Merge branch 'main' into feature/yaml_config

.vscode/tasks.json

@@ -1,6 +1,4 @@
 {
-    // See https://go.microsoft.com/fwlink/?LinkId=733558
-    // for the documentation about the tasks.json format
     "version": "2.0.0",
     "tasks": [
         {

wireguard_client/CHANGELOG.md

@@ -1,3 +1,64 @@
+## What’s changed in Wireguard Client Add-on v0.2.0
+## 🚀 Enhancements
+
+- Migrate JSON config to YAML
+- Upgrade add-on base image to 11.0.0
+
+### ⬆️ Dependency updates
+
+- Upgrade wireguard-tools to 1.0.20210914-r0
+
+## What’s changed in Wireguard Client Add-on v0.1.9
+### 💣 BREAKING CHANGES
+
+- new peers section in order to configure several peer connection (thanks to Stefan Berggren aka "nsg" https://github.com/nsg for suggest me this feature and give me some hints with his PR)
+
+```yaml
+interface:
+  private_key: test_key
+  address: 10.6.0.2
+  dns:
+    - 8.8.8.8
+    - 8.8.4.4
+  post_up: iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
+  post_down: iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
+peer:
+  public_key: test_key
+  pre_shared_key: test_key
+  endpoint: xxxxxxxxxxxxxxx.duckdns.org:51820
+  allowed_ips:
+    - 10.6.0.0/24
+  persistent_keep_alive: 25
+```
+
+should be re-configured in 
+
+```yaml
+interface:
+  private_key: test_key
+  address: 10.6.0.2
+  dns:
+    - 8.8.8.8
+    - 8.8.4.4
+  post_up: iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
+  post_down: iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
+peers:
+  - public_key: test_key
+    pre_shared_key: test_key
+    endpoint: xxxxxxxxxxxxxxx.duckdns.org:51820
+    allowed_ips:
+      - 10.6.0.0/24
+    persistent_keep_alive: '25'
+  - public_key: test_key
+    pre_shared_key: test_key
+    endpoint: yyyyyyyyyyyyyyy.duckdns.org:51820
+    allowed_ips:
+      - 10.6.0.1/24
+    persistent_keep_alive: '26'
+```
+
+ - `dns`,`post_up`,`post_down` have become optional params
+
 ## What’s changed in Wireguard Client Add-on v0.1.8 
 ### 🛠 Fixs
 

