Repository: its0x08/wg-install
Branch: master
Commit: cf586b2054a0
Files: 7
Total size: 13.6 KB
Directory structure:
gitextract_zobxk7p0/
├── .github/
│ ├── FUNDING.yml
│ ├── dependabot.yml
│ └── workflows/
│ ├── codacy.yml
│ └── semgrep.yml
├── CONTRIBUTING.md
├── README.md
└── wg-install.sh
================================================
FILE CONTENTS
================================================
================================================
FILE: .github/FUNDING.yml
================================================
# These are supported funding model platforms
github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
patreon: # Replace with a single Patreon username
open_collective: # Replace with a single Open Collective username
ko_fi: # Replace with a single Ko-fi username
tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
liberapay: # Replace with a single Liberapay username
issuehunt: # Replace with a single IssueHunt username
otechie: # Replace with a single Otechie username
lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
custom: https://www.paypal.me/KristBegaj
================================================
FILE: .github/dependabot.yml
================================================
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
version: 2
updates:
- package-ecosystem: "" # See documentation for possible values
directory: "/" # Location of package manifests
schedule:
interval: "weekly"
================================================
FILE: .github/workflows/codacy.yml
================================================
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow checks out code, performs a Codacy security scan
# and integrates the results with the
# GitHub Advanced Security code scanning feature. For more information on
# the Codacy security scan action usage and parameters, see
# https://github.com/codacy/codacy-analysis-cli-action.
# For more information on Codacy Analysis CLI in general, see
# https://github.com/codacy/codacy-analysis-cli.
name: Codacy Security Scan
on:
push:
branches: [ master ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ master ]
schedule:
- cron: '32 10 * * 0'
permissions:
contents: read
jobs:
codacy-security-scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
name: Codacy Security Scan
runs-on: ubuntu-latest
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout code
uses: actions/checkout@v3
# Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
- name: Run Codacy Analysis CLI
uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
with:
# Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
# You can also omit the token and run the tools that support default configurations
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
verbose: true
output: results.sarif
format: sarif
# Adjust severity of non-security issues
gh-code-scanning-compat: true
# Force 0 exit code to allow SARIF file generation
# This will handover control about PR rejection to the GitHub side
max-allowed-issues: 2147483647
# Upload the SARIF file generated in the previous step
- name: Upload SARIF results file
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
================================================
FILE: .github/workflows/semgrep.yml
================================================
on:
pull_request: {}
push:
branches:
- master
paths:
- .github/workflows/semgrep.yml
schedule:
- cron: '0 0 * * 0'
name: Semgrep
jobs:
semgrep:
name: Scan
runs-on: ubuntu-20.04
env:
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
container:
image: returntocorp/semgrep
steps:
- uses: actions/checkout@v3
- run: semgrep ci
================================================
FILE: CONTRIBUTING.md
================================================
# Contributors of the project!
[0x08](https://github.com/its0x08)
### Make sure to add your self on this list before commiting
================================================
FILE: README.md
================================================
# wg-install v0.1.01
WireGuard autoinstaller written in Bash
[WireGuard](https://www.wireguard.com) [road warrior](http://en.wikipedia.org/wiki/Road_warrior_%28computing%29) installer for Ubuntu, Debian, CentOS and Fedora!
This script will install automatically the Wireguard server and generate client configuration files for a secure connection.
[](https://github.com/its0x08/wg-install/actions/workflows/semgrep.yml)
[](https://github.com/its0x08/wg-install/actions/workflows/codacy.yml)
## Usage command
### Oneliners:
```bash
wget http://git.io/Jff1k -qO wg.sh && bash wg.sh
```
```bash
curl http://git.io/Jff1k -sSLo wg.sh && bash wg.sh
```
```bash
/bin/bash -c "$(curl -fsSL http://git.io/Jff1k)"
```
### Steps to download and run the scripts:
```bash
git clone https://github.com/its0x08/wg-install.git
cd wg-install
bash wg-install.sh
```
## Add new client or remove and uninstall WireGuard
You can run it again to generate more users after the first run, or remove WireGuard. Reboot your server to apply all settings.
