optional preshared key and sensor rest api

bigmoby · May 19, 2021 · 8bd6cd4 · 8bd6cd4
1 parent 68e9033
commit 8bd6cd4
Show file tree

Hide file tree

Showing 7 changed files with 77 additions and 27 deletions.
diff --git a/wireguard_client/CHANGELOG.md b/wireguard_client/CHANGELOG.md
@@ -1,18 +1,14 @@
-## What’s changed
+## What’s changed in Wireguard Client Add-on v0.1.6 
 
-## 💣 Breaking changes
+## 🚀 Improvements
 
-- Add the PostUp and PostDown custom parameters
-- 💣 Breaking changes: add these lines to your current configuration:
+- Optional `pre_shared_key` parameter
+- Simple Rest API in order to expose Wireguard status in `sensor` configuration
 
- `post_up: iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE`
+## 🛠 Fixs
 
- `post_down: iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE`
-
-## 🧰 Maintenance
-
-- Update add-on configuration for Supervisor 2021.2
+- `interface.address` is not hardcoded to its `/24` mask ~> if mask not specified then `/24`will be applied otherwise it is possible to assign `10.6.0.0/32`
 
 ## ⬆️ Dependency updates
 
-- Upgrade add-on base image to 9.1.2
+- Upgrade add-on base image to 9.2.0
diff --git a/wireguard_client/DOCS.md b/wireguard_client/DOCS.md
@@ -57,7 +57,7 @@ interface:
   post_up: iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
   post_down: iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
 peer:
-  public_key: your-public-key=
+  public_key: your-public-key
   pre_shared_key: your-preshared-key
   endpoint: 'xxxxxxxxxxxxxxx.duckdns.org:51820'
   allowed_ips:

diff --git a/wireguard_client/Dockerfile b/wireguard_client/Dockerfile
@@ -1,4 +1,4 @@
-ARG BUILD_FROM=ghcr.io/hassio-addons/base/amd64:9.1.7
+ARG BUILD_FROM=ghcr.io/hassio-addons/base/amd64:9.2.0
 # hadolint ignore=DL3006
 FROM ${BUILD_FROM}
 
@@ -10,7 +10,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN \
     apk add --no-cache \
         openresolv=3.12.0-r0 \
-        wireguard-tools=1.0.20200827-r1 
+        wireguard-tools=1.0.20200827-r1
 
 # Copy root filesystem
 COPY rootfs /

diff --git a/wireguard_client/build.json b/wireguard_client/build.json
@@ -1,9 +1,9 @@
 {
   "build_from": {
-    "aarch64": "ghcr.io/hassio-addons/base/aarch64:9.1.7",
-    "amd64": "ghcr.io/hassio-addons/base/amd64:9.1.7",
-    "armhf": "ghcr.io/hassio-addons/base/armhf:9.1.7",
-    "armv7": "ghcr.io/hassio-addons/base/armv7:9.1.7",
-    "i386": "ghcr.io/hassio-addons/base/i386:9.1.7"
+    "aarch64": "ghcr.io/hassio-addons/base/aarch64:9.2.0",
+    "amd64": "ghcr.io/hassio-addons/base/amd64:9.2.0",
+    "armhf": "ghcr.io/hassio-addons/base/armhf:9.2.0",
+    "armv7": "ghcr.io/hassio-addons/base/armv7:9.2.0",
+    "i386": "ghcr.io/hassio-addons/base/i386:9.2.0"
   }
 }
diff --git a/wireguard_client/config.json b/wireguard_client/config.json
@@ -1,6 +1,6 @@
 {
    "name":"WireGuard Client",
-   "version":"0.1.5",
+   "version":"0.1.6",
    "slug":"wireguard_client",
    "description":"Fast, modern, secure Wireguard tunnel (client)",
    "url":"https://github.com/bigmoby/addon-wireguard-client",
@@ -16,9 +16,11 @@
    "init":false,
    "full_access": false,
    "ports":{
+      "80/tcp": null,
       "51820/udp": 51820
    },
    "ports_description":{
+      "80/tcp": "WireGuard client status API",
       "51820/udp":"WireGuard: forward this port in your router"
    },
    "hassio_api":true,

