg rename to website/matthewtran.com/html/imgs/bg5.jpg diff --git a/nginx/matthewtran.com/html/imgs/bg6.jpg b/website/matthewtran.com/html/imgs/bg6.jpg similarity index 100% rename from nginx/matthewtran.com/html/imgs/bg6.jpg rename to website/matthewtran.com/html/imgs/bg6.jpg diff --git a/nginx/matthewtran.com/html/imgs/bg7.jpg b/website/matthewtran.com/html/imgs/bg7.jpg similarity index 100% rename from nginx/matthewtran.com/html/imgs/bg7.jpg rename to website/matthewtran.com/html/imgs/bg7.jpg diff --git a/nginx/matthewtran.com/html/imgs/bg8.jpg b/website/matthewtran.com/html/imgs/bg8.jpg similarity index 100% rename from nginx/matthewtran.com/html/imgs/bg8.jpg rename to website/matthewtran.com/html/imgs/bg8.jpg diff --git a/nginx/matthewtran.com/html/imgs/bg9.jpg b/website/matthewtran.com/html/imgs/bg9.jpg similarity index 100% rename from nginx/matthewtran.com/html/imgs/bg9.jpg rename to website/matthewtran.com/html/imgs/bg9.jpg diff --git a/nginx/matthewtran.com/html/imgs/favicons/android-chrome-192x192.png b/website/matthewtran.com/html/imgs/favicons/android-chrome-192x192.png similarity index 100% rename from nginx/matthewtran.com/html/imgs/favicons/android-chrome-192x192.png rename to website/matthewtran.com/html/imgs/favicons/android-chrome-192x192.png diff --git a/nginx/matthewtran.com/html/imgs/favicons/android-chrome-512x512.png b/website/matthewtran.com/html/imgs/favicons/android-chrome-512x512.png similarity index 100% rename from nginx/matthewtran.com/html/imgs/favicons/android-chrome-512x512.png rename to website/matthewtran.com/html/imgs/favicons/android-chrome-512x512.png diff --git a/nginx/matthewtran.com/html/imgs/favicons/apple-touch-icon.png b/website/matthewtran.com/html/imgs/favicons/apple-touch-icon.png similarity index 100% rename from nginx/matthewtran.com/html/imgs/favicons/apple-touch-icon.png rename to website/matthewtran.com/html/imgs/favicons/apple-touch-icon.png diff --git a/nginx/matthewtran.com/html/imgs/favicons/browserconfig.xml b/website/matthewtran.com/html/imgs/favicons/browserconfig.xml similarity index 100% rename from nginx/matthewtran.com/html/imgs/favicons/browserconfig.xml rename to website/matthewtran.com/html/imgs/favicons/browserconfig.xml diff --git a/nginx/matthewtran.com/html/imgs/favicons/favicon-16x16.png b/website/matthewtran.com/html/imgs/favicons/favicon-16x16.png similarity index 100% rename from nginx/matthewtran.com/html/imgs/favicons/favicon-16x16.png rename to website/matthewtran.com/html/imgs/favicons/favicon-16x16.png diff --git a/nginx/matthewtran.com/html/imgs/favicons/favicon-32x32.png b/website/matthewtran.com/html/imgs/favicons/favicon-32x32.png similarity index 100% rename from nginx/matthewtran.com/html/imgs/favicons/favicon-32x32.png rename to website/matthewtran.com/html/imgs/favicons/favicon-32x32.png diff --git a/nginx/matthewtran.com/html/imgs/favicons/favicon.ico b/website/matthewtran.com/html/imgs/favicons/favicon.ico similarity index 100% rename from nginx/matthewtran.com/html/imgs/favicons/favicon.ico rename to website/matthewtran.com/html/imgs/favicons/favicon.ico diff --git a/nginx/matthewtran.com/html/imgs/favicons/mstile-150x150.png b/website/matthewtran.com/html/imgs/favicons/mstile-150x150.png similarity index 100% rename from nginx/matthewtran.com/html/imgs/favicons/mstile-150x150.png rename to website/matthewtran.com/html/imgs/favicons/mstile-150x150.png diff --git a/nginx/matthewtran.com/html/imgs/favicons/safari-pinned-tab.svg b/website/matthewtran.com/html/imgs/favicons/safari-pinned-tab.svg similarity index 100% rename from nginx/matthewtran.com/html/imgs/favicons/safari-pinned-tab.svg rename to website/matthewtran.com/html/imgs/favicons/safari-pinned-tab.svg diff --git a/nginx/matthewtran.com/html/imgs/favicons/site.webmanifest b/website/matthewtran.com/html/imgs/favicons/site.webmanifest similarity index 100% rename from nginx/matthewtran.com/html/imgs/favicons/site.webmanifest rename to website/matthewtran.com/html/imgs/favicons/site.webmanifest diff --git a/nginx/matthewtran.com/html/imgs/social.jpg b/website/matthewtran.com/html/imgs/social.jpg similarity index 100% rename from nginx/matthewtran.com/html/imgs/social.jpg rename to website/matthewtran.com/html/imgs/social.jpg diff --git a/nginx/matthewtran.com/html/index.html b/website/matthewtran.com/html/index.html similarity