telegram-shop/wg/start.sh

#!/bin/sh

# Load .env file into environment (overrides Docker env_file cached values)
if [ -f /app/.env ]; then
  while IFS='=' read -r key value; do
    key=$(echo "$key" | xargs)
    case "$key" in
      ''|'#'*) continue ;;
    esac
    export "$key=$value"
  done < /app/.env
fi

# Функция для отображения разделителя
print_separator() {
  echo "════════════════════════════════════════════════════════════════════════════════"
}

# Функция для отображения заголовка этапа
print_stage() {
  echo "║ 🚀 $1"
  print_separator
}

# Функция для отображения результата
print_result() {
  local status=$?
  local message=$1
  local action=$2

  if [ -n "$action" ]; then
    case "$action" in
      "created")
        echo "║ 🆕 $message"
        ;;
      "exists")
        echo "║ ✅ $message"
        ;;
      *)
        if [ $status -eq 0 ]; then
          echo "║ ✅ $message"
        else
          echo "║ ❌ $message"
        fi
        ;;
    esac
  else
    if [ $status -eq 0 ]; then
      echo "║ ✅ $message"
    else
      echo "║ ❌ $message"
    fi
  fi

  print_separator
}

# ============================================================
# WireGuard: полное отключение
# ============================================================
if [ "$WG_ENABLED" = "false" ]; then
  print_stage "WireGuard is disabled"
  print_result "Skipping WireGuard setup"
  print_stage "Starting application"
  echo "║ Application is starting..."
  exec node src/index.js
  exit 0
fi

# ============================================================
# WireGuard: включён, но нет приватного ключа — warn и skip
# ============================================================
if [ -z "$WG_PRIVATE_KEY" ]; then
  print_stage "WireGuard misconfiguration"
  echo "║ ⚠️  WG_ENABLED=true but WG_PRIVATE_KEY is empty"
  echo "║ ⚠️  Skipping WireGuard setup. Set WG_PRIVATE_KEY or set WG_ENABLED=false"
  print_result "WireGuard skipped (missing private key)"
  print_stage "Starting application"
  echo "║ Application is starting without VPN..."
  exec node src/index.js
  exit 0
fi

# ============================================================
# Генерация /etc/resolv.conf из WG_DNS
# ============================================================
print_stage "Configuring /etc/resolv.conf"
if [ -n "$WG_DNS" ]; then
  echo "║ Using DNS from env WG_DNS: $WG_DNS"
  echo "nameserver $WG_DNS" > /etc/resolv.conf
else
  echo "║ WG_DNS empty — using fallback DNS: 1.1.1.1, 8.8.8.8"
  echo "nameserver 1.1.1.1" > /etc/resolv.conf
  echo "nameserver 8.8.8.8" >> /etc/resolv.conf
fi
print_result "/etc/resolv.conf configured." "created"

# ============================================================
# Генерация /etc/wireguard/wg0.conf из env vars
# ============================================================
print_stage "Generating /etc/wireguard/wg0.conf from environment"
cat > /etc/wireguard/wg0.conf <<EOF
# Generated from environment variables at container start.
# DO NOT commit real keys to the repository.
[Interface]
PrivateKey = ${WG_PRIVATE_KEY}
Address = ${WG_ADDRESS}
DNS = ${WG_DNS}

[Peer]
PublicKey = ${WG_PUBLIC_KEY}
PresharedKey = ${WG_PRESHARED_KEY}
AllowedIPs = ${WG_ALLOWED_IPS:-0.0.0.0/0,::/0}
PersistentKeepalive = 0
Endpoint = ${WG_ENDPOINT}
EOF

chmod 600 /etc/wireguard/wg0.conf
print_result "wg0.conf generated with mode 0600." "created"

# ============================================================
# Проверка сети ДО включения WireGuard
# ============================================================
print_stage "Testing connectivity BEFORE WireGuard"
echo "║ Pinging 1.1.1.1..."
ping -c 4 1.1.1.1 > /tmp/ping.log 2>&1
if [ $? -eq 0 ]; then
  echo "║ Ping successful."
  cat /tmp/ping.log | sed 's/^/║ /'
else
  echo "║ Ping failed."
fi
print_separator

# ============================================================
# Запуск WireGuard
# ============================================================
print_stage "Starting WireGuard"
wg-quick up wg0 2>&1 | tee /tmp/wg.log
wg_status=$?
if [ $wg_status -eq 0 ]; then
  echo "║ WireGuard started successfully."
  print_result "WireGuard interface activated successfully."
else
  echo "║ WireGuard failed to start. Logs:"
  cat /tmp/wg.log | sed 's/^/║ /'
  print_result "Failed to start WireGuard interface!"
  exit 1
fi

# Проверка маршрутизации после запуска WireGuard
print_stage "Routing table AFTER WireGuard"
ip route | sed 's/^/║ /'
print_separator

# Проверка сети ПОСЛЕ включения WireGuard
print_stage "Testing connectivity AFTER WireGuard"
echo "║ Pinging 1.1.1.1..."
ping -c 4 1.1.1.1 > /tmp/ping.log 2>&1
if [ $? -eq 0 ]; then
  echo "║ Ping successful."
  cat /tmp/ping.log | sed 's/^/║ /'
else
  echo "║ Ping failed."
fi
print_separator

# Проверка DNS
print_stage "Testing DNS"
nslookup api.ipify.org > /tmp/dns.log 2>&1
if [ $? -eq 0 ]; then
  echo "║ DNS lookup successful."
  cat /tmp/dns.log | sed 's/^/║ /'
else
  echo "║ DNS lookup failed."
fi
print_separator

# Проверка подключения через icanhazip.com
print_stage "Testing external connectivity (icanhazip.com)"
echo "║ Fetching external IP..."
curl -s https://icanhazip.com > /tmp/curl.log 2>&1
if [ $? -eq 0 ]; then
  echo "║ Connection successful."
  echo "║ External IP: $(cat /tmp/curl.log)"
else
  echo "║ Connection failed."
fi
print_separator

# Запуск приложения
print_stage "Starting application"
echo "║ Application is starting..."
exec node src/index.js