Removed TOKENS_FILE and LIB_DIR from config

back/admin.Dockerfile

@@ -7,9 +7,9 @@ RUN apt-get update && apt-get install --yes \
 	&& rm -rf /var/lib/apt/lists/*
 
 # Create dirs and temp files
-RUN mkdir /usr/lib/wgapi /var/log/wgapi
-RUN touch /var/local/wgapi_tokens
-RUN chown -R www-data:www-data /usr/lib/wgapi /var/log/wgapi /var/local/wgapi_tokens
+RUN mkdir /usr/lib/wgapi /var/log/wgapi /var/local/wgapi
+RUN touch /var/local/wgapi/tokens
+RUN chown -R www-data:www-data /usr/lib/wgapi /var/log/wgapi /var/local/wgapi
 
 # Configure apache
 RUN a2enmod cgi rewrite

back/admin_peer.cgi

@@ -7,18 +7,18 @@ source /etc/wgapi/config
 case "${REQUEST_METHOD}" in
 
 	# List peers
-	'GET') "${LIB_DIR}/admin/peer/list" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
+	'GET') "/usr/lib/wgapi/admin/peer/list" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
 
 	# Add peer
-	'POST') "${LIB_DIR}/admin/peer/add" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
+	'POST') "/usr/lib/wgapi/admin/peer/add" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
 
 	# Delete peer
-	'DELETE') "${LIB_DIR}/admin/peer/del" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
+	'DELETE') "/usr/lib/wgapi/admin/peer/del" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
 
 	# Needed for CORS preflight
-	'OPTIONS') "${LIB_DIR}/http_res" 200;;
+	'OPTIONS') "/usr/lib/wgapi/http_res" 200;;
 
 	# Bad request
-	*) printf 'Invalid HTTP verb' | "${LIB_DIR}/http_res" 405;;
+	*) printf 'Invalid HTTP verb' | "/usr/lib/wgapi/http_res" 405;;
 
 esac

back/admin_user.cgi

@@ -7,14 +7,14 @@ source /etc/wgapi/config
 case "${REQUEST_METHOD}" in
 
 	# Add new user
-	'POST') "${LIB_DIR}/admin/user/add" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
+	'POST') "/usr/lib/wgapi/admin/user/add" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
 
 	# Delete user
-	'DELETE') "${LIB_DIR}/admin/user/del" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
+	'DELETE') "/usr/lib/wgapi/admin/user/del" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
 
 	# Needed for CORS preflight
-	'OPTIONS') "${LIB_DIR}/http_res" 200;;
+	'OPTIONS') "/usr/lib/wgapi/http_res" 200;;
 
 	# Bad request
-	*) printf 'Invalid HTTP verb' | "${LIB_DIR}/http_res" 405;;
+	*) printf 'Invalid HTTP verb' | "/usr/lib/wgapi/http_res" 405;;
 esac

back/dashboard.Dockerfile

@@ -7,9 +7,9 @@ RUN apt-get update && apt-get install --yes \
 	&& rm -rf /var/lib/apt/lists/*
 
 # Create dirs and temp files
-RUN mkdir /usr/lib/wgapi /var/log/wgapi
-RUN touch /var/local/wgapi_tokens
-RUN chown -R www-data:www-data /usr/lib/wgapi /var/log/wgapi /var/local/wgapi_tokens
+RUN mkdir /usr/lib/wgapi /var/log/wgapi /var/local/wgapi
+RUN touch /var/local/wgapi/tokens
+RUN chown -R www-data:www-data /usr/lib/wgapi /var/log/wgapi /var/local/wgapi
 
 # Configure apache
 RUN a2enmod cgi rewrite

back/dashboard.cgi

@@ -7,18 +7,18 @@ source /etc/wgapi/config
 case "${REQUEST_METHOD}" in
 
 	# List peers
-	'GET') "${LIB_DIR}/dashboard/peer/list" "${HTTP_X_REAL_IP}";;
+	'GET') "/usr/lib/wgapi/dashboard/peer/list" "${HTTP_X_REAL_IP}";;
 
 	# Add peer
-	'POST') "${LIB_DIR}/dashboard/peer/add" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
+	'POST') "/usr/lib/wgapi/dashboard/peer/add" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
 
 	# Delete peer
-	'DELETE') "${LIB_DIR}/dashboard/peer/del" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
+	'DELETE') "/usr/lib/wgapi/dashboard/peer/del" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
 
 	# Needed for CORS preflight
-	'OPTIONS') "${LIB_DIR}/http_res" 200;;
+	'OPTIONS') "/usr/lib/wgapi/http_res" 200;;
 
 	# Bad request
-	*) printf 'Invalid HTTP verb' | "${LIB_DIR}/http_res" 405;;
+	*) printf 'Invalid HTTP verb' | "/usr/lib/wgapi/http_res" 405;;
 
 esac

back/dashboard_ssl.cgi

@@ -7,9 +7,9 @@ source /etc/wgapi/config
 case "${REQUEST_METHOD}" in
 
 	# Get cert
-	'GET') "${LIB_DIR}/dashboard/ssl" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
+	'GET') "/usr/lib/wgapi/dashboard/ssl" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
 
 	# Bad request
-	*) printf 'Invalid HTTP verb' | "${LIB_DIR}/http_res" 405;;
+	*) printf 'Invalid HTTP verb' | "/usr/lib/wgapi/http_res" 405;;
 
 esac

back/fed.cgi

@@ -7,15 +7,15 @@ source /etc/wgapi/config
 case "${REQUEST_METHOD}" in
 
 	# Add
-	'POST') "${LIB_DIR}/fed/peer/add" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
+	'POST') "/usr/lib/wgapi/fed/peer/add" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
 
 	# Delete
-	'DELETE') "${LIB_DIR}/fed/peer/del" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
+	'DELETE') "/usr/lib/wgapi/fed/peer/del" "${HTTP_X_REAL_IP}" "${QUERY_STRING}";;
 
 	# Needed for CORS preflight
-	'OPTIONS') "${LIB_DIR}/http_res" 200;;
+	'OPTIONS') "/usr/lib/wgapi/http_res" 200;;
 
 	# Bad request
-	*) printf 'Invalid HTTP verb' | "${LIB_DIR}/http_res" 405;;
+	*) printf 'Invalid HTTP verb' | "/usr/lib/wgapi/http_res" 405;;
 
