139 lines
3.2 KiB
Bash
139 lines
3.2 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
# ============================================
|
|
# Help
|
|
# ============================================
|
|
|
|
function cmd::service::help() {
|
|
cat <<EOF
|
|
Usage: wgctl <subcommand>
|
|
|
|
Manage the WireGuard service.
|
|
|
|
Subcommands:
|
|
start, up Start WireGuard
|
|
stop, down Stop WireGuard
|
|
restart, reload Restart WireGuard
|
|
status, stat Show WireGuard status
|
|
logs, log Show WireGuard logs
|
|
enable Enable WireGuard on boot
|
|
disable Disable WireGuard on boot
|
|
|
|
Examples:
|
|
wgctl start
|
|
wgctl logs
|
|
wgctl status
|
|
EOF
|
|
}
|
|
|
|
# ============================================
|
|
# Run
|
|
# ============================================
|
|
|
|
function cmd::service::run() {
|
|
local subcmd="${1:-help}"
|
|
shift || true
|
|
|
|
case "$subcmd" in
|
|
start) cmd::service::start ;;
|
|
stop) cmd::service::stop ;;
|
|
restart) cmd::service::restart ;;
|
|
reload) cmd::service::reload ;;
|
|
status) cmd::service::status ;;
|
|
logs) cmd::service::logs ;;
|
|
enable) cmd::service::enable ;;
|
|
disable) cmd::service::disable ;;
|
|
help) cmd::service::help ;;
|
|
*)
|
|
log::error "Unknown subcommand: '${subcmd}'"
|
|
cmd::service::help
|
|
return 1
|
|
;;
|
|
esac
|
|
}
|
|
|
|
# ============================================
|
|
# Subcommands
|
|
# ============================================
|
|
|
|
function cmd::service::start() {
|
|
log::wg_start "Starting WireGuard..."
|
|
systemctl start "wg-quick@$(config::interface)"
|
|
|
|
block::restore_all
|
|
rule::restore_all
|
|
|
|
cmd::service::_auto_rotate_logs
|
|
|
|
log::wg_success "WireGuard started"
|
|
}
|
|
|
|
function cmd::service::stop() {
|
|
log::wg_stop "Stopping WireGuard..."
|
|
systemctl stop "wg-quick@$(config::interface)"
|
|
log::wg_success "WireGuard stopped"
|
|
}
|
|
|
|
function cmd::service::restart() {
|
|
log::wg_start "Restarting WireGuard..."
|
|
|
|
# Flush firewall rules before restart so restore starts clean
|
|
fw::flush_all
|
|
|
|
systemctl restart "wg-quick@$(config::interface)"
|
|
|
|
block::restore_all
|
|
rule::restore_all
|
|
|
|
cmd::service::_auto_rotate_logs
|
|
|
|
log::wg_success "WireGuard restarted"
|
|
}
|
|
|
|
function cmd::service::reload() {
|
|
log::wg_start "Reloading WireGuard config..."
|
|
|
|
peers::reload
|
|
block::restore_all
|
|
rule::restore_all
|
|
|
|
log::wg_success "WireGuard config reloaded"
|
|
}
|
|
|
|
function cmd::service::status() {
|
|
log::section "WireGuard Status"
|
|
|
|
echo ""
|
|
systemctl status "wg-quick@$(config::interface)" --no-pager
|
|
echo ""
|
|
|
|
log::section "Active Peers"
|
|
wg show "$(config::interface)"
|
|
}
|
|
|
|
function cmd::service::logs() {
|
|
log::section "WireGuard Logs"
|
|
journalctl -u "wg-quick@$(config::interface)" -f --no-pager
|
|
}
|
|
|
|
function cmd::service::_auto_rotate_logs() {
|
|
local max_size=10485760 # 10MB
|
|
local fw_size wg_size
|
|
fw_size=$(stat -c%s "$(ctx::fw_events_log)" 2>/dev/null || echo 0)
|
|
wg_size=$(stat -c%s "$(ctx::events_log)" 2>/dev/null || echo 0)
|
|
|
|
if (( fw_size > max_size || wg_size > max_size )); then
|
|
log::wg_warning "Log files exceed 10MB, auto-rotating (keeping 7 days)..."
|
|
cmd::logs::rotate --days 7 --force
|
|
fi
|
|
}
|
|
|
|
function cmd::service::enable() {
|
|
systemctl enable "wg-quick@$(config::interface)"
|
|
log::wg_success "WireGuard enabled on boot"
|
|
}
|
|
|
|
function cmd::service::disable() {
|
|
systemctl disable "wg-quick@$(config::interface)"
|
|
log::wg_success "WireGuard disabled on boot"
|
|
}
|