wireguard_client/DOCS.md

@@ -56,13 +56,13 @@ interface:
     - 8.8.4.4
   post_up: iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
   post_down: iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
-peer:
-  public_key: your-public-key
-  pre_shared_key: your-preshared-key
-  endpoint: 'xxxxxxxxxxxxxxx.duckdns.org:51820'
-  allowed_ips:
-    - 10.6.0.0/24
-  persistent_keep_alive: 25
+peers:
+  - public_key: your-public-key
+    pre_shared_key: your-preshared-key
+    endpoint: 'xxxxxxxxxxxxxxx.duckdns.org:51820'
+    allowed_ips:
+      - 10.6.0.0/24
+    persistent_keep_alive: 25
 ```
 
 1. Save the configuration.

wireguard_client/Dockerfile

@@ -1,4 +1,4 @@
-ARG BUILD_FROM=ghcr.io/hassio-addons/base/amd64:10.2.2
+ARG BUILD_FROM=ghcr.io/hassio-addons/base/amd64:11.0.0
 # hadolint ignore=DL3006
 FROM ${BUILD_FROM}
 
@@ -10,7 +10,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN \
     apk add --no-cache \
         openresolv=3.12.0-r0 \
-        wireguard-tools=1.0.20210424-r0
+        wireguard-tools=1.0.20210914-r0
 
 # Copy root filesystem
 COPY rootfs /

wireguard_client/build.yaml

@@ -1,7 +1,7 @@
 ---
 build_from:
-  aarch64: ghcr.io/hassio-addons/base/aarch64:10.2.2
-  amd64: ghcr.io/hassio-addons/base/amd64:10.2.2
-  armhf: ghcr.io/hassio-addons/base/armhf:10.2.2
-  armv7: ghcr.io/hassio-addons/base/armv7:10.2.2
-  i386: ghcr.io/hassio-addons/base/i386:10.2.2
+  aarch64: ghcr.io/hassio-addons/base/aarch64:11.0.0
+  amd64: ghcr.io/hassio-addons/base/amd64:11.0.0
+  armhf: ghcr.io/hassio-addons/base/armhf:11.0.0
+  armv7: ghcr.io/hassio-addons/base/armv7:11.0.0
+  i386: ghcr.io/hassio-addons/base/i386:11.0.0

wireguard_client/config.yaml

@@ -1,6 +1,6 @@
 ---
 name: WireGuard Client
-version: 0.1.9
+version: 0.2.0
 slug: wireguard_client
 description: Fast, modern, secure Wireguard tunnel (client)
 url: https://github.com/bigmoby/addon-wireguard-client
@@ -31,25 +31,26 @@ options:
     dns: [ 8.8.8.8, 8.8.4.4]
     post_up: "iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE"
     post_down: "iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE"
-  peer:
-    public_key: ""
-    pre_shared_key: ""
-    endpoint: "xxxxxx.duckdns.com:51820"
-    allowed_ips: [ "10.6.0.0/24" ]
-    persistent_keep_alive: "25"
+  peers:
+    - public_key: ""
+      pre_shared_key: ""
+      endpoint: "xxxxxx.duckdns.com:51820"
+      allowed_ips: [ "10.6.0.0/24" ]
+      persistent_keep_alive: "25"
 schema:
   log_level: list(trace|debug|info|notice|warning|error|fatal)?
   interface:
     private_key: password?
     address: str
     dns:
-      - str
-    post_up: str
-    post_down: str
-  peer:
-    public_key: str?
-    pre_shared_key: str?
-    endpoint: str
-    allowed_ips:
-      - str
-    persistent_keep_alive: int
+      - str?
+    post_up: str?
+    post_down: str?
+  peers:
+    - public_key: str?
+      pre_shared_key: str?
+      endpoint: str
+      allowed_ips:
+        - str
+      persistent_keep_alive: int
+image: "bigmoby/{arch}-addon-wireguard-client"

wireguard_client/rootfs/etc/cont-init.d/config.sh

@@ -50,17 +50,15 @@ else
 fi
 
 # Add all server DNS addresses to the configuration
-listDns=()
 if bashio::config.has_value "interface.dns"; then
+    listDns=()
     # Use allowed IP's defined by the user.
     for address in $(bashio::config "interface.dns"); do
         listDns+=("${address}")
     done
-else
-    bashio::exit.nok 'You need a dns configured'
+    dns=$(IFS=", "; echo "${listDns[*]}")
+    echo "DNS = ${dns}" >> "${config}"
 fi
-dns=$(IFS=", "; echo "${listDns[*]}")
-echo "DNS = ${dns}" >> "${config}"
 
 if [[ $(</proc/sys/net/ipv4/ip_forward) -eq 0 ]]; then
     bashio::log.warning
@@ -76,17 +74,13 @@ fi
 
 # Post Up & Down defaults
 # Check if custom post_up value
-if ! bashio::config.has_value 'interface.post_up'; then
-    bashio::exit.nok 'post_up command is required'
-else
+if bashio::config.has_value 'interface.post_up'; then
     post_up=$(bashio::config 'interface.post_up')
     echo "PostUp = ${post_up}" >> "${config}"
 fi
 
 # Check if custom post_down value
-if ! bashio::config.has_value 'interface.post_down'; then
-    bashio::exit.nok 'post_down command is required'
-else
+if bashio::config.has_value 'interface.post_down'; then
     post_down=$(bashio::config 'interface.post_down')
     echo "PostDown = ${post_down}" >> "${config}"
 fi
@@ -97,67 +91,70 @@ if ! bashio::fs.directory_exists '/var/lib/wireguard'; then
