-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathinstall.sh
executable file
·58 lines (58 loc) · 2.62 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#!/bin/bash
set -e
if [[ $(id -u) -ne 0 ]] ; then echo "Please run as root" ; exit 1 ; fi
apt-get install wireguard iptables bird2 sudo python3 python3-netaddr python3-paste python3-bottle python3-requests python3-pip fping mtr vnstat git -y
cd /opt/
#git
git clone https://github.com/Ne00n/wg-mesh.git
cd wg-mesh
git checkout master
useradd wg-mesh -r -d /opt/wg-mesh -s /bin/bash
#run init
./cli.py $@
chown -R wg-mesh:wg-mesh /opt/wg-mesh/
#add wgmesh to /usr/local/bin
cat <<EOF >>/usr/local/bin/wgmesh
#!/bin/bash
if [[ $(id -u) -ne 0 ]] ; then echo "Please run as root" ; exit 1 ; fi
su wg-mesh <<EOF2
/opt/wg-mesh/cli.py \$@
EOF2
EOF
chmod +x /usr/local/bin/wgmesh
#sudo permissions
echo "wg-mesh ALL=(ALL) NOPASSWD: /sbin/ip*" >> /etc/sudoers.d/wg-mesh
echo "wg-mesh ALL=(ALL) NOPASSWD: /usr/sbin/ip*" >> /etc/sudoers.d/wg-mesh
echo "wg-mesh ALL=(ALL) NOPASSWD: /usr/sbin/iptables*" >> /etc/sudoers.d/wg-mesh
echo "wg-mesh ALL=(ALL) NOPASSWD: /usr/sbin/ip6tables*" >> /etc/sudoers.d/wg-mesh
echo "wg-mesh ALL=(ALL) NOPASSWD: /sbin/bridge fdb append *" >> /etc/sudoers.d/wg-mesh
echo "wg-mesh ALL=(ALL) NOPASSWD: /usr/sbin/bridge fdb append *" >> /etc/sudoers.d/wg-mesh
echo "wg-mesh ALL=(ALL) NOPASSWD: /usr/bin/wg set*" >> /etc/sudoers.d/wg-mesh
#bird permissions
echo "wg-mesh ALL=(ALL) NOPASSWD: /bin/systemctl reload bird" >> /etc/sudoers.d/wg-mesh
echo "wg-mesh ALL=(ALL) NOPASSWD: /usr/bin/systemctl reload bird" >> /etc/sudoers.d/wg-mesh
echo "wg-mesh ALL=(ALL) NOPASSWD: /bin/systemctl restart bird" >> /etc/sudoers.d/wg-mesh
echo "wg-mesh ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart bird" >> /etc/sudoers.d/wg-mesh
usermod -a -G bird wg-mesh
touch /etc/bird/static.conf
chown bird:bird /etc/bird/static.conf
touch /etc/bird/bgp.conf
chown bird:bird /etc/bird/bgp.conf
chmod -R 770 /etc/bird/
#sysctl
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/wg-mesh.conf
echo "net.ipv4.conf.all.rp_filter=0" >> /etc/sysctl.d/wg-mesh.conf
echo "net.ipv4.conf.default.rp_filter=0" >> /etc/sysctl.d/wg-mesh.conf
echo "net.core.default_qdisc=fq " >> /etc/sysctl.d/wg-mesh.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.d/wg-mesh.conf
echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.d/wg-mesh.conf
sysctl --system
#systemd wg-mesh service
cp /opt/wg-mesh/configs/wgmesh.service /etc/systemd/system/wgmesh.service
systemctl enable wgmesh && systemctl start wgmesh
#systemd bird service
cp /opt/wg-mesh/configs/wgmesh-bird.service /etc/systemd/system/wgmesh-bird.service
systemctl enable wgmesh-bird && systemctl start wgmesh-bird
#systemd pipe service
cp /opt/wg-mesh/configs/wgmesh-pipe.service /etc/systemd/system/wgmesh-pipe.service
systemctl enable wgmesh-pipe