From 8d73fb774f46ff3d85253cc7c789638236dabf5a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 22 Apr 2020 10:00:34 +0100
Subject: [PATCH] Update installer + sudoers for wg

---
 installers/common.sh      | 39 +++++++++++++++++++++------------------
 installers/raspap.sudoers |  4 ++++
 installers/raspbian.sh    |  8 ++++++++
 3 files changed, 33 insertions(+), 18 deletions(-)

diff --git a/installers/common.sh b/installers/common.sh
index a58e4ba7..a06dedda 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -235,37 +235,37 @@ function _install_adblock() {
     _install_status 0
 }
 
-# Prompt to install VPN
-function _prompt_install_vpn() {
-    _install_log "Configure VPN support"
-    echo -n "Install VPN and enable client configuration? [Y/n]: "
+# Prompt to install openvpn
+function _prompt_install_openvpn() {
+    _install_log "Configure OpenVPN support"
+    echo -n "Install OpenVPN and enable client configuration? [Y/n]: "
     if [ "$assume_yes" == 0 ]; then
         read answer < /dev/tty
         if [ "$answer" != "${answer#[Nn]}" ]; then
             echo -e
         else
-            _install_vpn
+            _install_openvpn
         fi
     elif [ "$ovpn_option" == 1 ]; then
-        _install_vpn
+        _install_openvpn
     else
         echo "(Skipped)"
     fi
 }
 
-function _install_vpn() {
-    echo -n "Install [O]penVPN or [W]ireGuard? [O/W]: "
+# Prompt to install WireGuard
+function _prompt_install_wireguard() {
+    _install_log "Configure WireGuard support"
+    echo -n "Install WireGuard and enable VPN tunnel configuration? [Y/n]: "
     if [ "$assume_yes" == 0 ]; then
         read answer < /dev/tty
-        case $answer in
-            [oO]* )
-                _install_openvpn;
-                break;;
-            [wW]* )
-                _install_wireguard;
-        esac
-    elif [ "$ovpn_option" == 1 ]; then
-        _install_openvpn
+        if [ "$answer" != "${answer#[Nn]}" ]; then
+            echo -e
+        else
+            _install_wireguard
+        fi
+    elif [ "$wg_option" == 1 ]; then
+        _install_wireguard
     else
         echo "(Skipped)"
     fi
@@ -283,6 +283,8 @@ function _install_wireguard() {
     printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable || _install_status 1 "Unable to append to preferences.d"
     echo "Installing WireGuard"
     sudo apt-get update && sudo apt-get install $apt_option wireguard || _install_status 1 "Unable to install wireguard"
+    echo "Enabling wg-quick@wg0"
+    sudo systemctl enable wg-quick@wg0 || _install_status 1 "Failed to enable wg-quick service"
     echo "Enabling WireGuard management option"
     sudo sed -i "s/\('RASPI_WIREGUARD_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_status 1 "Unable to modify config.php"
     _install_status 0
@@ -572,7 +574,8 @@ function _install_raspap() {
     _default_configuration
     _configure_networking
     _prompt_install_adblock
-    _prompt_install_vpn
+    _prompt_install_openvpn
+    _prompt_install_wireguard
     _patch_system_files
     _install_complete
 }
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 517fbdef..ef21ec14 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -37,4 +37,8 @@ www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
+www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
+www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
+www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
+
 
diff --git a/installers/raspbian.sh b/installers/raspbian.sh
index d0e72769..da8ca5d0 100755
--- a/installers/raspbian.sh
+++ b/installers/raspbian.sh
@@ -14,6 +14,8 @@
 #    Used with -y, --yes, sets OpenVPN install option (0=no install)
 # -a, --adblock <flag>
 #    Used with -y, --yes, sets Adblock install option (0=no install)
+# -w, --wireguard <flag>
+#    Used with -y, --yes, sets WireGuard install option (0=no install)
 # -r, --repo, --repository <name>
 #    Overrides the default GitHub repo (billz/raspap-webgui)
 # -b, --branch <name>
@@ -39,6 +41,7 @@ branch="master"
 assume_yes=0
 ovpn_option=1
 adblock_option=1
+wg_option=1
 
 # Define colors
 readonly ANSI_RED="\033[0;31m"
@@ -58,6 +61,7 @@ Usage: raspbian.sh [OPTION]\n
 -c, --cert, --certificate\n\tInstalls an SSL certificate for lighttpd
 -o, --openvpn <flag>\n\tUsed with -y, --yes, sets OpenVPN install option (0=no install)
 -a, --adblock <flag>\n\tUsed with -y, --yes, sets Adblock install option (0=no install)
+-w, --wireguard <flag>\n\tUsed with -y, --yes, sets WireGuard install option (0=no install)
 -r, --repo, --repository <name>\n\tOverrides the default GitHub repo (billz/raspap-webgui)
 -b, --branch <name>\n\tOverrides the default git branch (master)
 -h, --help\n\tOutputs usage notes and exits
@@ -80,6 +84,10 @@ while :; do
         adblock_option="$2"
         shift
         ;;
+        -w|--wireguard)
+        wg_option="$2"
+        shift
+        ;;
         -c|--cert|--certificate)
         install_cert=1
         ;;