Server: auto-apply GUI config changes to live WireGuard interface
This commit is contained in:
Ruslan
@@ -124,6 +124,8 @@ reset_existing_install() {
|
||||
shopt -s nullglob
|
||||
for conf in /etc/wireguard/*.conf; do
|
||||
iface="$(basename "$conf" .conf)"
|
||||
systemctl disable --now "wg-syncconf@${iface}.path" >/dev/null 2>&1 || true
|
||||
systemctl stop "wg-syncconf@${iface}.service" >/dev/null 2>&1 || true
|
||||
systemctl disable --now "wg-quick@${iface}.service" >/dev/null 2>&1 || true
|
||||
wg-quick down "$iface" >/dev/null 2>&1 || true
|
||||
done
|
||||
@@ -312,6 +314,52 @@ EOF_HELPER
|
||||
log_success "Установлен helper: /usr/local/sbin/wg-peerctl"
|
||||
}
|
||||
|
||||
install_wg_sync_watcher() {
|
||||
cat > /usr/local/sbin/wg-syncconf-apply <<'EOF_SYNC_APPLY'
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
iface="${1:-wg0}"
|
||||
conf="/etc/wireguard/${iface}.conf"
|
||||
|
||||
[[ -f "$conf" ]] || exit 0
|
||||
|
||||
if systemctl is-active --quiet "wg-quick@${iface}.service"; then
|
||||
wg syncconf "$iface" <(wg-quick strip "$conf")
|
||||
else
|
||||
systemctl start "wg-quick@${iface}.service"
|
||||
fi
|
||||
EOF_SYNC_APPLY
|
||||
chmod 750 /usr/local/sbin/wg-syncconf-apply
|
||||
|
||||
cat > /etc/systemd/system/wg-syncconf@.service <<'EOF_SYNC_SERVICE'
|
||||
[Unit]
|
||||
Description=Apply WireGuard config changes for %i
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/local/sbin/wg-syncconf-apply %i
|
||||
EOF_SYNC_SERVICE
|
||||
|
||||
cat > /etc/systemd/system/wg-syncconf@.path <<'EOF_SYNC_PATH'
|
||||
[Unit]
|
||||
Description=Watch WireGuard config changes for %i
|
||||
|
||||
[Path]
|
||||
PathExists=/etc/wireguard/%i.conf
|
||||
PathModified=/etc/wireguard/%i.conf
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF_SYNC_PATH
|
||||
|
||||
systemctl daemon-reload
|
||||
systemctl enable --now "wg-syncconf@${WG_INTERFACE}.path"
|
||||
log_success "Включено авто-применение изменений /etc/wireguard/${WG_INTERFACE}.conf -> ${WG_INTERFACE}"
|
||||
}
|
||||
|
||||
setup_gui() {
|
||||
[[ "$GUI_ENABLE" == "yes" ]] || { log_warn "GUI отключен (GUI_ENABLE=no)"; return; }
|
||||
|
||||
@@ -414,6 +462,7 @@ GUI статус: ${gui_status}
|
||||
$(if [[ "$GUI_ENABLE" == "yes" && "$GUI_PASSWORD_GENERATED" -eq 1 ]]; then echo "GUI пароль: ${GUI_PASSWORD} (сгенерирован, рекомендуется заменить)"; fi)
|
||||
|
||||
Helper для peer: /usr/local/sbin/wg-peerctl
|
||||
Auto-apply GUI->WG: enabled (wg-syncconf@${WG_INTERFACE}.path)
|
||||
Лог установки: ${LOG_FILE}
|
||||
=================================================
|
||||
EOF_SUMMARY
|
||||
@@ -444,6 +493,7 @@ main() {
|
||||
setup_wg_service
|
||||
setup_ufw_if_active
|
||||
install_peer_helper
|
||||
install_wg_sync_watcher
|
||||
setup_gui
|
||||
print_summary
|
||||
|
||||
|
||||
Reference in New Issue
Block a user