## To start/activate the Wireguard client:
```bash
wg-quick up config_name
```
## Options:
The script can be configured by setting the following environment variables:
* INTERACTIVE - if set to "no", the script will not prompt for user input
* PRIVATE_SUBNET - private subnet configuration, (default: `10.9.0.0/24`)
* SERVER_HOST - public IP address, detected by default
* SERVER_PORT - listening port, picked randomly by default
* CLIENT_DNS - comma serparated DNS servers to use by the client
* ADD_REMOVE - set to `1` to remove WireGuard or `2` to add new users
* WG_CONFIG - set config location (default: `/etc/wireguard/wg0.conf`)
Copy the file `/root/client-wg0.conf` from a remote server to your local PC
path `/etc/wireguard/wg0.conf` and run `sudo systemctl start wg-quick@wg0.service` or
you can use the QR code generated by this script to auto-add mobile clients.
## Server/Client status:
To check VPN status, run `wg`.
# Pull Requests are appreciated
## Enjoy it !
#### Note: dont forget to report bugs please!!
================================================
FILE: wg-install.sh
================================================
#!/bin/bash
# wg-install v0.1.01
function generate_port {
local random_int
random_int="$(shuf -i 2000-65535 -n 1)"
ss -lau | grep "$random_int" > /dev/null
if [[ "$?" == 1 ]]; then
echo "$random_int"
else
generate_port
fi
}
if [[ "$EUID" != 0 ]]; then
echo "[-] Sorry, you need to run this as root"
exit 13
fi
if [[ ! -e /dev/net/tun ]]; then
echo "[-] The TUN device is not available. You need to enable TUN before running this script"
exit 2
fi
if [ -e /etc/centos-release ]; then
DISTRO="CentOS"
echo "[i] OS: $DISTRO"
elif [ -e /etc/debian_version ]; then
DISTRO="$(lsb_release -is)"
echo "[i] OS: $DISTRO"
else
echo -e "[-] Your distribution is not supported (yet)\n[i] Please open an issue or pull request to address you problem."
exit 95
fi
if [ "$WG_CONFIG" == "" ]; then
WG_CONFIG="/etc/wireguard/wg0.conf"
fi
if [ ! -f "$WG_CONFIG" ]; then
WG_CONFIG_NAME=${WG_CONFIG:15:-5}
# Install server and add default client
INTERACTIVE=${INTERACTIVE:-yes}
PRIVATE_SUBNET=${PRIVATE_SUBNET:-"10.9.0.0/24"}
PRIVATE_SUBNET_MASK=${PRIVATE_SUBNET##*/}
GATEWAY_ADDRESS="${PRIVATE_SUBNET::-4}1"
if [ "$SERVER_HOST" == "" ]; then
SERVER_HOST="$(curl -fsSL ifconfig.me 2>/dev/null || hostname -i)"
if [ "$INTERACTIVE" == "yes" ]; then
read -rp "[i] Servers public IP address is $SERVER_HOST Is that correct? [y/n]: " -e -i "y" CONFIRM
if [ "$CONFIRM" == "n" ]; then
echo "[-] Aborted. Use environment variable SERVER_HOST to set the correct public IP address"
exit 125
fi
fi
fi
if [ "$SERVER_PORT" == "" ]; then
SERVER_PORT="$(generate_port)"
fi
if [ "$CLIENT_DNS" == "" ]; then
echo "Which DNS do you want to use with the VPN?"
