121 lines
3.2 KiB
Bash
121 lines
3.2 KiB
Bash
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
REPO_RAW_URL_DEFAULT="https://gitea.qortal.link/crowetic/QORTector-scripts/raw/branch/main/keep-wireguard-connected.sh"
|
|
|
|
INSTALL_PATH="/usr/local/sbin/keep-wireguard-connected.sh"
|
|
CONF_PATH="/etc/keep-wireguard-connected.conf"
|
|
|
|
SERVICE_NAME="keep-wireguard-connected"
|
|
SERVICE_PATH="/etc/systemd/system/${SERVICE_NAME}.service"
|
|
TIMER_PATH="/etc/systemd/system/${SERVICE_NAME}.timer"
|
|
|
|
# Timer cadence defaults
|
|
ONBOOT_SEC="45s"
|
|
INTERVAL_SEC="30s"
|
|
ACCURACY_SEC="5s"
|
|
|
|
log() { echo -e "\033[1;32m[+]\033[0m $*"; }
|
|
warn() { echo -e "\033[1;33m[!]\033[0m $*" >&2; }
|
|
die() { echo -e "\033[1;31m[x]\033[0m $*" >&2; exit 1; }
|
|
|
|
need_root() { [[ "${EUID:-$(id -u)}" -eq 0 ]] || die "Run as root: sudo $0"; }
|
|
have_cmd() { command -v "$1" >/dev/null 2>&1; }
|
|
|
|
need_root
|
|
|
|
REPO_RAW_URL="${REPO_RAW_URL:-$REPO_RAW_URL_DEFAULT}"
|
|
|
|
log "Installing keep-wireguard-connected..."
|
|
|
|
# 1) Install script (prefer local file in current directory)
|
|
if [[ -f "./keep-wireguard-connected.sh" ]]; then
|
|
log "Using local ./keep-wireguard-connected.sh"
|
|
install -m 0750 -o root -g root "./keep-wireguard-connected.sh" "$INSTALL_PATH"
|
|
else
|
|
have_cmd curl || die "curl missing (or run installer from same dir as keep-wireguard-connected.sh)"
|
|
log "Downloading: $REPO_RAW_URL"
|
|
tmp="$(mktemp)"
|
|
curl -fsSL --max-time 25 "$REPO_RAW_URL" -o "$tmp" || die "Download failed"
|
|
install -m 0750 -o root -g root "$tmp" "$INSTALL_PATH"
|
|
rm -f "$tmp"
|
|
fi
|
|
|
|
bash -n "$INSTALL_PATH" || die "Installed script has syntax errors: $INSTALL_PATH"
|
|
|
|
# 2) Create config file if missing
|
|
if [[ ! -f "$CONF_PATH" ]]; then
|
|
log "Creating config: $CONF_PATH"
|
|
cat > "$CONF_PATH" <<'EOF'
|
|
# /etc/keep-wireguard-connected.conf
|
|
# Optional overrides for keep-wireguard-connected.sh
|
|
#
|
|
# NOTE: Your script must source this file (recommended patch).
|
|
# If you haven't patched the script yet, do that first.
|
|
|
|
WG_IFACE="va3"
|
|
EXPECTED_EGRESS_IP="51.81.16.137"
|
|
VPN_PING_TARGET="10.0.0.1"
|
|
|
|
TOTAL_WAIT_SEC=90
|
|
SLEEP_STEP_SEC=5
|
|
|
|
IP_ECHO_URLS=(
|
|
"https://canhazip.com"
|
|
"https://api.ipify.org"
|
|
"https://ifconfig.me/ip"
|
|
"https://icanhazip.com"
|
|
)
|
|
|
|
REBOOT_CMD=(/sbin/reboot -f)
|
|
EOF
|
|
chmod 0640 "$CONF_PATH"
|
|
chown root:root "$CONF_PATH"
|
|
else
|
|
warn "Config already exists, leaving unchanged: $CONF_PATH"
|
|
fi
|
|
|
|
# 3) systemd service
|
|
log "Writing systemd service: $SERVICE_PATH"
|
|
cat > "$SERVICE_PATH" <<EOF
|
|
[Unit]
|
|
Description=Keep WireGuard connected (egress watchdog)
|
|
Wants=network-online.target
|
|
After=network-online.target
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
EnvironmentFile=-$CONF_PATH
|
|
ExecStart=$INSTALL_PATH
|
|
EOF
|
|
|
|
# 4) systemd timer
|
|
log "Writing systemd timer: $TIMER_PATH"
|
|
cat > "$TIMER_PATH" <<EOF
|
|
[Unit]
|
|
Description=Run keep-wireguard-connected periodically
|
|
|
|
[Timer]
|
|
OnBootSec=$ONBOOT_SEC
|
|
OnUnitActiveSec=$INTERVAL_SEC
|
|
AccuracySec=$ACCURACY_SEC
|
|
Persistent=true
|
|
|
|
[Install]
|
|
WantedBy=timers.target
|
|
EOF
|
|
|
|
log "Reloading systemd"
|
|
systemctl daemon-reload
|
|
|
|
log "Enabling + starting timer"
|
|
systemctl enable --now "${SERVICE_NAME}.timer"
|
|
|
|
log "Installed."
|
|
echo
|
|
log "Commands:"
|
|
echo " Edit config: sudo nano $CONF_PATH"
|
|
echo " Test run: sudo $INSTALL_PATH"
|
|
echo " Timer status: systemctl status ${SERVICE_NAME}.timer --no-pager"
|
|
echo " Logs: journalctl -u ${SERVICE_NAME}.service -n 200 --no-pager"
|