aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/contrib
diff options
context:
space:
mode:
Diffstat (limited to 'contrib')
-rw-r--r--contrib/examples/reresolve-dns/README9
-rwxr-xr-xcontrib/examples/reresolve-dns/reresolve-dns.sh39
2 files changed, 48 insertions, 0 deletions
diff --git a/contrib/examples/reresolve-dns/README b/contrib/examples/reresolve-dns/README
new file mode 100644
index 0000000..f228caa
--- /dev/null
+++ b/contrib/examples/reresolve-dns/README
@@ -0,0 +1,9 @@
+reresolve-dns
+=============
+
+Run this script from cron every thirty seconds or so, and it will ensure
+that if, when using a dynamic DNS service, the DNS entry for a hosts
+changes, the kernel will get the update to the DNS entry.
+
+This works by parsing configuration files, and simply running:
+ $ wg set wg0 peer ... endpoint ...
diff --git a/contrib/examples/reresolve-dns/reresolve-dns.sh b/contrib/examples/reresolve-dns/reresolve-dns.sh
new file mode 100755
index 0000000..d63f5fa
--- /dev/null
+++ b/contrib/examples/reresolve-dns/reresolve-dns.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+set -e
+shopt -s nocasematch
+shopt -s extglob
+export LC_ALL=C
+
+CONFIG_FILE="$1"
+[[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,16}$ ]] && CONFIG_FILE="/etc/wireguard/$CONFIG_FILE.conf"
+[[ $CONFIG_FILE =~ /?([a-zA-Z0-9_=+.-]{1,16})\.conf$ ]]
+INTERFACE="${BASH_REMATCH[1]}"
+
+process_peer() {
+ [[ $PEER_SECTION -ne 1 || -z $PUBLIC_KEY || -z $ENDPOINT ]] && return 0
+ [[ $(wg show "$INTERFACE" latest-handshakes) =~ ^${PUBLIC_KEY//+/\\+}\ ([0-9]+)$ ]] || return 0
+ (( ($(date +%s) - ${BASH_REMATCH[1]}) > 135 )) || return 0
+ wg set "$INTERFACE" peer "$PUBLIC_KEY" endpoint "$ENDPOINT"
+ reset_peer_section
+}
+
+reset_peer_section() {
+ PEER_SECTION=0
+ PUBLIC_KEY=""
+ ENDPOINT=""
+}
+
+reset_peer_section
+while read -r line || [[ -n $line ]]; do
+ key="${line%%=*}"; key="${key##*( )}"; key="${key%%*( )}"
+ value="${line#*=}"; value="${value##*( )}"; value="${value%%*( )}"
+ [[ $key == "["* ]] && { process_peer; reset_peer_section; }
+ [[ $key == "[Peer]" ]] && PEER_SECTION=1
+ if [[ $PEER_SECTION -eq 1 ]]; then
+ case "$key" in
+ PublicKey) PUBLIC_KEY="$value"; continue ;;
+ Endpoint) ENDPOINT="$value"; continue ;;
+ esac
+ fi
+done < "$CONFIG_FILE"
+process_peer