echo " 1) Cloudflare (fastest DNS)"
echo " 2) Google"
echo " 3) OpenDNS (has phishing protection and other security filters)"
echo " 4) Quad9 (Malware protection)"
echo " 5) AdGuard DNS (automatically blocks ads)"
read -rp "[?] DNS (1-5)[1]: " -e -i 1 DNS_CHOICE
case $DNS_CHOICE in
1)
CLIENT_DNS="1.1.1.1,1.0.0.1"
;;
2)
CLIENT_DNS="8.8.8.8,8.8.4.4"
;;
3)
CLIENT_DNS="208.67.222.222,208.67.220.220"
;;
4)
CLIENT_DNS="9.9.9.9"
;;
5)
CLIENT_DNS="176.103.130.130,176.103.130.131"
;;
esac
fi
if [ "$DISTRO" == "Ubuntu" ]; then
apt update
apt install linux-headers-"$(uname -r)" wireguard qrencode iptables-persistent -y
elif [ "$DISTRO" == "Debian" ]; then
echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list
apt update
apt install linux-headers-"$(uname -r)" wireguard qrencode iptables-persistent -y
elif [ "$DISTRO" == "CentOS" ]; then
curl -sLo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
yum install epel-release -y
yum install kernel-headers wireguard-dkms qrencode wireguard-tools -y
fi
SERVER_PRIVKEY="$(wg genkey)"
SERVER_PUBKEY="$(echo "$SERVER_PRIVKEY" | wg pubkey)"
CLIENT_PRIVKEY="$(wg genkey)"
CLIENT_PUBKEY="$(echo "$CLIENT_PRIVKEY" | wg pubkey)"
CLIENT_ADDRESS="${PRIVATE_SUBNET::-4}3"
mkdir -p /etc/wireguard
touch $WG_CONFIG && chmod 600 $WG_CONFIG
{
echo "# $PRIVATE_SUBNET $SERVER_HOST:$SERVER_PORT $SERVER_PUBKEY $CLIENT_DNS
[Interface]
Address = $GATEWAY_ADDRESS/$PRIVATE_SUBNET_MASK
ListenPort = $SERVER_PORT
PrivateKey = $SERVER_PRIVKEY
SaveConfig = false";
echo "# client
[Peer]
PublicKey = $CLIENT_PUBKEY
AllowedIPs = $CLIENT_ADDRESS/32";
} >> $WG_CONFIG
echo "[Interface]
PrivateKey = $CLIENT_PRIVKEY
Address = $CLIENT_ADDRESS/$PRIVATE_SUBNET_MASK
DNS = $CLIENT_DNS
[Peer]
PublicKey = $SERVER_PUBKEY
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = $SERVER_HOST:$SERVER_PORT
PersistentKeepalive = 25" > "$HOME/client-$WG_CONFIG_NAME.conf"
qrencode -t ansiutf8 -l L < "$HOME/client-$WG_CONFIG_NAME.conf"
{
echo "net.ipv4.ip_forward=1";
echo "net.ipv4.conf.all.forwarding=1";
echo "net.ipv6.conf.all.forwarding=1";
} >> /etc/sysctl.conf
sysctl -p
if [ "$DISTRO" == "CentOS" ]; then
firewall-cmd --zone=public --add-port="$SERVER_PORT/udp"
firewall-cmd --zone=trusted --add-source="$PRIVATE_SUBNET"
firewall-cmd --permanent --zone=public --add-port="$SERVER_PORT/udp"
firewall-cmd --permanent --zone=trusted --add-source="$PRIVATE_SUBNET"
firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -s "$PRIVATE_SUBNET" ! -d "$PRIVATE_SUBNET" -j SNAT --to "$SERVER_HOST"
firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s "$PRIVATE_SUBNET" ! -d "$PRIVATE_SUBNET" -j SNAT --to "$SERVER_HOST"
else
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate NEW -s "$PRIVATE_SUBNET" -m policy --pol none --dir in -j ACCEPT
iptables -t nat -A POSTROUTING -s "$PRIVATE_SUBNET" -m policy --pol none --dir out -j MASQUERADE
iptables -A INPUT -p udp --dport "$SERVER_PORT" -j ACCEPT
iptables-save > /etc/iptables/rules.v4
fi
systemctl enable wg-quick@$WG_CONFIG_NAME.service
systemctl start wg-quick@$WG_CONFIG_NAME.service
# TODO: unattended updates, apt install dnsmasq ntp
echo "[+] Client config --> $HOME/client-$WG_CONFIG_NAME.conf"
echo "[+] Now reboot the server and enjoy your fresh VPN installation! :^)"
else
# Server is installed, add a new client or remove server
echo "[1] Remove WireGuard."
echo "[2] Add client."
read -rp "[+] Choose from above options [1/2]: " -e ADD_REMOVE
if [ "$ADD_REMOVE" == "1" ]; then
echo "[*] Removing WireGuard from the server..."
rm -rf "$WG_CONFIG";
if [ "$DISTRO" == "Ubuntu" ]; then
apt remove wireguard* -y && apt autoremove -y && apt autoclean -y
elif [ "$DISTRO" == "Debian" ]; then
apt remove wireguard* -y && apt autoremove -y && apt autoclean -y
elif [ "$DISTRO" == "CentOS" ]; then
yum remove wireguard-dkms -y
fi
echo "[i] WireGuard removed from the server!"