         || bashio::exit.nok "Could not create status API storage folder"
 fi
 
+if ! bashio::config.has_value 'peers'; then
+    bashio::exit.nok 'Missing required list: peers'
+fi
+
 ######################
 # Peer configuration #
 ######################
-# Check if public key value and if true get the peer public key
-peer_public_key=""
-if ! bashio::config.has_value 'peer.public_key'; then
-    bashio::exit.nok 'You need a public_key configured for the peer'
-else
-    peer_public_key=$(bashio::config 'peer.public_key')
-fi
-
-# Check if pre_shared key value and if true get the peer pre_shared key
-pre_shared_key=""
-if  bashio::config.has_value 'peer.pre_shared_key'; then
-    pre_shared_key=$(bashio::config 'peer.pre_shared_key')
-fi
-
-# Check if endpoint value and if true get the peer endpoint
-endpoint=""
-if ! bashio::config.has_value 'peer.endpoint'; then
-    bashio::exit.nok 'You need a endpoint configured for the peer'
-else
-    endpoint=$(bashio::config 'peer.endpoint')
-fi
-
-# Check if persistent_keep_alive value and if true get the peer persistent_keep_alive
-keep_alive=""
-if ! bashio::config.has_value 'peer.persistent_keep_alive'; then
-    bashio::exit.nok 'You need a persistent_keep_alive configured for the peer'
-else
-    keep_alive=$(bashio::config 'peer.persistent_keep_alive')
-fi
+# Fetch all the peers
+for peer in $(bashio::config 'peers|keys'); do
+
+    # Check if public key value and if true get the peer public key
+    peer_public_key=$(bashio::config "peers[${peer}].public_key")
+
+    # Check if pre_shared key value and if true get the peer pre_shared key
+    pre_shared_key=""
+    if  bashio::config.has_value "peers[${peer}].pre_shared_key"; then
+        pre_shared_key=$(bashio::config "peers[${peer}].pre_shared_key")
+    fi
 
-# Determine allowed IPs for server side config, by default use
-# peer defined addresses.
-list=()
-if bashio::config.has_value "peer.allowed_ips"; then
-    # Use allowed IP's defined by the user.
-    for address in $(bashio::config "peer.allowed_ips"); do
-        [[ "${address}" == *"/"* ]] || address="${address}/32"
-        list+=("${address}")
-    done
-else
-    bashio::exit.nok 'You need a allowed_ips configured for the peer'
-fi
+    # Check if endpoint value and if true get the peer endpoint
+    endpoint=""
+    if ! bashio::config.has_value "peers[${peer}].endpoint"; then
+        bashio::exit.nok 'You need a endpoint configured for the peer'
+    else
+        endpoint=$(bashio::config "peers[${peer}].endpoint")
+    fi
 
-allowed_ips=$(IFS=", "; echo "${list[*]}")
+    # Check if persistent_keep_alive value and if true get the peer persistent_keep_alive
+    keep_alive=""
+    if ! bashio::config.has_value "peers[${peer}].persistent_keep_alive"; then
+        bashio::exit.nok 'You need a persistent_keep_alive configured for the peer'
+    else
+        keep_alive=$(bashio::config "peers[${peer}].persistent_keep_alive")
+    fi
 
-# Start writing peer information in client config
-{
-    echo ""
-    echo "[Peer]"
-    echo "PublicKey = ${peer_public_key}"
-    if [ ! $pre_shared_key == "" ]
-    then
-        echo "PreSharedKey = ${pre_shared_key}"
+    # Determine allowed IPs for server side config, by default use
+    # peer defined addresses.
+    list=()
+    if bashio::config.has_value "peers[${peer}].allowed_ips"; then
+        # Use allowed IP's defined by the user.
+        for address in $(bashio::config "peers[${peer}].allowed_ips"); do
+            [[ "${address}" == *"/"* ]] || address="${address}/32"
+            list+=("${address}")
+        done
+    else
+        bashio::exit.nok 'You need a allowed_ips configured for the peer'
     fi
-    echo "Endpoint = ${endpoint}"
-    echo "AllowedIPs = ${allowed_ips}"
-    echo "PersistentKeepalive = ${keep_alive}"
-    echo ""
-} >> "${config}"
+
+    allowed_ips=$(IFS=", "; echo "${list[*]}")
+
+    # Start writing peer information in client config
+    {
+        echo ""
+        echo "[Peer]"
+        echo "PublicKey = ${peer_public_key}"
+        if [ ! $pre_shared_key == "" ]
+        then
+            echo "PreSharedKey = ${pre_shared_key}"
+        fi
+        echo "Endpoint = ${endpoint}"
+        echo "AllowedIPs = ${allowed_ips}"
+        echo "PersistentKeepalive = ${keep_alive}"
+        echo ""
+    } >> "${config}"
+done
 
 bashio::log.info "Ended to write Wireguard configuration into: [${config}]"