 esac

back/lib/admin/peer/add

@@ -10,9 +10,9 @@ ip="${1}" & qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
 # Check token
 token_fail(){
 	printf 'Rejecting admin %s request for new peer due to %s token\n' "${ip}" "${1}" >&2
-	printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403; exit
+	printf 'Invalid token\n' | "/usr/lib/wgapi/http_res" 403; exit
 }
-saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
+saved_token="$(grep "${ip}" /var/local/wgapi/tokens | cut -f2)"
 [ "${saved_token}" == "" ] && token_fail 'missing' &
 <<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
 printf '%s token was valid\n' "${ip}" >&2
@@ -23,9 +23,9 @@ username="$(<<<"${qs}" grep -oP 'user=(.*)' | sed 's/^user=//')"
 usernumber="$(<<<"${qs}" grep -oP 'num=(.*)' | sed 's/^num=//')"
 if ! domain="${hostname:?}.${username:?}.${TLD:?}"; then
 	printf 'ERROR! Hostname "%s" or username "%s" or tld "%s" missing!\n' "${hostname}" "${username}" "${TLD}" >&2
-	printf 'Hostname or username missing!\n' | "${LIB_DIR}/http_res" 400; exit
+	printf 'Hostname or username missing!\n' | "/usr/lib/wgapi/http_res" 400; exit
 elif [[ "${usernumber}" == "" ]]; then
-	printf 'Usernumber missing!\n' | tee >(cat 1>&2) | "${LIB_DIR}/http_res" 400; exit
+	printf 'Usernumber missing!\n' | tee >(cat 1>&2) | "/usr/lib/wgapi/http_res" 400; exit
 else
 	printf 'Admin %s requested new peer %s for user number %s\n' "${ip}" "${domain}" "${usernumber}" >&2
 fi
@@ -33,31 +33,31 @@ fi
 # Check hostname length
 if ! [[ ${#hostname} -ge 3 ]]; then
 	printf 'Rejecting hostname %s because it is too short.\n' "${hostname}" >&2
-	printf 'Hostname too short\n' | "${LIB_DIR}/http_res" 400; exit
+	printf 'Hostname too short\n' | "/usr/lib/wgapi/http_res" 400; exit
 fi
 
 # Check if new peer already exists
-if "${LIB_DIR}/ns_lookup_send" "${domain}" >/dev/null; then
-	printf 'Host %s already exists!\n' "${domain}" | tee >(cat 1>&2) | "${LIB_DIR}/http_res" 409; exit
+if "/usr/lib/wgapi/ns_lookup_send" "${domain}" >/dev/null; then
+	printf 'Host %s already exists!\n' "${domain}" | tee >(cat 1>&2) | "/usr/lib/wgapi/http_res" 409; exit
 fi
 
 # Get all peer IPs
 if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
 	printf 'ERROR! Wireguard failed!\n' >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Filter out the user's
 user_peers="$(grep "${IPV4_NET%.*.*}.${usernumber}." <<<"${wg_output}" 2>/dev/null)"
 if [ "${user_peers}" == "" ]; then
 	printf "ERROR! Couldn't find any peers for %s!\n" "${IPV4_NET%.*.*}.${usernumber}." >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Get user peer domains
-if ! peers="$("${LIB_DIR}/ips_to_peers" tsv <<<"${user_peers}")"; then
+if ! peers="$("/usr/lib/wgapi/ips_to_peers" tsv <<<"${user_peers}")"; then
 	printf 'ERROR! Failed to retrieve peers for %s!\n' "${IPV4_NET%.*.*}.${usernumber}" >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Create new IPs
@@ -72,7 +72,7 @@ ipv4="${IPV4_NET%.*.*}.${usernumber}.${hostnumber}"
 ipv6="${IPV6_NET%:*:*}:${usernumber}:${hostnumber}"
 if ! printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" >&2; then
 		printf 'ERROR! Failed to create IP addresses for %s!' "${domain}" >&2
-		"${LIB_DIR}/http_res" 500; exit
+		"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Create wg config
@@ -81,13 +81,13 @@ pubkey="$(echo "${privkey}" | /usr/bin/wg pubkey)"
 address="${ipv4}/${IPV4_NET##*/},${ipv6}/${IPV6_NET##*/}"
 
 # Update nameserver
-if "${LIB_DIR}/ns_update_add" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
+if "/usr/lib/wgapi/ns_update_add" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
 	then printf 'Successfully added %s to DNS server.\n' "${domain}" >&2
 	else printf 'ERROR! Failed to add %s %s %s to DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >&2
 fi &
 
 # Create SSL cert
-if "${LIB_DIR}/ssl_peer_add" "${hostname:?}" "${username:?}" "IP:${ipv4},IP:${ipv6}"
+if "/usr/lib/wgapi/ssl_peer_add" "${hostname:?}" "${username:?}" "IP:${ipv4},IP:${ipv6}"
 	then printf 'Successfully signed SSL certs for %s\n' "${domain}" >&2
 	else printf 'ERROR! Failed to create certs for %s with IPS: %s %s!\n' "${domain}" "${ipv4}" "${ipv6}" >&2
 fi
@@ -101,17 +101,17 @@ while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey se
 	if [ "${server_hostname}" == "${LOCAL_SERVER}" ]; then
 		server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/${IPV4_NET#*/},${server_ipv6}/${IPV6_NET#*/}\nEndpoint=${server_endpoint}\n"
 		# Add new user to local wireguard
-		if "${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128"; then
+		if "/usr/lib/wgapi/wg_peer_add" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128"; then
 			printf 'Added %s to local wireguard server.\n' "${domain}" >&2
 		else
 			printf 'ERROR! Failed to add %s to local wireguard server!\n' "${domain}" >&2
-			"${LIB_DIR}/http_res" 500; exit
+			"/usr/lib/wgapi/http_res" 500; exit
 		fi
 	# Remote server
 	else
 		server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/32,${server_ipv6}/128\nEndpoint=${server_endpoint}\n"
 		# Send new user config to federated server
-		if "${LIB_DIR}/fed_peer_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
+		if "/usr/lib/wgapi/fed_peer_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
 			printf 'Sent %s to remote wireguard server %s.\n' "${domain}" "${server_hostname}" >&2
 		else
 			printf 'ERROR! Failed to send %s to remote wireguard server %s!\n' "${domain}" "${server_hostname}" >&2
@@ -119,4 +119,4 @@ while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey se
 	fi
 done </etc/wgapi/servers
 wg_config="[Interface] # ${hostname}.${username}.${TLD}\nPrivateKey=${privkey:?}\nAddress=${address:?}\n${WG_DNS}\n${server_blocks:?}"
-<<<"${wg_config}" "${LIB_DIR}/http_res" 202
+<<<"${wg_config}" "/usr/lib/wgapi/http_res" 202

back/lib/admin/peer/del

@@ -14,9 +14,9 @@ printf '%s requested to delete %s\n' "${ip}" "${pubkey}" >&2
 # Check token
 token_fail(){
 	printf 'Rejecting admin %s request to delete peer due to %s token\n' "${ip}" "${1}" >&2
-	printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403; exit
+	printf 'Invalid token\n' | "/usr/lib/wgapi/http_res" 403; exit
 }
-saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
+saved_token="$(grep "${ip}" /var/local/wgapi/tokens | cut -f2)"
 [ "${saved_token}" == "" ] && token_fail 'missing' &
 <<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
 printf '%s token was valid\n' "${ip}" >&2
@@ -24,33 +24,33 @@ printf '%s token was valid\n' "${ip}" >&2
 # Get peer IP list
 if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
 	printf 'ERROR! Wireguard failed!\n' >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Filter out this user's
 user_peer="$(grep "${pubkey}" <<<"${wg_output}" 2>/dev/null)"
 if [ "${user_peer}" == "" ]; then
 	printf 'ERROR! Could not find user for pubkey %s!\n' "${pubkey}" >&2
-	printf 'Peer not found' | "${LIB_DIR}/http_res" 404; exit
+	printf 'Peer not found' | "/usr/lib/wgapi/http_res" 404; exit
 fi
 
