lib/network.sh

#!/bin/bash
# WireGuard Secure Installer
# Copyright (c) 2025 Muhammad Fadhila Abiyyu Faris
# GitHub: [github.com/fadhila36/wireguard-secure-installer](https://github.com/fadhila36/wireguard-secure-installer)

detect_public_ip() {
    log_info "Detecting public IP..."
    # Try multiple sources for redundancy
    PUBLIC_IP=$(curl -s https://api.ipify.org || curl -s https://ifconfig.me || curl -s https://icanhazip.com)
    
    if [[ -z "$PUBLIC_IP" ]]; then
        log_warn "Failed to detect public IP. Falling back to local interface IP."
        # Fallback to default route IP
        PUBLIC_IP=$(ip route get 1.1.1.1 | grep -oP 'src \K\S+')
    fi

    if [[ -z "$PUBLIC_IP" ]]; then
        fatal_error "Could not detect Public IP or Local IP. Network configuration failed."
    fi

    log_info "Public IP detected: $PUBLIC_IP"
}

detect_main_interface() {
    MAIN_NIC=$(ip route get 1.1.1.1 | grep -oP 'dev \K\S+')
    if [[ -z "$MAIN_NIC" ]]; then
        fatal_error "Could not detect main network interface."
    fi
    log_info "Main Interface detected: $MAIN_NIC"
}

configure_firewall() {
    log_info "Configuring Firewall..."

    # Enable IP Forwarding (Idempotent: Overwrites the file)
    cat > /etc/sysctl.d/99-wireguard.conf <<EOF
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
EOF
    sysctl --system >> "$LOG_FILE" 2>&1

    # Detect Firewall Type (UFW, Firewalld, or IPTables)
    if command -v ufw >/dev/null; then
        log_info "UFW detected. Adding rules..."
        ufw allow "$SERVER_PORT"/udp
        ufw allow OpenSSH
        # UFW routing rules are complex to automate safely without breaking existing config, 
        # relying on PostUp/PostDown in wg0.conf for NAT is safer and standard for WG.
    elif command -v firewall-cmd >/dev/null; then
        log_info "Firewalld detected. Adding rules..."
        firewall-cmd --zone=public --add-port="$SERVER_PORT"/udp --permanent
        firewall-cmd --zone=public --add-masquerade --permanent
        firewall-cmd --reload
    else
        log_info "No specific firewall manager found. Relying on WireGuard PostUp/PostDown for iptables."
    fi
}
feat: add wireguard secure installer with modular architecture This commit introduces a new WireGuard VPN installer with enterprise-grade security features. The installer includes: - Zero-touch installation with automatic configuration - Modular architecture for maintainability (separate lib files) - Client management interface with bandwidth monitoring - Support for multiple Linux distributions - Secure defaults and hardened configurations The implementation provides a complete solution for deploying WireGuard VPN servers with minimal user interaction while maintaining security best practices. 2025-11-30 14:55:15 +07:00			`#!/bin/bash`
			`# WireGuard Secure Installer`
			`# Copyright (c) 2025 Muhammad Fadhila Abiyyu Faris`
			`# GitHub: [github.com/fadhila36/wireguard-secure-installer](https://github.com/fadhila36/wireguard-secure-installer)`

			`detect_public_ip() {`
			`log_info "Detecting public IP..."`
			`# Try multiple sources for redundancy`
			`PUBLIC_IP=$(curl -s https://api.ipify.org \|\| curl -s https://ifconfig.me \|\| curl -s https://icanhazip.com)`

			`if [[ -z "$PUBLIC_IP" ]]; then`
			`log_warn "Failed to detect public IP. Falling back to local interface IP."`
			`# Fallback to default route IP`
			`PUBLIC_IP=$(ip route get 1.1.1.1 \| grep -oP 'src \K\S+')`
			`fi`

			`if [[ -z "$PUBLIC_IP" ]]; then`
			`fatal_error "Could not detect Public IP or Local IP. Network configuration failed."`
			`fi`

			`log_info "Public IP detected: $PUBLIC_IP"`
			`}`

			`detect_main_interface() {`
			`MAIN_NIC=$(ip route get 1.1.1.1 \| grep -oP 'dev \K\S+')`
			`if [[ -z "$MAIN_NIC" ]]; then`
			`fatal_error "Could not detect main network interface."`
			`fi`
			`log_info "Main Interface detected: $MAIN_NIC"`
			`}`

			`configure_firewall() {`
			`log_info "Configuring Firewall..."`

			`# Enable IP Forwarding (Idempotent: Overwrites the file)`
			`cat > /etc/sysctl.d/99-wireguard.conf <<EOF`
			`net.ipv4.ip_forward=1`
			`net.ipv6.conf.all.forwarding=1`
			`EOF`
			`sysctl --system >> "$LOG_FILE" 2>&1`

			`# Detect Firewall Type (UFW, Firewalld, or IPTables)`
			`if command -v ufw >/dev/null; then`
			`log_info "UFW detected. Adding rules..."`
			`ufw allow "$SERVER_PORT"/udp`
			`ufw allow OpenSSH`
			`# UFW routing rules are complex to automate safely without breaking existing config,`
			`# relying on PostUp/PostDown in wg0.conf for NAT is safer and standard for WG.`
			`elif command -v firewall-cmd >/dev/null; then`
			`log_info "Firewalld detected. Adding rules..."`
			`firewall-cmd --zone=public --add-port="$SERVER_PORT"/udp --permanent`
			`firewall-cmd --zone=public --add-masquerade --permanent`
			`firewall-cmd --reload`
			`else`
			`log_info "No specific firewall manager found. Relying on WireGuard PostUp/PostDown for iptables."`
			`fi`
			`}`