- flag::define: variadic constraint args (key:value) instead of bracket string - flag::_parse_constraints_from_args: replaces flag::_parse_and_cache - flag::set_constraint: Option B syntax for post-definition constraints - choices separator: comma (choices:split,full) — no quoting needed - guard against empty _CURRENT_COMMAND in exclusive groups lookup - migrate all commands to new constraint syntax - add helpful error for unknown constraint args
57 lines
No EOL
1.9 KiB
Bash
57 lines
No EOL
1.9 KiB
Bash
#!/usr/bin/env bash
|
|
# commands/peer/update-tunnel.sh
|
|
|
|
function cmd::peer::update_tunnel::on_load() {
|
|
help::section "Target"
|
|
flag::define --name value "desc" label:name section:Filters
|
|
flag::define --type value "Filter by type" label:type section:Target
|
|
flag::define --all bool "Update all peers" section:Target
|
|
|
|
help::section "Options"
|
|
flag::define --mode value "Tunnel mode" label:mode required choices:split,full section:Options
|
|
flag::define --force bool "Skip confirmation for --all" section:Options
|
|
}
|
|
|
|
function cmd::peer::update_tunnel::run() {
|
|
flag::parse "$@" || return 1
|
|
|
|
local name; name=$(flag::value --name)
|
|
local type; type=$(flag::value --type)
|
|
local mode; mode=$(flag::value --mode)
|
|
local all=false force=false
|
|
flag::bool --all && all=true
|
|
flag::bool --force && force=true
|
|
|
|
[[ -z "$name" && "$all" == "false" ]] && \
|
|
log::error "Specify --name or --all" && return 1
|
|
|
|
local allowed_ips
|
|
allowed_ips=$(config::allowed_ips_for "$mode")
|
|
|
|
local -a peers=()
|
|
if $all; then
|
|
if ! $force; then
|
|
read -r -p "Update tunnel mode to '${mode}' for ALL peers? [y/N] " confirm
|
|
case "$confirm" in [yY]*) ;; *) log::info "Aborted"; return 0 ;; esac
|
|
fi
|
|
while IFS= read -r conf; do
|
|
peers+=("$(basename "$conf" .conf)")
|
|
done < <(find "$(ctx::clients)" -name "*.conf" 2>/dev/null)
|
|
else
|
|
name=$(peers::resolve_and_require "$name" "$type") || return 1
|
|
peers=("$name")
|
|
fi
|
|
|
|
local updated=0
|
|
for peer_name in "${peers[@]}"; do
|
|
local conf
|
|
conf="$(ctx::clients)/${peer_name}.conf"
|
|
[[ ! -f "$conf" ]] && continue
|
|
sed -i "s|^AllowedIPs = .*|AllowedIPs = ${allowed_ips}|" "$conf"
|
|
(( updated++ )) || true
|
|
log::debug "Updated tunnel for: ${peer_name}"
|
|
done
|
|
|
|
log::wg_success "Updated tunnel to '${mode}' (${allowed_ips}) for ${updated} peer(s)"
|
|
log::wg "Peers must reconnect to apply the new tunnel mode"
|
|
} |