blob: ae6ca7eb4c258d6d73e2226c9054a1607d719cfe (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
#!/bin/bash
# Import the assets/wireguard-config Proton configs into NetworkManager as
# wireguard connections with autoconnect off. Two NM quirks handled here:
#
# - The import filename must be a valid interface name (<= 15 chars), and
# several config names are longer — so every file imports through a temp
# copy named wgpvpn.conf and the connection is renamed to the real config
# name right after (by the UUID parsed from the import output, so a stray
# same-named connection can't be hit). All profiles share the wgpvpn
# interface, which is fine (they're mutually exclusive full-tunnel
# configs), and the wg prefix keeps the net doctor's tunnel-down repair
# on the NM path.
# - Imports default to autoconnect yes, and these are full-tunnel
# (AllowedIPs 0.0.0.0/0) — a VPN that arms itself on boot is not a default
# anyone chose, so the modify runs immediately after each import.
#
# A connection still literally named wgpvpn means an earlier run died
# between import and rename — and it still has autoconnect on. The script
# refuses to run until that's cleaned up rather than guessing.
#
# Idempotent: already-imported names skip.
#
# Usage: import-wireguard-configs.sh [config-dir]
set -euo pipefail
dir="${1:-$(cd "$(dirname "$0")/.." && pwd)/assets/wireguard-config}"
[ -d "$dir" ] || { echo "no such config dir: $dir" >&2; exit 1; }
if nmcli -t -f NAME connection show | grep -Fxq "wgpvpn"; then
echo "stale 'wgpvpn' connection found (an earlier run died mid-import; it has autoconnect ON)" >&2
echo "inspect and remove it first: nmcli connection delete wgpvpn" >&2
exit 1
fi
tmp="$(mktemp -d)"
trap 'rm -rf "$tmp"' EXIT
shopt -s nullglob
found=0
for conf in "$dir"/*.conf; do
found=1
name="$(basename "$conf" .conf)"
if nmcli -t -f NAME connection show | grep -Fxq "$name"; then
echo "skip: $name (already imported)"
continue
fi
cp "$conf" "$tmp/wgpvpn.conf"
out="$(nmcli connection import type wireguard file "$tmp/wgpvpn.conf")"
uuid="$(grep -oE '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' <<<"$out" | head -1 || true)"
if [ -z "$uuid" ]; then
echo "could not parse a UUID from the import output for $name:" >&2
echo " $out" >&2
exit 1
fi
nmcli connection modify "$uuid" connection.id "$name" \
connection.autoconnect no
echo "imported: $name (autoconnect off, iface wgpvpn)"
done
[ "$found" = 1 ] || { echo "no .conf files in $dir" >&2; exit 1; }
|