 # Get peer domains
-if ! peer="$("${LIB_DIR}/ips_to_peers" tsv <<<"${user_peer}" | grep "${pubkey}")"; then
+if ! peer="$("/usr/lib/wgapi/ips_to_peers" tsv <<<"${user_peer}" | grep "${pubkey}")"; then
 	printf 'ERROR! Failed to lookup domain for pubkey %s!\n' "${pubkey}" >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
 domain="$(<<<"${peer}" cut -f1)"
 ipv4="$(<<<"${peer}" cut -f2)"
 ipv6="$(<<<"${peer}" cut -f3)"
 if ! printf 'Delete request was for %s %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" >&2; then
 	printf 'ERROR! Failed to collect peer data: %s %s %s\n' "${domain}" "${ipv4}" "${ipv6}" >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Make sure admin isn't deleting their own peer
 if [ "${ip}" == "${ipv4}" ] || [ "${ip}" == "${ipv6}" ]; then
 	printf 'Admin requested to delete peer from itself: %s.\n' "${ip}" >&2
-	printf 'You cannot delete a peer from itself!' | "${LIB_DIR}/http_res" 400; exit
+	printf 'You cannot delete a peer from itself!' | "/usr/lib/wgapi/http_res" 400; exit
 fi
 
 hostname="$(<<<"${domain}" cut -d'.' -f1)"
@@ -65,20 +65,20 @@ for_server_do() {
 	server_endpoint="${5}"; server_admin="${6}"; server_secret="${7}"
 	if [ "${server_hostname}" == "${LOCAL_SERVER}" ]; then
 		# Local server
-		if "${LIB_DIR}/wg_peer_del" "${pubkey}"; then
+		if "/usr/lib/wgapi/wg_peer_del" "${pubkey}"; then
 			printf 'Deleted %s from local wireguard server.\n' "${domain}" >&2
 		else
 			printf 'ERROR! Failed to delete %s from local wireguard server!\n' "${domain}" >&2
 			# TODO: clear existing progress
-			"${LIB_DIR}/http_res" 500; exit
+			"/usr/lib/wgapi/http_res" 500; exit
 		fi
 	else
 		# Federated server
-		if "${LIB_DIR}/fed_peer_del" "${server_admin}" "${pubkey}"; then
+		if "/usr/lib/wgapi/fed_peer_del" "${server_admin}" "${pubkey}"; then
 			printf 'Deleted %s from remote wireguard server %s.\n' "${domain}" "${server_hostname}" >&2
 		else
 			printf 'ERROR! Failed to delete %s from remote wireguard server %s!\n' "${domain}" "${server_hostname}" >&2
-			"${LIB_DIR}/http_res" 500; exit
+			"/usr/lib/wgapi/http_res" 500; exit
 		fi
 	fi
 }; while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey server_endpoint server_admin server_secret
@@ -86,13 +86,13 @@ for_server_do() {
 done </etc/wgapi/servers &
 
 # Update nameserver
-if "${LIB_DIR}/ns_update_del" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
+if "/usr/lib/wgapi/ns_update_del" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
 	then printf 'Successfully deleted %s from DNS server.\n' "${domain}" >&2
 	else printf 'ERROR! Failed to delete %s %s %s from DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >&2
 fi &
 
 # Delete SSL cert
-if "${LIB_DIR}/ssl_peer_del" "${hostname:?}" "${username:?}"
+if "/usr/lib/wgapi/ssl_peer_del" "${hostname:?}" "${username:?}"
 	then printf 'Successfully deleted SSL certs for %s\n' "${domain}" >&2
 	else printf 'ERROR! Failed to delete certs for %s!\n' "${domain}" >&2
 fi
@@ -101,4 +101,4 @@ fi
 # Do it before updating nameserver and certs because
 # if wireguard worked, there's no going back.  The admin
 # can clean up missing records and certs after checking the logs
-printf 'Deleted %s.%s.%s' "${hostname}" "${username}" "${TLD}" | "${LIB_DIR}/http_res" 202
+printf 'Deleted %s.%s.%s' "${hostname}" "${username}" "${TLD}" | "/usr/lib/wgapi/http_res" 202

back/lib/admin/peer/list

@@ -10,17 +10,17 @@ un="$(<<<"${qs}" grep -oP 'un=(.*)' | sed 's/^un=//' | xargs)"
 printf 'Admin %s requested peer listing...\n' "${ip}" >&2
 
 # Create token if needed
-token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
+token="$(grep "${ip}" /var/local/wgapi/tokens | cut -f2)"
 if [ "${token}" == "" ]; then
 	printf 'Creating token for %s...\n' "${ip}" >&2
 	token="$(</dev/urandom tr -dc '[:alnum:]' | fold -w64 | head -n1)"
-	printf '%s\t%s\n' "${ip}" "${token}" >>"${TOKENS_FILE}"
+	printf '%s\t%s\n' "${ip}" "${token}" >>/var/local/wgapi/tokens
 fi
 
 # Get peer IP list
 if ! peers="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
 	printf 'ERROR! Wireguard failed!\n' >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Filter out single user (if provided)
@@ -28,15 +28,15 @@ if [ "${un}" != '' ]; then
 	peers="$(grep "${IPV4_NET%.*.*}\.${un}\." <<<"${peers}" 2>/dev/null)"
 	if [ "${peers}" == '' ]; then
 		printf 'User number %s not found!\n' "${un}" >&2
-		printf 'User not found!\n' | "${LIB_DIR}/http_res" 404; exit
+		printf 'User not found!\n' | "/usr/lib/wgapi/http_res" 404; exit
 	fi
 fi
 
 # Get domains for each peer
-if peers="[$("${LIB_DIR}/ips_to_peers" json <<<"${peers}")]"; then
-	printf '{"token":"%s","peers":%s}' "${token:?}" "${peers:?}" | "${LIB_DIR}/http_res" 200 'application/json'
+if peers="[$("/usr/lib/wgapi/ips_to_peers" json <<<"${peers}")]"; then
+	printf '{"token":"%s","peers":%s}' "${token:?}" "${peers:?}" | "/usr/lib/wgapi/http_res" 200 'application/json'
 	printf 'Sent peers to admin %s\n' "${ip}" >&2
 else
 	printf 'ERROR: Failed to lookup user domain: %s\n' "${ip}" >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi

