nigger/lixonet-ee
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add initial support for WG

Browse Source
This commit is contained in:
Manevolent 2021-09-21 14:01:51 -06:00
parent 6cbfba6077
commit 6d864e2e70
No known key found for this signature in database
GPG Key ID: 2E9B7592DFA4F344
3 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
build.sh
View File

@ -57,11 +57,13 @@ do
cp -r ../tinc/* tinc/ cp -r ../tinc/* tinc/
cp -r ../bird/* bird/ cp -r ../bird/* bird/
cp -r ../bind/* bind/ cp -r ../bind/* bind/
cp -r ../wireguard/* wireguard/
# Copy system-local custom files (if they even exist) # Copy system-local custom files (if they even exist)
cp -r $dir/tinc/* tinc/ cp -r $dir/tinc/* tinc/
cp -r $dir/bird/* bird/ cp -r $dir/bird/* bird/
cp -r $dir/bind/* bind/ cp -r $dir/bind/* bind/
cp -r $dir/wireguard/* wireguard/
# Tinc # Tinc
# Remove existing configuration # Remove existing configuration
@ -98,6 +100,15 @@ do
# Fill out templates and remove them after # Fill out templates and remove them after
process_templates "/etc/bind/$netname/" "$sigil_vars" process_templates "/etc/bind/$netname/" "$sigil_vars"
# Wireguard
# Remove existing configuration
rm -v -rf /etc/wireguard/$netname/*
# Copy all bind default files to /etc/(bind)
find wireguard -type d | sed -e "s@wireguard@wireguard/${netname}@g" | xargs -I '{}' mkdir --verbose -p /etc/{}
find wireguard -type f | sed -e "s@wireguard/@@g" | xargs -I '{}' cp --verbose wireguard/{} /etc/wireguard/$netname/{}
# Fill out templates and remove them after
process_templates "/etc/wireguard/$netname/" "$sigil_vars"
# Docker # Docker
# Copy templates and dependencies to directory # Copy templates and dependencies to directory
mkdir docker/ mkdir docker/

20
docker/services/wireguard Normal file
View File

@ -0,0 +1,20 @@
image: ghcr.io/linuxserver/wireguard
container_name: wireguard
volumes:
- /etc/wireguard/${netname}:/config
- /lib/modules:/lib/modules
environment:
- RUNMODE=server
- NETNAME=${netname}
- TZ=America/Denver
- SERVERPORT=${wg_port:-51820}
- INTERNAL_SUBNET=${wg_subnet}
- ALLOWEDIPS=${network_address}/${global_prefix:-16}
cap_add:
- NET_ADMIN
- SYS_MODULE
restart: always
depends_on:
- tinc
sysctls:
- net.ipv4.conf.all.src_valid_mark=1

7
install.sh
View File

@ -31,6 +31,11 @@ chown -R $UID:$GID /etc/tinc/
chmod -R 660 /etc/tinc/ chmod -R 660 /etc/tinc/
chmod -R a+X /etc/tinc/ chmod -R a+X /etc/tinc/
mkdir /etc/wireguard
chown -R $UID:$GID /etc/wireguard/
chmod -R 660 /etc/wireguard/
chmod -R a+X /etc/wireguard/
echo "Setting exclusive read access to SSH keys." echo "Setting exclusive read access to SSH keys."
chmod -v 400 /etc/lixonet/id_rsa chmod -v 400 /etc/lixonet/id_rsa
chmod -v 400 /etc/lixonet/*/id_rsa chmod -v 400 /etc/lixonet/*/id_rsa
@ -42,4 +47,4 @@ touch /etc/lixonet/version
chmod 660 /etc/lixonet/version chmod 660 /etc/lixonet/version
stat /etc/lixonet/version stat /etc/lixonet/version
docker build -t lixonet-ee . && docker run --restart always -d -e DOCKER_HOST=unix:///var/run/docker.sock -e GIT_URL=$ORIGIN -v /var/run/docker.sock:/var/run/docker.sock -v /etc/bird:/etc/bird/ -v /etc/tinc:/etc/tinc -v /etc/bind:/etc/bind -v /etc/lixonet:/etc/lixonet -v /etc/lixonet/known_hosts:/home/lixonet/.ssh/known_hosts -v /etc/lixonet/id_rsa:/home/lixonet/.ssh/id_rsa lixonet-ee docker build -t lixonet-ee . && docker run --restart always -d -e DOCKER_HOST=unix:///var/run/docker.sock -e GIT_URL=$ORIGIN -v /var/run/docker.sock:/var/run/docker.sock -v /etc/bird:/etc/bird/ -v /etc/tinc:/etc/tinc -v /etc/bind:/etc/bind -v /etc/lixonet:/etc/lixonet -v /etc/wireguard:/etc/wireguard/ -v /etc/lixonet/known_hosts:/home/lixonet/.ssh/known_hosts -v /etc/lixonet/id_rsa:/home/lixonet/.ssh/id_rsa --name lixonet-ee lixonet-ee