wireguard-management/wg-heavy@wg1.service

#! /bin/sh
# chkconfig:         2345 20 80

### BEGIN INIT INFO
# Provides:          wireguard
# Required-Start:    $all
# Required-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:
# Short-Description: Launch Wireguard without creating route table
### END INIT INFO

wifname=$(basename -s .service "$0" | cut -d'@' -f2)
wifaddr=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | grep 'Address' | cut -d'=' -f2- | tr -d ' ')
wg_pkey=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | grep 'PrivateKey' | cut -d'=' -f2- | tr -d ' ')
wg_cert=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | grep 'PublicKey' | cut -d'=' -f2- | tr -d ' ')
wg_port=51820
wg_endp=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | sudo grep 'Endpoint' | cut -d'=' -f2- | tr -d ' ')
wgallow=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | grep 'AllowedIPs' | cut -d'=' -f2- | tr -d ' ')
wgalive=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | grep 'PersistentKeepalive' | cut -d'=' -f2- | tr -d ' ')

start() {
  ip link add dev "${wifname}" type wireguard && \
  ip address add dev "${wifname}" "${wifaddr}"  && \
  printf "%s" "${wg_pkey}" > "/etc/wireguard/${wifname}.key"  && \
  wg set "${wifname}" \
    listen-port "${wg_port}" \
    private-key "/etc/wireguard/${wifname}.key" \
    peer "${wg_cert}" \
    allowed-ips "${wgallow}" \
    endpoint "${wg_endp}" \
    persistent-keepalive "${wgalive}" && \
  ip link set up dev "${wifname}" || \
  exit 1
}

stop() {
  ip link set down dev "${wifname}"
  ip address del dev "${wifname}" "${wifaddr}"
  ip link del dev "${wifname}" type wireguard
  rm -f "/etc/wireguard/${wifname}.key"
}

status() {
  if ip a grep -q -w "${wifname}"; then
    ip a | grep -w "${wifname}"
  else
    echo "${wifname} down"
  fi
}

case "$1" in
    start)
       start
       ;;
    stop)
       stop
       ;;
    restart)
       stop
       sleep 1
       start
       ;;
    status)
       status
       ;;
    *)
       echo "Usage: $0 {start|stop|restart|status}"
esac

exit 0