back/lib/admin/user/add

@@ -10,9 +10,9 @@ ip="${1}" & qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
 # Check token
 token_fail(){
 	printf 'Rejecting admin %s request for new peer due to %s token\n' "${ip}" "${1}" >&2
-	printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403; exit
+	printf 'Invalid token\n' | "/usr/lib/wgapi/http_res" 403; exit
 }
-saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
+saved_token="$(grep "${ip}" /var/local/wgapi/tokens | cut -f2)"
 [ "${saved_token}" == "" ] && token_fail 'missing' &
 <<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
 printf '%s token was valid\n' "${ip}" >&2
@@ -22,28 +22,28 @@ hostname="$(<<<"${qs}" grep -oP 'host=(.*)' | sed 's/^host=//' | xargs | tr -dc
 username="$(<<<"${qs}" grep -oP 'user=(.*)' | sed 's/^user=//' | xargs | tr -dc 'a-z0-9' | head -c10)"
 if ! domain="${hostname:?}.${username:?}.${TLD:?}"; then
 	printf 'ERROR! Hostname "%s" or username "%s" or tld "%s" missing!\n' "${hostname}" "${username}" "${TLD}" >&2
-	printf 'Hostname or username missing!\n' | "${LIB_DIR}/http_res" 400; exit
+	printf 'Hostname or username missing!\n' | "/usr/lib/wgapi/http_res" 400; exit
 else
 	printf 'Admin %s requested new user created with initial peer of %s\n' "${ip}" "${domain}" >&2
 fi
 if ! [[ ${#hostname} -ge 3 ]]; then
 	printf 'Rejecting hostname %s because it is too short.\n' "${hostname}" >&2
-	printf 'Hostname too short\n' | "${LIB_DIR}/http_res" 400; exit
+	printf 'Hostname too short\n' | "/usr/lib/wgapi/http_res" 400; exit
 elif ! [[ ${#username} -ge 3 ]]; then
 	printf 'Rejecting username %s because it is too short.\n' "${username}" >&2
-	printf 'Username too short\n' | "${LIB_DIR}/http_res" 400; exit
+	printf 'Username too short\n' | "/usr/lib/wgapi/http_res" 400; exit
 fi
 
 # Check if user already exists
-if "${LIB_DIR}/ns_lookup_rxfr" | grep ".${username}.${TLD}" >/dev/null; then
-	printf 'User %s already exists!\n' "${username}" | tee >(cat 1>&2) | "${LIB_DIR}/http_res" 409
+if "/usr/lib/wgapi/ns_lookup_rxfr" | grep ".${username}.${TLD}" >/dev/null; then
+	printf 'User %s already exists!\n' "${username}" | tee >(cat 1>&2) | "/usr/lib/wgapi/http_res" 409
 	exit
 fi
 
 # Get all peer IPs
 if ! peers="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
 	printf 'ERROR! Wireguard failed!\n' >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Create new IPs
@@ -59,7 +59,7 @@ ipv4="${IPV4_NET%.*.*}.${usernumber}.${hostnumber}"
 ipv6="${IPV6_NET%:*:*}:${usernumber}:${hostnumber}"
 if ! printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" >&2; then
 		printf 'ERROR! Failed to create IP addresses for %s!' "${domain}" >&2
-		"${LIB_DIR}/http_res" 500; exit
+		"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Create wg config
@@ -68,7 +68,7 @@ pubkey="$(echo "${privkey}" | /usr/bin/wg pubkey)"
 address="${ipv4}/${IPV4_NET##*/},${ipv6}/${IPV6_NET##*/}"
 
 # Update nameserver
-if "${LIB_DIR}/ns_update_add" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
+if "/usr/lib/wgapi/ns_update_add" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
 	then printf 'Successfully added %s to DNS server.\n' "${domain}" >&2
 	else printf 'ERROR! Failed to add %s %s %s to DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >&2
 fi &
@@ -76,9 +76,9 @@ fi &
 # Create SSL cert
 if ! sudo mkdir "${SSL_CONFIG_DIR:?}/${username:?}/"; then
 	printf 'Failed to create directory %s/%s/:\n' "${SSL_CONFIG_DIR}" "${username}" >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
-if "${LIB_DIR}/ssl_peer_add" "${hostname:?}" "${username:?}" "IP:${ipv4},IP:${ipv6}"
+if "/usr/lib/wgapi/ssl_peer_add" "${hostname:?}" "${username:?}" "IP:${ipv4},IP:${ipv6}"
 	then printf 'Successfully signed SSL certs for %s\n' "${domain}" >&2
 	else printf 'ERROR! Failed to create certs for %s with IPS: %s %s!\n' "${domain}" "${ipv4}" "${ipv6}" >&2
 fi
@@ -92,18 +92,18 @@ while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey se
 	if [ "${server_hostname}" == "${LOCAL_SERVER}" ]; then
 		server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/${IPV4_NET#*/},${server_ipv6}/${IPV6_NET#*/}\nEndpoint=${server_endpoint}\n"
 		# Add new user to local wireguard
-		if "${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128"; then
+		if "/usr/lib/wgapi/wg_peer_add" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128"; then
 			printf 'Added %s to local wireguard server.\n' "${domain}" >&2
 		else
 			printf 'ERROR! Failed to add %s to local wireguard server!\n' "${domain}" >&2
 			# TODO: clear existing progress
-			"${LIB_DIR}/http_res" 500; exit
+			"/usr/lib/wgapi/http_res" 500; exit
 		fi
 	# Remote server
 	else
 		server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/32,${server_ipv6}/128\nEndpoint=${server_endpoint}\n"
 		# Send new user config to federated server
-		if "${LIB_DIR}/fed_peer_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
+		if "/usr/lib/wgapi/fed_peer_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
 			printf 'Sent %s to remote wireguard server %s.\n' "${domain}" "${server_hostname}" >&2
 		else
 			printf 'ERROR! Failed to send %s to remote wireguard server %s!\n' "${domain}" "${server_hostname}" >&2
@@ -111,4 +111,4 @@ while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey se
 	fi
 done </etc/wgapi/servers
 wg_config="[Interface] # ${hostname}.${username}.${TLD}\nPrivateKey=${privkey:?}\nAddress=${address:?}\n${WG_DNS}\n${server_blocks:?}"
-<<<"${wg_config}" "${LIB_DIR}/http_res" 202
+<<<"${wg_config}" "/usr/lib/wgapi/http_res" 202

