From 669867569e4ede4170011469a9f666b527f7b2e8 Mon Sep 17 00:00:00 2001 From: Ruslan Date: Tue, 14 Apr 2026 10:26:43 +0300 Subject: [PATCH] Server: auto-apply GUI config changes to live WireGuard interface --- README.md | 1 + server/install_server.sh | 50 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) diff --git a/README.md b/README.md index af9fb15..5fac178 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,7 @@ - Сервер разворачивается нативно на `wg-quick` + `systemd` (стабильность после reboot). - GUI (`wireguard-ui`) запускается в Docker, но работает с тем же `/etc/wireguard`, где лежит серверный конфиг. +- На сервере ставится `wg-syncconf@wg0.path`: при изменении `/etc/wireguard/wg0.conf` (в том числе после `Apply` в GUI) конфиг автоматически применяется в живой интерфейс `wg0`. - Клиентский скрипт: 1. генерирует ключи локально, 2. подключается к серверу по SSH, diff --git a/server/install_server.sh b/server/install_server.sh index c713ce0..6abbc0a 100755 --- a/server/install_server.sh +++ b/server/install_server.sh @@ -124,6 +124,8 @@ reset_existing_install() { shopt -s nullglob for conf in /etc/wireguard/*.conf; do iface="$(basename "$conf" .conf)" + systemctl disable --now "wg-syncconf@${iface}.path" >/dev/null 2>&1 || true + systemctl stop "wg-syncconf@${iface}.service" >/dev/null 2>&1 || true systemctl disable --now "wg-quick@${iface}.service" >/dev/null 2>&1 || true wg-quick down "$iface" >/dev/null 2>&1 || true done @@ -312,6 +314,52 @@ EOF_HELPER log_success "Установлен helper: /usr/local/sbin/wg-peerctl" } +install_wg_sync_watcher() { + cat > /usr/local/sbin/wg-syncconf-apply <<'EOF_SYNC_APPLY' +#!/usr/bin/env bash +set -euo pipefail + +iface="${1:-wg0}" +conf="/etc/wireguard/${iface}.conf" + +[[ -f "$conf" ]] || exit 0 + +if systemctl is-active --quiet "wg-quick@${iface}.service"; then + wg syncconf "$iface" <(wg-quick strip "$conf") +else + systemctl start "wg-quick@${iface}.service" +fi +EOF_SYNC_APPLY + chmod 750 /usr/local/sbin/wg-syncconf-apply + + cat > /etc/systemd/system/wg-syncconf@.service <<'EOF_SYNC_SERVICE' +[Unit] +Description=Apply WireGuard config changes for %i +After=network-online.target +Wants=network-online.target + +[Service] +Type=oneshot +ExecStart=/usr/local/sbin/wg-syncconf-apply %i +EOF_SYNC_SERVICE + + cat > /etc/systemd/system/wg-syncconf@.path <<'EOF_SYNC_PATH' +[Unit] +Description=Watch WireGuard config changes for %i + +[Path] +PathExists=/etc/wireguard/%i.conf +PathModified=/etc/wireguard/%i.conf + +[Install] +WantedBy=multi-user.target +EOF_SYNC_PATH + + systemctl daemon-reload + systemctl enable --now "wg-syncconf@${WG_INTERFACE}.path" + log_success "Включено авто-применение изменений /etc/wireguard/${WG_INTERFACE}.conf -> ${WG_INTERFACE}" +} + setup_gui() { [[ "$GUI_ENABLE" == "yes" ]] || { log_warn "GUI отключен (GUI_ENABLE=no)"; return; } @@ -414,6 +462,7 @@ GUI статус: ${gui_status} $(if [[ "$GUI_ENABLE" == "yes" && "$GUI_PASSWORD_GENERATED" -eq 1 ]]; then echo "GUI пароль: ${GUI_PASSWORD} (сгенерирован, рекомендуется заменить)"; fi) Helper для peer: /usr/local/sbin/wg-peerctl +Auto-apply GUI->WG: enabled (wg-syncconf@${WG_INTERFACE}.path) Лог установки: ${LOG_FILE} ================================================= EOF_SUMMARY @@ -444,6 +493,7 @@ main() { setup_wg_service setup_ufw_if_active install_peer_helper + install_wg_sync_watcher setup_gui print_summary