exit 0
fi
CLIENT_NAME="$1"
if [ "$CLIENT_NAME" == "" ]; then
echo "[?] Tell me a name for the client config file [no special characters]."
read -rp "[+] Client name: " -e CLIENT_NAME
fi
CLIENT_PRIVKEY="$(wg genkey)"
CLIENT_PUBKEY="$(echo "$CLIENT_PRIVKEY" | wg pubkey)"
PRIVATE_SUBNET="$(head -n1 "$WG_CONFIG" | awk '{print $2}')"
PRIVATE_SUBNET_MASK="$(echo "$PRIVATE_SUBNET" | cut -d "/" -f 2)"
SERVER_ENDPOINT="$(head -n1 "$WG_CONFIG" | awk '{print $3}')"
SERVER_PUBKEY="$(head -n1 "$WG_CONFIG" | awk '{print $4}')"
CLIENT_DNS="$(head -n1 "$WG_CONFIG" | awk '{print $5}')"
LASTIP="$(grep "/32" "$WG_CONFIG" | tail -n1 | awk '{print $3}' | cut -d "/" -f 1 | cut -d "." -f 4)"
CLIENT_ADDRESS="${PRIVATE_SUBNET::-4}$((LASTIP + 1))"
echo "# $CLIENT_NAME
[Peer]
PublicKey = $CLIENT_PUBKEY
AllowedIPs = $CLIENT_ADDRESS/32" >> $WG_CONFIG
echo "[Interface]
PrivateKey = $CLIENT_PRIVKEY
Address = $CLIENT_ADDRESS/$PRIVATE_SUBNET_MASK
DNS = $CLIENT_DNS
[Peer]
PublicKey = $SERVER_PUBKEY
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = $SERVER_ENDPOINT
PersistentKeepalive = 25" > "$HOME/$CLIENT_NAME-$WG_CONFIG_NAME.conf"
qrencode -t ansiutf8 -l L < "$HOME/$CLIENT_NAME-$WG_CONFIG_NAME.conf"
ip address | grep -q $WG_CONFIG_NAME && wg set $WG_CONFIG_NAME peer "$CLIENT_PUBKEY" allowed-ips "$CLIENT_ADDRESS/32"
echo "[+] Client added, new configuration file --> $HOME/$CLIENT_NAME-$WG_CONFIG_NAME.conf"
fi
gitextract_zobxk7p0/ ├── .github/ │ ├── FUNDING.yml │ ├── dependabot.yml │ └── workflows/ │ ├── codacy.yml │ └── semgrep.yml ├── CONTRIBUTING.md ├── README.md └── wg-install.sh
Condensed preview — 7 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (15K chars).
[
{
"path": ".github/FUNDING.yml",
"chars": 844,
"preview": "# These are supported funding model platforms\n\ngithub: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [u"
},
{
"path": ".github/dependabot.yml",
"chars": 523,
"preview": "# To get started with Dependabot version updates, you'll need to specify which\n# package ecosystems to update and where "
},
{
"path": ".github/workflows/codacy.yml",
"chars": 2333,
"preview": "# This workflow uses actions that are not certified by GitHub.\n# They are provided by a third-party and are governed by\n"
},
{
"path": ".github/workflows/semgrep.yml",
"chars": 392,
"preview": "on:\n pull_request: {}\n push:\n branches:\n - master\n paths:\n - .github/workflows/semgrep.yml\n schedule:\n -"
},
{
"path": "CONTRIBUTING.md",
"chars": 129,
"preview": "# Contributors of the project!\n[0x08](https://github.com/its0x08)\n\n\n### Make sure to add your self on this list before c"
},
{
"path": "README.md",
"chars": 2407,
"preview": "\n# wg-install v0.1.01\nWireGuard autoinstaller written in Bash\n\n[WireGuard](https://www.wireguard.com) [road warrior](htt"
},
{
"path": "wg-install.sh",
"chars": 7299,
"preview": "#!/bin/bash\n# wg-install v0.1.01\n\n\nfunction generate_port {\n\tlocal random_int\n\trandom_int=\"$(shuf -i 2000-65535 -n 1)\"\n\t"
}
]
About this extraction
This page contains the full source code of the its0x08/wg-install GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 7 files (13.6 KB), approximately 4.3k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.