back/lib/admin/user/del

@@ -10,9 +10,9 @@ ip="${1}" & qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"
 # Check token
 token_fail(){
 	printf 'Rejecting admin %s request for new peer due to %s token\n' "${ip}" "${1}" >&2
-	printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403; exit
+	printf 'Invalid token\n' | "/usr/lib/wgapi/http_res" 403; exit
 }
-saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
+saved_token="$(grep "${ip}" /var/local/wgapi/tokens | cut -f2)"
 [ "${saved_token}" == "" ] && token_fail 'missing' &
 <<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
 printf '%s token was valid\n' "${ip}" >&2
@@ -21,9 +21,9 @@ printf '%s token was valid\n' "${ip}" >&2
 username="$(<<<"${qs}" grep -oP 'user=(.*)' | sed 's/^user=//')"
 usernumber="$(<<<"${qs}" grep -oP 'un=(.*)' | sed 's/^un=//')"
 if [[ "${username}" == "" ]]; then
-	printf 'ERROR! Username missing!\n' | tee >(cat 1>&2) | "${LIB_DIR}/http_res" 400; exit
+	printf 'ERROR! Username missing!\n' | tee >(cat 1>&2) | "/usr/lib/wgapi/http_res" 400; exit
 elif [[ "${usernumber}" == "" ]]; then
-	printf 'ERROR! Usernumber missing!\n' | tee >(cat 1>&2) |"${LIB_DIR}/http_res" 400; exit
+	printf 'ERROR! Usernumber missing!\n' | tee >(cat 1>&2) |"/usr/lib/wgapi/http_res" 400; exit
 else
 	printf 'Admin %s requested deletion of user "%s" with usernumber "%s"\n' "${ip}" "${username}" "${usernumber}" >&2
 fi
@@ -31,20 +31,20 @@ fi
 # Get all peer IPs
 if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
 	printf 'ERROR! Wireguard failed!\n' >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Filter out the user's
 user_peers="$(grep "${IPV4_NET%.*.*}.${usernumber}." <<<"${wg_output}" 2>/dev/null)"
 if [ "${user_peers}" == "" ]; then
 	printf "ERROR! Couldn't find any peers for %s!\n" "${IPV4_NET%.*.*}.${usernumber}." >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Get user peer domains
-if ! peers="$("${LIB_DIR}/ips_to_peers" tsv <<<"${user_peers}")"; then
+if ! peers="$("/usr/lib/wgapi/ips_to_peers" tsv <<<"${user_peers}")"; then
 	printf 'ERROR! Failed to retrieve domains for peers for %s!\n' "${IPV4_NET%.*.*}.${usernumber}" >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Run this function in parallel in the while loop below
@@ -55,20 +55,20 @@ for_server_do() {
 	server_endpoint="${5}"; server_admin="${6}"; server_secret="${7}"
 	if [ "${server_hostname}" == "${LOCAL_SERVER}" ]; then
 		# Local server
-		if "${LIB_DIR}/wg_peer_del" "${pubkey}"; then
+		if "/usr/lib/wgapi/wg_peer_del" "${pubkey}"; then
 			printf 'Deleted %s from local wireguard server.\n' "${domain}" >&2
 		else
 			printf 'ERROR! Failed to delete %s from local wireguard server!\n' "${domain}" >&2
 			# TODO: clear existing progress
-			"${LIB_DIR}/http_res" 500; exit
+			"/usr/lib/wgapi/http_res" 500; exit
 		fi
 	else
 		# Federated server
-		if "${LIB_DIR}/fed_peer_del" "${server_admin}" "${pubkey}"; then
+		if "/usr/lib/wgapi/fed_peer_del" "${server_admin}" "${pubkey}"; then
 			printf 'Deleted %s from remote wireguard server %s.\n' "${domain}" "${server_hostname}" >&2
 		else
 			printf 'ERROR! Failed to delete %s from remote wireguard server %s!\n' "${domain}" "${server_hostname}" >&2
-			"${LIB_DIR}/http_res" 500; exit
+			"/usr/lib/wgapi/http_res" 500; exit
 		fi
 	fi
 }
@@ -85,7 +85,7 @@ delete_peer() {
 	done </etc/wgapi/servers &
 
 	# Remove peer from nameserver
-	if "${LIB_DIR}/ns_update_del" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
+	if "/usr/lib/wgapi/ns_update_del" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
 		then printf 'Successfully deleted %s from DNS server.\n' "${domain}" >&2
 		else printf 'ERROR! Failed to delete %s %s %s from DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >&2
 	fi
@@ -104,4 +104,4 @@ fi
 # Do it before updating nameserver and certs because
 # if wireguard worked, there's no going back.  The admin
 # can clean up missing records and certs after checking the logs
-printf 'Deleted %s' "${username}" | "${LIB_DIR}/http_res" 202
+printf 'Deleted %s' "${username}" | "/usr/lib/wgapi/http_res" 202

back/lib/dashboard/peer/add

@@ -12,31 +12,31 @@ hostname="$(<<<"${qs}" grep -oP 'name=(.*)' | sed 's/^name//' | xargs | tr -dc '
 printf '%s requested new peer with hostname %s\n' "${ip}" "${hostname}" >&2
 if ! [[ ${#hostname} -ge 3 ]]; then
 	printf 'Rejecting hostname %s because it is too short.\n' "${hostname}" >&2
-	printf 'Hostname too short\n' | "${LIB_DIR}/http_res" 400; exit
+	printf 'Hostname too short\n' | "/usr/lib/wgapi/http_res" 400; exit
 fi
 
 # Check token
 token_fail(){
 	printf 'Rejecting %s request for new peer due to %s token\n' "${ip}" "${1}" >&2
-	printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403; exit
+	printf 'Invalid token\n' | "/usr/lib/wgapi/http_res" 403; exit
 }
-saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
+saved_token="$(grep "${ip}" /var/local/wgapi/tokens | cut -f2)"
 [ "${saved_token}" == "" ] && token_fail 'missing' &
 <<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
 printf '%s token was valid\n' "${ip}" >&2
 
 # Check user
-username="$("${LIB_DIR}/ns_lookup_rdns" "${ip}" | cut -d'.' -f2)" || (
+username="$("/usr/lib/wgapi/ns_lookup_rdns" "${ip}" | cut -d'.' -f2)" || (
 	printf 'User domains not found for %s\n' "${ip}" >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 )
 printf '%s identified as %s\n' "${ip}" "${username}" >&2
 domain="${hostname}.${username}.${TLD}"
 
 # Check if new peer already exists
-if "${LIB_DIR}/ns_lookup_send" "${domain}" >/dev/null; then
+if "/usr/lib/wgapi/ns_lookup_send" "${domain}" >/dev/null; then
 	printf '%s.%s.%s already exists!\n' "${hostname}" "${username}" "${TLD}" >&2
-	printf 'Hostname %s already exists!\n' "${hostname}" | "${LIB_DIR}/http_res" 409; exit
+	printf 'Hostname %s already exists!\n' "${hostname}" | "/usr/lib/wgapi/http_res" 409; exit
 fi
 
 # Create new domain
@@ -46,27 +46,27 @@ printf 'New domain will be %s\n' "${domain}" >&2
 # Get peer IP list
 if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
 	printf 'ERROR! Wireguard failed!\n' >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Filter out this user's
 user_peers="$(grep "${ip%[.:]*}" <<<"${wg_output}" 2>/dev/null)"
 if [ "${user_peers}" == "" ]; then
 	printf "ERROR! %s accessed the dashboard but isn't on the network!\n" "${ip}" >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Get domains
-if ! peers="$("${LIB_DIR}/ips_to_peers" tsv <<<"${user_peers}")"; then
+if ! peers="$("/usr/lib/wgapi/ips_to_peers" tsv <<<"${user_peers}")"; then
 	printf 'ERROR! Failed to parse peers for %s!\n' "${ip}" >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Make sure hostname isn't taken
 hostnames="$(<<<"${peers}" awk '{print $1}' | cut -d'.' -f1)"
 if <<<"${hostnames}" grep -x "${hostname}"; then
 	printf 'User %s already has a host named %s!\n' "${username}" "${hostname}" >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Create new IPs
@@ -82,7 +82,7 @@ ipv4="${IPV4_NET%.*.*}.${usernumber}.${hostnumber}"
 ipv6="${IPV6_NET%:*:*}:${usernumber}:${hostnumber}"
 if ! printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" >&2; then
 		printf 'ERROR! Failed to create IP addresses for %s!' "${domain}" >&2
-		"${LIB_DIR}/http_res" 500; exit
+		"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Create wg config
@@ -91,13 +91,13 @@ pubkey="$(echo "${privkey}" | /usr/bin/wg pubkey)"
 address="${ipv4}/${IPV4_NET##*/},${ipv6}/${IPV6_NET##*/}"
 
