From 164b35c7c56e8b26ddffd4bd984784239518e511 Mon Sep 17 00:00:00 2001
From: doas enjoyer <54595497+notsudoers@users.noreply.github.com>
Date: Mon, 27 Jan 2025 06:25:47 +0700
Subject: [PATCH 1/6] Add Alpine Linux support (#539)

---
 README.md            |  1 +
 wireguard-install.sh | 96 +++++++++++++++++++++++++++++++++++---------
 2 files changed, 79 insertions(+), 18 deletions(-)

diff --git a/README.md b/README.md
index a8fe265..abe5392 100644
--- a/README.md
+++ b/README.md
@@ -17,6 +17,7 @@ WireGuard does not fit your environment? Check out [openvpn-install](https://git
 Supported distributions:
 
 - AlmaLinux >= 8
+- Alpine Linux
 - Arch Linux
 - CentOS Stream >= 8
 - Debian >= 10
diff --git a/wireguard-install.sh b/wireguard-install.sh
index 55d9b8d..75ee438 100644
--- a/wireguard-install.sh
+++ b/wireguard-install.sh
@@ -16,18 +16,32 @@ function isRoot() {
 }
 
 function checkVirt() {
-	if [ "$(systemd-detect-virt)" == "openvz" ]; then
+	function openvzErr() {
 		echo "OpenVZ is not supported"
 		exit 1
-	fi
-
-	if [ "$(systemd-detect-virt)" == "lxc" ]; then
+	}
+	function lxcErr() {
 		echo "LXC is not supported (yet)."
 		echo "WireGuard can technically run in an LXC container,"
 		echo "but the kernel module has to be installed on the host,"
 		echo "the container has to be run with some specific parameters"
 		echo "and only the tools need to be installed in the container."
 		exit 1
+	}
+	if command -v virt-what &>/dev/null; then
+		if [ "$(virt-what)" == "openvz" ]; then
+            openvzErr
+        fi
+        if [ "$(virt-what)" == "lxc" ]; then
+            lxcErr
+        fi
+	else
+		if [ "$(systemd-detect-virt)" == "openvz" ]; then
+            openvzErr
+        fi
+        if [ "$(systemd-detect-virt)" == "lxc" ]; then
+            lxcErr
+        fi
 	fi
 }
 
@@ -61,6 +75,11 @@ function checkOS() {
 		OS=oracle
 	elif [[ -e /etc/arch-release ]]; then
 		OS=arch
+	elif [[ -e /etc/alpine-release ]]; then
+		OS=alpine
+		if ! command -v virt-what &>/dev/null; then
+            apk update && apk add virt-what
+        fi
 	else
 		echo "Looks like you aren't running this installer on a Debian, Ubuntu, Fedora, CentOS, AlmaLinux, Oracle or Arch Linux system"
 		exit 1
@@ -97,8 +116,8 @@ function getHomeDirForClient() {
 
 function initialCheck() {
 	isRoot
-	checkVirt
 	checkOS
+	checkVirt
 }
 
 function installQuestions() {
@@ -118,7 +137,7 @@ function installQuestions() {
 	read -rp "IPv4 or IPv6 public address: " -e -i "${SERVER_PUB_IP}" SERVER_PUB_IP
 
 	# Detect public interface and pre-fill for the user
-	SERVER_NIC="$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)"
+	SERVER_NIC="$(ip -4 route ls | grep default | awk '/dev/ {for (i=1; i<=NF; i++) if ($i == "dev") print $(i+1)}' | head -1)"
 	until [[ ${SERVER_PUB_NIC} =~ ^[a-zA-Z0-9_]+$ ]]; do
 		read -rp "Public interface: " -e -i "${SERVER_NIC}" SERVER_PUB_NIC
 	done
@@ -204,6 +223,12 @@ function installWireGuard() {
 		dnf install -y wireguard-tools qrencode iptables
 	elif [[ ${OS} == 'arch' ]]; then
 		pacman -S --needed --noconfirm wireguard-tools qrencode
+	elif [[ ${OS} == 'alpine' ]]; then
+		apk update
+		apk add wireguard-tools iptables build-base libpng-dev
+		curl -O https://fukuchi.org/works/qrencode/qrencode-4.1.1.tar.gz
+		tar xf qrencode-4.1.1.tar.gz
+		(cd qrencode-4.1.1 || exit && ./configure && make && make install && ldconfig)
 	fi
 
 	# Make sure the directory exists (this does not seem the be the case on fedora)
@@ -257,26 +282,46 @@ PostDown = ip6tables -t nat -D POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE" >
 	echo "net.ipv4.ip_forward = 1
 net.ipv6.conf.all.forwarding = 1" >/etc/sysctl.d/wg.conf
 