diff --git a/wireguard_client/rootfs/etc/cont-init.d/config.sh b/wireguard_client/rootfs/etc/cont-init.d/config.sh
@@ -5,7 +5,6 @@
 # ==============================================================================
 declare -a list
 declare address
-declare tmp_address
 declare allowed_ips
 declare config
 declare dns
@@ -45,8 +44,8 @@ fi
 if ! bashio::config.has_value 'interface.address'; then
     bashio::exit.nok 'You need a address configured for the interface client'
 else
-   tmp_address=$(bashio::config 'interface.address')
-   address="${tmp_address}/24"
+    address=$(bashio::config 'interface.address')
+    [[ "${address}" == *"/"* ]] || address="${address}/24"   
    echo "Address = ${address}" >> "${config}"
 fi
 
@@ -111,9 +110,7 @@ fi
 
 # Check if pre_shared key value and if true get the peer pre_shared key
 pre_shared_key=""
-if ! bashio::config.has_value 'peer.pre_shared_key'; then
-    bashio::exit.nok 'You need a pre_shared_key configured for the peer'
-else
+if  bashio::config.has_value 'peer.pre_shared_key'; then
     pre_shared_key=$(bashio::config 'peer.pre_shared_key')
 fi
 
@@ -145,14 +142,18 @@ if bashio::config.has_value "peer.allowed_ips"; then
 else
     bashio::exit.nok 'You need a allowed_ips configured for the peer'
 fi
+
 allowed_ips=$(IFS=", "; echo "${list[*]}")
 
 # Start writing peer information in client config
 {
     echo ""
     echo "[Peer]"
     echo "PublicKey = ${peer_public_key}"
-    echo "PreSharedKey = ${pre_shared_key}"
+    if [ ! $pre_shared_key == "" ]
+    then
+        echo "PreSharedKey = ${pre_shared_key}"
+    fi
     echo "Endpoint = ${endpoint}"
     echo "AllowedIPs = ${allowed_ips}"
     echo "PersistentKeepalive = ${keep_alive}"

diff --git a/wireguard_client/rootfs/etc/services.d/api/run b/wireguard_client/rootfs/etc/services.d/api/run
@@ -0,0 +1,51 @@
+#!/usr/bin/with-contenv bashio
+# ==============================================================================
+# Home Assistant Third Party Add-on: WireGuard Client
+# Provides status of WireGuard broker.
+# ==============================================================================
+declare -a peers
+declare endpoint
+declare json
+declare latest_handshake
+declare line
+declare name
+declare peer
+declare public_key
+declare transfer_rx
+declare transfer_tx
+
+while true; do
+    # Get information from wg
+    peers=()
+    while IFS=$'\t' read -r -a line; do
+        if [[ "${#line[@]}" -gt 6 ]]; then
+            endpoint="${line[3]}"
+            latest_handshake="${line[5]}"
+            public_key="${line[1]}"
+            transfer_rx="${line[6]}"
+            transfer_tx="${line[7]}"
+
+            peer=$(bashio::var.json \
+                    'endpoint' "${endpoint}" \
+                    'latest_handshake' "^${latest_handshake}" \
+                    'transfer_rx' "^${transfer_rx}" \
+                    'transfer_tx' "^${transfer_tx}")
+
+            filename=$(sha1sum <<< "${public_key}" | awk '{ print $1 }')
+            if bashio::fs.file_exists "/var/lib/wireguard/${filename}"; then
+                name=$(<"/var/lib/wireguard/${filename}")
+                peers+=("${name}")
+                peers+=("^${peer}")
+            fi
+        fi
+    done <<< "$(wg show all dump)"
+
+    # Build final json content
+    json="{}"
+    if [[ "${#peers[@]}" -ne 0 ]]; then
+        json=$(bashio::var.json "${peers[@]}")
+    fi
+
+    echo -e "HTTP/1.1 200 OK\r\nContent-type: application/json\r\n\r\n${json}" \
+        | nc -l -p 80 > /dev/null
+done