 # Update nameserver
-if "${LIB_DIR}/ns_update_add" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
+if "/usr/lib/wgapi/ns_update_add" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
 	then printf 'Successfully added %s to DNS server.\n' "${domain}" >&2
 	else printf 'ERROR! Failed to add %s %s %s to DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >&2
 fi &
 
 # Create SSL cert
-if "${LIB_DIR}/ssl_peer_add" "${hostname:?}" "${username:?}" "IP:${ipv4},IP:${ipv6}"
+if "/usr/lib/wgapi/ssl_peer_add" "${hostname:?}" "${username:?}" "IP:${ipv4},IP:${ipv6}"
 	then printf 'Successfully signed SSL certs for %s\n' "${domain}" >&2
 	else printf 'ERROR! Failed to create certs for %s with IPS: %s %s!\n' "${domain}" "${ipv4}" "${ipv6}" >&2
 fi
@@ -111,17 +111,17 @@ while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey se
 	if [ "${server_hostname}" == "${LOCAL_SERVER}" ]; then
 		server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/${IPV4_NET#*/},${server_ipv6}/${IPV6_NET#*/}\nEndpoint=${server_endpoint}\n"
 		# Add new user to local wireguard
-		if "${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128"; then
+		if "/usr/lib/wgapi/wg_peer_add" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128"; then
 			printf 'Added %s to local wireguard server.\n' "${domain}" >&2
 		else
 			printf 'ERROR! Failed to add %s to local wireguard server!\n' "${domain}" >&2
-			"${LIB_DIR}/http_res" 500; exit
+			"/usr/lib/wgapi/http_res" 500; exit
 		fi
 	# Remote server
 	else
 		server_blocks="${server_blocks}\n[Peer] # ${server_hostname}.${TLD}\nPublicKey=${server_pubkey}\nPresharedKey=${server_psk}\nAllowedIPs=${server_ipv4}/32,${server_ipv6}/128\nEndpoint=${server_endpoint}\n"
 		# Send new user config to federated server
-		if "${LIB_DIR}/fed_peer_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
+		if "/usr/lib/wgapi/fed_peer_add" "${server_admin}" "${pubkey}" "${server_psk}" "${ipv4}/32,${ipv6}/128" "${server_secret}"; then
 			printf 'Sent %s to remote wireguard server %s.\n' "${domain}" "${server_hostname}" >&2
 		else
 			printf 'ERROR! Failed to send %s to remote wireguard server %s!\n' "${domain}" "${server_hostname}" >&2
@@ -129,4 +129,4 @@ while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey se
 	fi
 done </etc/wgapi/servers
 wg_config="[Interface] # ${hostname}.${username}.${TLD}\nPrivateKey=${privkey:?}\nAddress=${address:?}\n${WG_DNS}\n${server_blocks:?}"
-<<<"${wg_config}" "${LIB_DIR}/http_res" 202
+<<<"${wg_config}" "/usr/lib/wgapi/http_res" 202

back/lib/dashboard/peer/del

@@ -14,9 +14,9 @@ printf '%s requested to delete %s\n' "${ip}" "${pubkey:?}" >&2
 # Check token
 token_fail(){
 	printf 'Rejecting %s request to delete peer due to %s token\n' "${ip}" "${1}" >&2
-	printf 'Invalid token\n' | "${LIB_DIR}/http_res" 403; exit
+	printf 'Invalid token\n' | "/usr/lib/wgapi/http_res" 403; exit
 }
-saved_token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
+saved_token="$(grep "${ip}" /var/local/wgapi/tokens | cut -f2)"
 [ "${saved_token}" == "" ] && token_fail 'missing' &
 <<<"${qs}" grep -qx "t=${saved_token}" || token_fail 'mismatched'
 printf '%s token was valid\n' "${ip}" >&2
@@ -24,33 +24,33 @@ printf '%s token was valid\n' "${ip}" >&2
 # Get peer IP list
 if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
 	printf 'ERROR! Wireguard failed!\n' >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Filter out this user's
 user_peers="$(grep "${ip%[.:]*}" <<<"${wg_output}" 2>/dev/null)"
 if [ "${user_peers}" == "" ]; then
 	printf "ERROR! %s accessed the dashboard but isn't on the network!\n" "${ip}" >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Get peer domains
-if ! peer="$("${LIB_DIR}/ips_to_peers" tsv <<<"${user_peers}" | grep "${pubkey}")"; then
+if ! peer="$("/usr/lib/wgapi/ips_to_peers" tsv <<<"${user_peers}" | grep "${pubkey}")"; then
 	printf 'ERROR! Peer %s not found for user %s!\n' "${pubkey}" "${ip}" >&2 &
-	printf 'Peer not found\n' | "${LIB_DIR}/http_res" 404; exit
+	printf 'Peer not found\n' | "/usr/lib/wgapi/http_res" 404; exit
 fi
 domain="$(<<<"${peer}" cut -f1)"
 ipv4="$(<<<"${peer}" cut -f2)"
 ipv6="$(<<<"${peer}" cut -f3)"
 if ! printf 'Delete request was for %s %s %s\n' "${domain:?}" "${ipv4:?}" "${ipv6:?}" >&2; then
 	printf 'ERROR! Failed to collect peer data: %s %s %s\n' "${domain}" "${ipv4}" "${ipv6}" >&2 &
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Make sure user isn't deleting their own peer
 if [ "${ip}" == "${ipv4}" ] || [ "${ip}" == "${ipv6}" ]; then
 	printf 'User requested to delete peer from itself: %s.\n' "${ip}" >&2
-	printf 'You cannot delete a peer from itself!' | "${LIB_DIR}/http_res" 400; exit
+	printf 'You cannot delete a peer from itself!' | "/usr/lib/wgapi/http_res" 400; exit
 fi
 
 hostname="$(<<<"${domain}" cut -d'.' -f1)"
@@ -65,20 +65,20 @@ for_server_do() {
 	server_endpoint="${5}"; server_admin="${6}"; server_secret="${7}"
 	if [ "${server_hostname}" == "${LOCAL_SERVER}" ]; then
 		# Local server
-		if "${LIB_DIR}/wg_peer_del" "${pubkey}"; then
+		if "/usr/lib/wgapi/wg_peer_del" "${pubkey}"; then
 			printf 'Deleted %s from local wireguard server.\n' "${domain}" >&2
 		else
 			printf 'ERROR! Failed to delete %s from local wireguard server!\n' "${domain}" >&2
 			# TODO: clear existing progress
-			"${LIB_DIR}/http_res" 500; exit
+			"/usr/lib/wgapi/http_res" 500; exit
 		fi
 	else
 		# Federated server
-		if "${LIB_DIR}/fed_peer_del" "${server_admin}" "${pubkey}"; then
+		if "/usr/lib/wgapi/fed_peer_del" "${server_admin}" "${pubkey}"; then
 			printf 'Deleted %s from remote wireguard server %s.\n' "${domain}" "${server_hostname}" >&2
 		else
 			printf 'ERROR! Failed to delete %s from remote wireguard server %s!\n' "${domain}" "${server_hostname}" >&2
-			"${LIB_DIR}/http_res" 500; exit
+			"/usr/lib/wgapi/http_res" 500; exit
 		fi
 	fi
 }; while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey server_endpoint server_admin server_secret
@@ -86,13 +86,13 @@ for_server_do() {
 done </etc/wgapi/servers &
 