-	sysctl --system
+	if [[ ${OS} = 'alpine' ]]; then
+		sysctl -p /etc/sysctl.d/wg.conf
+		rc-update add sysctl
+		ln -s /etc/init.d/wg-quick "/etc/init.d/wg-quick.${SERVER_WG_NIC}"
+		rc-service "wg-quick.${SERVER_WG_NIC}" start
+		rc-update add "wg-quick.${SERVER_WG_NIC}"
+	else
+		sysctl --system
 
-	systemctl start "wg-quick@${SERVER_WG_NIC}"
-	systemctl enable "wg-quick@${SERVER_WG_NIC}"
+		systemctl start "wg-quick@${SERVER_WG_NIC}"
+		systemctl enable "wg-quick@${SERVER_WG_NIC}"
+	fi
 
 	newClient
 	echo -e "${GREEN}If you want to add more clients, you simply need to run this script another time!${NC}"
 
 	# Check if WireGuard is running
-	systemctl is-active --quiet "wg-quick@${SERVER_WG_NIC}"
+	if [[ ${OS} == 'alpine' ]]; then
+		rc-service --quiet "wg-quick.${SERVER_WG_NIC}" status
+	else
+		systemctl is-active --quiet "wg-quick@${SERVER_WG_NIC}"
+	fi
 	WG_RUNNING=$?
 
 	# WireGuard might not work if we updated the kernel. Tell the user to reboot
 	if [[ ${WG_RUNNING} -ne 0 ]]; then
 		echo -e "\n${RED}WARNING: WireGuard does not seem to be running.${NC}"
-		echo -e "${ORANGE}You can check if WireGuard is running with: systemctl status wg-quick@${SERVER_WG_NIC}${NC}"
+		if [[ ${OS} == 'alpine' ]]; then
+			echo -e "${ORANGE}You can check if WireGuard is running with: rc-service wg-quick.${SERVER_WG_NIC} status${NC}"
+		else
+			echo -e "${ORANGE}You can check if WireGuard is running with: systemctl status wg-quick@${SERVER_WG_NIC}${NC}"
+		fi
 		echo -e "${ORANGE}If you get something like \"Cannot find device ${SERVER_WG_NIC}\", please reboot!${NC}"
 	else # WireGuard is running
 		echo -e "\n${GREEN}WireGuard is running.${NC}"
-		echo -e "${GREEN}You can check the status of WireGuard with: systemctl status wg-quick@${SERVER_WG_NIC}\n\n${NC}"
+		if [[ ${OS} == 'alpine' ]]; then
+			echo -e "${GREEN}You can check the status of WireGuard with: rc-service wg-quick.${SERVER_WG_NIC} status\n\n${NC}"
+		else
+			echo -e "${GREEN}You can check the status of WireGuard with: systemctl status wg-quick@${SERVER_WG_NIC}\n\n${NC}"
+		fi
 		echo -e "${ORANGE}If you don't have internet connectivity from your client, try to reboot the server.${NC}"
 	fi
 }
@@ -436,8 +481,15 @@ function uninstallWg() {
 	if [[ $REMOVE == 'y' ]]; then
 		checkOS
 
-		systemctl stop "wg-quick@${SERVER_WG_NIC}"
-		systemctl disable "wg-quick@${SERVER_WG_NIC}"
+		if [[ ${OS} == 'alpine' ]]; then
+			rc-service "wg-quick.${SERVER_WG_NIC}" stop
+			rc-update del "wg-quick.${SERVER_WG_NIC}"
+			unlink "/etc/init.d/wg-quick.${SERVER_WG_NIC}"
+			rc-update del sysctl
+		else
+			systemctl stop "wg-quick@${SERVER_WG_NIC}"
+			systemctl disable "wg-quick@${SERVER_WG_NIC}"
+		fi
 
 		if [[ ${OS} == 'ubuntu' ]]; then
 			apt-get remove -y wireguard wireguard-tools qrencode
@@ -458,16 +510,24 @@ function uninstallWg() {
 			yum remove --noautoremove wireguard-tools qrencode
 		elif [[ ${OS} == 'arch' ]]; then
 			pacman -Rs --noconfirm wireguard-tools qrencode
+		elif [[ ${OS} == 'alpine' ]]; then
+			(cd qrencode-4.1.1 || exit && make uninstall)
+			rm -rf qrencode-* || exit
+			apk del wireguard-tools build-base libpng-dev
 		fi
 
 		rm -rf /etc/wireguard
 		rm -f /etc/sysctl.d/wg.conf
 
-		# Reload sysctl
-		sysctl --system
+		if [[ ${OS} == 'alpine' ]]; then
+			rc-service --quiet "wg-quick.${SERVER_WG_NIC}" status &>/dev/null
+		else
+			# Reload sysctl
+			sysctl --system
 
-		# Check if WireGuard is running
-		systemctl is-active --quiet "wg-quick@${SERVER_WG_NIC}"
+			# Check if WireGuard is running
+			systemctl is-active --quiet "wg-quick@${SERVER_WG_NIC}"
+		fi
 		WG_RUNNING=$?
 
