From ad85c697f7e47cc7d5e12c6f7301ccc923bbb59f Mon Sep 17 00:00:00 2001
From: Alex Denes <caskd@redxen.eu>
Date: Mon, 19 Sep 2022 12:12:10 +0000
Subject: [PATCH] features: add wireguard support

---
 Makefile                     |  4 +++-
 features.d/wireguard.files   |  2 ++
 features.d/wireguard.modules |  1 +
 initramfs-init.in            | 30 +++++++++++++++++++++++++++++-
 4 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100644 features.d/wireguard.files
 create mode 100644 features.d/wireguard.modules

diff --git a/Makefile b/Makefile
index 96f9c36..c98c19d 100644
--- a/Makefile
+++ b/Makefile
@@ -58,7 +58,9 @@ CONF_FILES	:= mkinitfs.conf \
 		features.d/zfcp.modules \
 		features.d/dhcp.files \
 		features.d/dhcp.modules \
-		features.d/https.files
+		features.d/https.files \
+		features.d/wireguard.files \
+		features.d/wireguard.modules
 MAN_FILES       := mkinitfs.1 mkinitfs-bootparam.7 nlplug-findfs.1
 
 SCRIPTS		:= mkinitfs bootchartd initramfs-init
diff --git a/features.d/wireguard.files b/features.d/wireguard.files
new file mode 100644
index 0000000..0a77737
--- /dev/null
+++ b/features.d/wireguard.files
@@ -0,0 +1,2 @@
+/usr/bin/wg
+/etc/wireguard/initrd.conf
diff --git a/features.d/wireguard.modules b/features.d/wireguard.modules
new file mode 100644
index 0000000..4d88db0
--- /dev/null
+++ b/features.d/wireguard.modules
@@ -0,0 +1 @@
+kernel/drivers/net/wireguard/wireguard.ko*
diff --git a/initramfs-init.in b/initramfs-init.in
index 3450e5e..a232d6d 100755
--- a/initramfs-init.in
+++ b/initramfs-init.in
@@ -265,6 +265,29 @@ setup_nbd() {
 	[ "$n" != 0 ] || return 1
 }
 
+setup_wireguard() {
+	modprobe -q wireguard || return 1
+	local IFS=';'
+	set -- $KOPT_wireguard
+	unset IFS
+
+	local device="$1"
+	local ips="$2"
+	local config="${3:-/etc/wireguard/initrd.conf}"
+
+	local IFS=','
+	set -- $ips
+	unset IFS
+
+	ip link add "$device" type wireguard
+	wg setconf "$device" "$config"
+	ip link set dev "$device" up
+
+	for addr in $@; do
+		ip addr add dev "$device" "$addr"
+	done
+}
+
 rtc_exists() {
 	local rtc=
 	for rtc in /dev/rtc /dev/rtc[0-9]*; do
@@ -347,7 +370,7 @@ myopts="alpine_dev autodetect autoraid chart cryptroot cryptdm cryptheader crypt
 	cryptdiscards cryptkey debug_init dma init init_args keep_apk_new modules ovl_dev
 	pkgs quiet root_size root usbdelay ip alpine_repo apkovl alpine_start splash
 	blacklist overlaytmpfs overlaytmpfsflags rootfstype rootflags nbd resume s390x_net
-	dasd ssh_key BOOTIF zfcp"
+	dasd ssh_key wireguard BOOTIF zfcp"
 
 for opt; do
 	case "$opt" in
@@ -493,6 +516,11 @@ if [ -n "$KOPT_cryptroot" ]; then
 	fi
 fi
 
+if [ -n "$KOPT_wireguard" ]; then
+	configure_ip
+	setup_wireguard || echo "Failed to setup wireguard tunnel."
+fi
+
 if [ -n "$KOPT_nbd" ]; then
 	# TODO: Might fail because nlplug-findfs hasn't plugged eth0 yet
 	configure_ip
-- 
GitLab