 # Update nameserver
-if "${LIB_DIR}/ns_update_del" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
+if "/usr/lib/wgapi/ns_update_del" "${domain:?}" "${ipv4:?}" "${ipv6:?}"
 	then printf 'Successfully deleted %s from DNS server.\n' "${domain}" >&2
 	else printf 'ERROR! Failed to delete %s %s %s from DNS server!\n' "${domain}" "${ipv4}" "${ipv6}" >&2
 fi &
 
 # Create SSL cert
-if "${LIB_DIR}/ssl_peer_del" "${hostname:?}" "${username:?}"
+if "/usr/lib/wgapi/ssl_peer_del" "${hostname:?}" "${username:?}"
 	then printf 'Successfully deleted SSL certs for %s\n' "${domain}" >&2
 	else printf 'ERROR! Failed to delete certs for %s!\n' "${domain}" >&2
 fi
@@ -101,4 +101,4 @@ fi
 # Do it before updating nameserver and certs because
 # if wireguard worked, there's no going back.  The admin
 # can clean up missing records and certs after checking the logs
-printf 'Deleted %s.%s.%s' "${hostname}" "${username}" "${TLD}" | "${LIB_DIR}/http_res" 202
+printf 'Deleted %s.%s.%s' "${hostname}" "${username}" "${TLD}" | "/usr/lib/wgapi/http_res" 202

back/lib/dashboard/peer/list

@@ -8,31 +8,31 @@ ip="${1}"
 printf '%s requested peer listing...\n' "${ip}" >&2
 
 # Create token if needed
-token="$(grep "${ip}" "${TOKENS_FILE}" | cut -f2)"
+token="$(grep "${ip}" /var/local/wgapi/tokens | cut -f2)"
 if [ "${token}" == "" ]; then
 	printf 'Creating token for %s...\n' "${ip}" >&2
 	token="$(</dev/urandom tr -dc '[:alnum:]' | fold -w 64 | head -n 1)"
-	printf '%s\t%s\n' "${ip}" "${token}" >>"${TOKENS_FILE}"
+	printf '%s\t%s\n' "${ip}" "${token}" >>/var/local/wgapi/tokens
 fi
 
 # Get peer IP list
 if ! wg_output="$(sudo /usr/bin/wg show "${TLD}" allowed-ips)"; then
 	printf 'ERROR! Wireguard failed!\n' >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Filter out this user's
 user_peers="$(grep "${ip%[.:]*}" <<<"${wg_output}" 2>/dev/null)"
 if [ "${user_peers}" == '' ]; then
 	printf "ERROR! %s accessed the dashboard but isn't on the network!\n" "${ip}" >&2
-	printf 'User not found!\n' | "${LIB_DIR}/http_res" 403; exit
+	printf 'User not found!\n' | "/usr/lib/wgapi/http_res" 403; exit
 fi
 
 # Get domains for each one
-if peers="[$("${LIB_DIR}/ips_to_peers" json <<<"${user_peers}")]"; then
-	printf '{"token":"%s","peers":%s}' "${token}" "${peers}" | "${LIB_DIR}/http_res" 200 'application/json'
+if peers="[$("/usr/lib/wgapi/ips_to_peers" json <<<"${user_peers}")]"; then
+	printf '{"token":"%s","peers":%s}' "${token}" "${peers}" | "/usr/lib/wgapi/http_res" 200 'application/json'
 	printf 'Sent peers to user %s\n' "${ip}" >&2
 else
 	printf 'ERROR: Failed to lookup domains for user: %s\n' "${ip}" >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi

back/lib/dashboard/ssl

@@ -13,42 +13,42 @@ ext="$(<<<"${qs}" grep -oP 'ext=(.*)' | sed 's/^ext=//' | xargs)"
 
 if ! file="${hostname:?}/server.${ext:?}"; then
 	printf 'ERROR! Hostname "%s" or extension "%s" missing!\n' "${hostname}" "${ext}" >&2
-	printf 'Hostname or extension missing!\n' | "${LIB_DIR}/http_res" 400; exit
+	printf 'Hostname or extension missing!\n' | "/usr/lib/wgapi/http_res" 400; exit
 else
 	printf 'User %s requested SSL file %s\n' "${ip}" "${file}" >&2
 fi
 
 # Make sure extension is 'crt' or 'key'
 if [ "${ext}" != 'crt' ] && [ "${ext}" != 'key' ]; then
-	printf 'Invalid extension: %s\n' "${ext}" | tee >(cat 1>&2) | "${LIB_DIR}/http_res" 400; exit
+	printf 'Invalid extension: %s\n' "${ext}" | tee >(cat 1>&2) | "/usr/lib/wgapi/http_res" 400; exit
 fi
 
 # Get username
-if ! domain="$("${LIB_DIR}/ns_lookup_rdns" "${ip}")"; then
-	printf 'ERROR! Failed to lookup domain from user IP %s\n' "${ip}" | tee >(cat 1>&2) | "${LIB_DIR}/http_res" 500
+if ! domain="$("/usr/lib/wgapi/ns_lookup_rdns" "${ip}")"; then
+	printf 'ERROR! Failed to lookup domain from user IP %s\n' "${ip}" | tee >(cat 1>&2) | "/usr/lib/wgapi/http_res" 500
 	exit 7
 fi; if ! username="$(<<<"${domain}" cut -d'.' -f2)"; then
 	printf 'ERROR! Failed to parse username from domain "%s"\n' "${domain}" >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 else
 	printf 'User %s is "%s"\n' "${ip}" "${username}" >&2
 fi
 
 if ! path="${SSL_CONFIG_DIR:?}/${username:?}/${file}"; then
 	printf 'ERROR! Username "%s" or SSL_CONFIG_DIR "%s" missing!\n' "${username}" "${SSL_CONFIG_DIR}" >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Check that the file exists
 if ! [ -f "${path}" ]; then
 	printf 'ERROR! File missing: "%s"\n' "${path}" >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
 