 		if [[ ${WG_RUNNING} -eq 0 ]]; then

From 44ff473cfde592578f5115a16a9e4156b7eecbd0 Mon Sep 17 00:00:00 2001
From: Stanislas Lange <git@slange.me>
Date: Mon, 27 Jan 2025 00:31:28 +0100
Subject: [PATCH 2/6] Fix indentation

---
 wireguard-install.sh | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/wireguard-install.sh b/wireguard-install.sh
index 75ee438..db81d84 100644
--- a/wireguard-install.sh
+++ b/wireguard-install.sh
@@ -30,18 +30,18 @@ function checkVirt() {
 	}
 	if command -v virt-what &>/dev/null; then
 		if [ "$(virt-what)" == "openvz" ]; then
-            openvzErr
-        fi
-        if [ "$(virt-what)" == "lxc" ]; then
-            lxcErr
-        fi
+			openvzErr
+		fi
+		if [ "$(virt-what)" == "lxc" ]; then
+			lxcErr
+		fi
 	else
 		if [ "$(systemd-detect-virt)" == "openvz" ]; then
-            openvzErr
-        fi
-        if [ "$(systemd-detect-virt)" == "lxc" ]; then
-            lxcErr
-        fi
+			openvzErr
+		fi
+		if [ "$(systemd-detect-virt)" == "lxc" ]; then
+			lxcErr
+		fi
 	fi
 }
 
@@ -78,8 +78,8 @@ function checkOS() {
 	elif [[ -e /etc/alpine-release ]]; then
 		OS=alpine
 		if ! command -v virt-what &>/dev/null; then
-            apk update && apk add virt-what
-        fi
+			apk update && apk add virt-what
+		fi
 	else
 		echo "Looks like you aren't running this installer on a Debian, Ubuntu, Fedora, CentOS, AlmaLinux, Oracle or Arch Linux system"
 		exit 1

From 45674c68576619217f9ddfd1e576a6c4fcad5c73 Mon Sep 17 00:00:00 2001
From: Stanislas Lange <git@slange.me>
Date: Mon, 27 Jan 2025 00:33:02 +0100
Subject: [PATCH 3/6] Fix conditional operator

---
 wireguard-install.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wireguard-install.sh b/wireguard-install.sh
index db81d84..27535aa 100644
--- a/wireguard-install.sh
+++ b/wireguard-install.sh
@@ -282,7 +282,7 @@ PostDown = ip6tables -t nat -D POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE" >
 	echo "net.ipv4.ip_forward = 1
 net.ipv6.conf.all.forwarding = 1" >/etc/sysctl.d/wg.conf
 
-	if [[ ${OS} = 'alpine' ]]; then
+	if [[ ${OS} == 'alpine' ]]; then
 		sysctl -p /etc/sysctl.d/wg.conf
 		rc-update add sysctl
 		ln -s /etc/init.d/wg-quick "/etc/init.d/wg-quick.${SERVER_WG_NIC}"

From 2aa79bf2b5d00d6e7401a6f621aaf0e6922aebd3 Mon Sep 17 00:00:00 2001
From: Stanislas Lange <git@slange.me>
Date: Mon, 27 Jan 2025 00:34:00 +0100
Subject: [PATCH 4/6] Update shfmt action in lint workflow

---
 .github/workflows/lint.yml | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 71c569a..241ca11 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -15,8 +15,5 @@ jobs:
   shfmt:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - name: shfmt
-        uses: bltavares/actions/shfmt@master
-        env:
-          SHFMT_ARGS: -d
+      - uses: mfinelli/setup-shfmt@v3
+      - run: shfmt -d wireguard-install.bash

From f9664eb757bd8dd8ad11f23a935a8b51e7a81ec2 Mon Sep 17 00:00:00 2001
From: Stanislas Lange <git@slange.me>
Date: Mon, 27 Jan 2025 00:35:11 +0100
Subject: [PATCH 5/6] fix shfmt action

---
 .github/workflows/lint.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 241ca11..ad6d2ec 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -16,4 +16,4 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: mfinelli/setup-shfmt@v3
-      - run: shfmt -d wireguard-install.bash
+      - run: shfmt -d wireguard-install.sh

From cae93aa02cfd7fcb6a35d72e5873eeba0381beed Mon Sep 17 00:00:00 2001
From: Stanislas Lange <git@slange.me>
Date: Mon, 27 Jan 2025 00:39:29 +0100
Subject: [PATCH 6/6] Fix shfmt action

---
 .github/workflows/lint.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index ad6d2ec..67939e0 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -15,5 +15,6 @@ jobs:
   shfmt:
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/checkout@v3
       - uses: mfinelli/setup-shfmt@v3
       - run: shfmt -d wireguard-install.sh