index 100% rename from nginx/matthewtran.com/html/index.html rename to website/matthewtran.com/html/index.html diff --git a/nginx/matthewtran.com/html/sitemap.xml b/website/matthewtran.com/html/sitemap.xml similarity index 100% rename from nginx/matthewtran.com/html/sitemap.xml rename to website/matthewtran.com/html/sitemap.xml diff --git a/nginx/matthewtran.com/html/style.css b/website/matthewtran.com/html/style.css similarity index 100% rename from nginx/matthewtran.com/html/style.css rename to website/matthewtran.com/html/style.css diff --git a/wireguard/setup b/wireguard/setup new file mode 100755 index 0000000..38e4854 --- /dev/null +++ b/wireguard/setup @@ -0,0 +1,127 @@ +#!/usr/bin/python3 + +import json +import subprocess +import sys +from ipaddress import ip_address, ip_network +from itertools import islice +from pathlib import Path + +wg_dir = Path('/etc/wireguard') +wg_json = wg_dir / 'wg0.json' +wg_conf = wg_dir / 'wg0.conf' + +iface = 'enp3s0' + +ipv4_prefix = '/24' +ipv6_prefix = '/64' + +def genkey(): + return subprocess.check_output(['wg', 'genkey']).strip().decode('utf-8') + +def pubkey(key): + return subprocess.run(['wg', 'pubkey'], input=key, encoding='utf-8', capture_output=True).stdout.strip() + +def ipv4(cfg): + taken = [ip_address(cfg['ipv4'])] + [ip_address(c['ipv4']) for c in cfg['clients']] if cfg else [] + for ip in ip_network('192.168.0.0' + ipv4_prefix).hosts(): + if ip not in taken: + return str(ip) + raise Exception('no ipv4 left') + +def ipv6(cfg): + taken = [ip_address(cfg['ipv6'])] + [ip_address(c['ipv6']) for c in cfg['clients']] if cfg else [] + for ip in ip_network('fd32:76a6:ec61:577a::0' + ipv6_prefix).hosts(): + if ip not in taken: + return str(ip) + raise Exception('no ipv6 left') + +def clientconf(cfg, key): + c = cfg['clients'][-1] + return ( + f'[Interface]\n' + f'Address = {c["ipv4"] + ipv4_prefix}\n' + f'Address = {c["ipv6"] + ipv6_prefix}\n' + f'DNS = 8.8.8.8, 8.8.4.4, 2001:4860:4860::8888, 2001:4860:4860::8844\n' # Google DNS servers + f'PrivateKey = {key}\n' + f'\n' + f'[Peer]\n' + f'Endpoint = matthewtran.com:51820\n' + f'AllowedIPs = 0.0.0.0/0, ::/0\n' + f'PublicKey = {pubkey(cfg["key"])}\n' + f'PersistentKeepalive = 15\n' + ) + +def serverconf(cfg): + conf = ( + f'[Interface]\n' + f'Address = {cfg["ipv4"] + ipv4_prefix}\n' + f'Address = {cfg["ipv6"] + ipv6_prefix}\n' + f'ListenPort = 51820\n' + f'PrivateKey = {cfg["key"]}\n' + + # TODO probably need to change + f'PostUp = sysctl -w net.ipv4.ip_forward=1\n' + f'PostUp = sysctl -w net.ipv6.conf.all.forwarding=1\n' + f'PostUp = iptables -A FORWARD -i wg0 -j ACCEPT\n' + f'PostUp = iptables -t nat -A POSTROUTING -o {iface} -j MASQUERADE\n' + f'PostUp = ip6tables -A FORWARD -i wg0 -j ACCEPT\n' + f'PostUp = ip6tables -t nat -A POSTROUTING -o {iface} -j MASQUERADE\n' + f'PostUp = ufw reload\n' + f'PostDown = sysctl -w net.ipv4.ip_forward=0\n' + f'PostDown = sysctl -w net.ipv6.conf.all.forwarding=0\n' + f'PostDown = iptables -D FORWARD -i wg0 -j ACCEPT\n' + f'PostDown = iptables -t nat -D POSTROUTING -o {iface} -j MASQUERADE\n' + f'PostDown = ip6tables -D FORWARD -i wg0 -j ACCEPT\n' + f'PostDown = ip6tables -t nat -D POSTROUTING -o {iface} -j MASQUERADE\n' + f'PostDown = ufw reload\n' + f'\n' + ) + for c in cfg['clients']: + conf += ( + f'[Peer]\n' + f'AllowedIPs = {c["ipv4"] + "/32"}\n' + f'AllowedIPs = {c["ipv6"] + "/128"}\n' + f'PublicKey = {c["pubkey"]}\n' + f'\n' + ) + return conf + +if __name__ == '__main__': + # create initial config if doesn't exist + if not wg_json.is_file(): + with wg_json.open('w') as file: + json.dump({ + 'ipv4': ipv4(None), + 'ipv6': ipv6(None), + 'key' : genkey(), + 'clients': [] + }, file, indent=4) + file.write('\n') + + # read config + with wg_json.open('r') as file: + cfg = json.load(file) + + # add additional clients + for c in sys.argv[1:]: + key = genkey() + cfg['clients'].append({ + 'ipv4' : ipv4(cfg), + 'ipv6' : ipv6(cfg), + 'pubkey': pubkey(key), + }) + + with open(c + '.conf', 'w') as file: + file.write(clientconf(cfg, key)) + + # generate files + with wg_json.open('w') as file: + json.dump(cfg, file, indent=4) + file.write('\n') + + with wg_conf.open('w') as file: + file.write(serverconf(cfg)) + + print('encode as QR with "qrencode -t ansiutf8 < "') + print('run "sudo systemctl restart wg-quick@wg0.service" to load new settings')