 # Try to return it to the user
-if <"${path}" "${LIB_DIR}/http_res" 200; then
+if <"${path}" "/usr/lib/wgapi/http_res" 200; then
 	printf 'Sent SSL file "%s" to %s\n' "${path}" "${username}" >&2
 else
 	printf 'ERROR! Failed to return file: "%s"\n' "${path}" >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi

back/lib/fed/peer/add

@@ -13,14 +13,14 @@ allowedips="$(<<<"${qs}" grep -oP 'ips=(.*)' | sed 's/^ips//' | xargs)"
 # Check that requesting ip is in the servers file
 if ! cat /etc/wgapi/servers | sed '/^#/d' | cut -f2,3 | grep -w "${ip}"; then
 	printf "ERROR! Federated server %s requested to create new peer but isn't in servers file!/n" "${ip}" >&2
-	"${LIB_DIR}/http_res" 403; exit
+	"/usr/lib/wgapi/http_res" 403; exit
 fi
 
 # Add peer to wireguard
-if "${LIB_DIR}/wg_peer_add" "${pubkey}" "${server_psk}" "${allowedips}"; then
+if "/usr/lib/wgapi/wg_peer_add" "${pubkey}" "${server_psk}" "${allowedips}"; then
 	printf 'Added %s to wireguard.\n' "${pubkey}" >&2
 else
 	printf 'ERROR! Failed to add %s to wireguard!\n' "${pubkey}" >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
-"${LIB_DIR}/http_res" 200
+"/usr/lib/wgapi/http_res" 200

back/lib/fed/peer/del

@@ -11,14 +11,14 @@ pubkey="$(<<<"${qs}" grep -oP 'pubkey=(.*)' | sed 's/^pubkey//' | xargs)"
 # Check that requesting ip is in the servers file
 if ! cat /etc/wgapi/servers | sed '/^#/d' | cut -f2,3 | grep -w "${ip}"; then
 	printf "ERROR! Federated server %s requested to create new peer but isn't in servers file!/n" "${ip}" >&2
-	"${LIB_DIR}/http_res" 403; exit
+	"/usr/lib/wgapi/http_res" 403; exit
 fi
 
 # Delete peer from wireguard
-if "${LIB_DIR}/wg_peer_del" "${pubkey}"; then
+if "/usr/lib/wgapi/wg_peer_del" "${pubkey}"; then
 	printf 'Deleted %s from wireguard.\n' "${pubkey}" >&2
 else
 	printf 'ERROR! Failed to delete %s from wireguard!\n' "${pubkey}" >&2
-	"${LIB_DIR}/http_res" 500; exit
+	"/usr/lib/wgapi/http_res" 500; exit
 fi
-"${LIB_DIR}/http_res" 200
+"/usr/lib/wgapi/http_res" 200

back/lib/ips_to_peers

@@ -13,7 +13,7 @@ source /etc/wgapi/config
 format="${1}"
 
 # Perform AXFR lookup
-res="$("${LIB_DIR:?}/ns_lookup_rxfr")" || exit 4
+res="$(/usr/lib/wgapi/ns_lookup_rxfr)" || exit 4
 
 # This should read from stdin
 # TODO: Run this loop in parallel

back/lib/ns_lookup_rdns

@@ -11,7 +11,7 @@
 
 source /etc/wgapi/config
 
-domain="$("${LIB_DIR}/ns_lookup_send" "${1}")"
+domain="$("/usr/lib/wgapi/ns_lookup_send" "${1}")"
 case $? in
 	0) printf '%s' "${domain%.}" | cut -d'=' -f2 | xargs -0; exit 0;;
 	4) printf 'Domain for %s not found!\n' "${1}" >&2; exit 3;;

back/lib/ns_lookup_rxfr

@@ -13,7 +13,7 @@
 
 source /etc/wgapi/config
 
-res="$("${LIB_DIR}/ns_lookup_send" "-query=AXFR" "${TLD}.")"
+res="$("/usr/lib/wgapi/ns_lookup_send" "-query=AXFR" "${TLD}.")"
 case $? in
 	0) printf '%s' "${res}"; exit 0;;
 	4) printf 'Domain for %s not found!\n' "${1}" >&2; exit 4;;

back/lib/ns_update_add

@@ -5,10 +5,10 @@
 
 source /etc/wgapi/config
 
-"${LIB_DIR}/ns_update_send" "update add ${1}. ${DNS_TTL} A ${2}
+"/usr/lib/wgapi/ns_update_send" "update add ${1}. ${DNS_TTL} A ${2}
 update add ${1}. ${DNS_TTL} AAAA ${3}
 update add *.${1}. ${DNS_TTL} CNAME ${1}.
 send
-update add $("${LIB_DIR}/ns_update_rev_ipv4" "${2}") ${DNS_TTL} PTR ${1}.
+update add $("/usr/lib/wgapi/ns_update_rev_ipv4" "${2}") ${DNS_TTL} PTR ${1}.
 send
-update add $("${LIB_DIR}/ns_update_rev_ipv6" "${3}") ${DNS_TTL} PTR ${1}." || exit 1
+update add $("/usr/lib/wgapi/ns_update_rev_ipv6" "${3}") ${DNS_TTL} PTR ${1}." || exit 1

back/lib/ns_update_del

@@ -5,10 +5,10 @@
 
 source /etc/wgapi/config
 
-"${LIB_DIR}/ns_update_send" "update delete ${1}. A
+"/usr/lib/wgapi/ns_update_send" "update delete ${1}. A
 update delete ${1}. AAAA
 update delete *.${1}. CNAME
 send
-update delete $("${LIB_DIR}/ns_update_rev_ipv4" "${2}") PTR
+update delete $("/usr/lib/wgapi/ns_update_rev_ipv4" "${2}") PTR
 send
-update delete $("${LIB_DIR}/ns_update_rev_ipv6" "${3}") PTR" || exit 1
+update delete $("/usr/lib/wgapi/ns_update_rev_ipv6" "${3}") PTR" || exit 1

back/lib/wg_user_list

@@ -9,7 +9,7 @@ source /etc/wgapi/config
 	while IFS=$' ' read -r pubkey ipv4 ipv6; do
 		ipv4="${ipv4%%/*}"
 		ipv6="${ipv6%%/*}"
-		domain="$("${LIB_DIR}/ns_lookup_rdns" "${ipv4}")" || exit 4
+		domain="$("/usr/lib/wgapi/ns_lookup_rdns" "${ipv4}")" || exit 4
 		username="$(<<<"${domain}" cut -d'.' -f2)"
 		hostname="$(<<<"${domain}" cut -d'.' -f1)"
 		case "${2}" in

etc/config.sample

@@ -3,8 +3,6 @@ LOCAL_SERVER='myhost'
 IPV4_NET='10.3.0.0/16'
 IPV6_NET='fd69:1337:0:420:f4:f3::/96'
 WG_DNS='DNS=10.3.0.1,10.3.0.2,fd69:1337:0:420:f4:f3:0:1,fd69:1337:0:420:f4:f3:0:2'
-LIB_DIR='/usr/local/bin'
-TOKENS_FILE='/var/local/wgapi_tokens'
 SSL_CONFIG_DIR="/etc/ssl/private/${TLD}"
 SSL_CA_CERT="${SSL_CONFIG_DIR}/_ca.crt"
 SSL_CA_KEY="${SSL_CONFIG_DIR}/_ca.key"