Add initial support for WG

build.sh

@@ -57,11 +57,13 @@ do
     cp -r ../tinc/* tinc/
     cp -r ../bird/* bird/
     cp -r ../bind/* bind/
+    cp -r ../wireguard/* wireguard/
 
     # Copy system-local custom files (if they even exist)
     cp -r $dir/tinc/* tinc/
     cp -r $dir/bird/* bird/
     cp -r $dir/bind/* bind/
+	cp -r $dir/wireguard/* wireguard/
 
     # Tinc
     #  Remove existing configuration
@@ -97,6 +99,15 @@ do
     find bind -type f | sed -e "s@bind/@@g" | xargs -I '{}' cp --verbose bind/{} /etc/bind/$netname/{}
     #  Fill out templates and remove them after
     process_templates "/etc/bind/$netname/" "$sigil_vars"
+	
+	# Wireguard
+    #  Remove existing configuration
+    rm -v -rf /etc/wireguard/$netname/*
+    #  Copy all bind default files to /etc/(bind)
+    find wireguard -type d | sed -e "s@wireguard@wireguard/${netname}@g" | xargs -I '{}' mkdir --verbose -p /etc/{}
+    find wireguard -type f | sed -e "s@wireguard/@@g" | xargs -I '{}' cp --verbose wireguard/{} /etc/wireguard/$netname/{}
+    #  Fill out templates and remove them after
+    process_templates "/etc/wireguard/$netname/" "$sigil_vars"
     
     # Docker
     #  Copy templates and dependencies to directory

docker/services/wireguard

@@ -0,0 +1,20 @@
+    image: ghcr.io/linuxserver/wireguard
+    container_name: wireguard
+    volumes:
+      - /etc/wireguard/${netname}:/config
+      - /lib/modules:/lib/modules
+    environment:
+      - RUNMODE=server
+      - NETNAME=${netname}
+	  - TZ=America/Denver
+	  - SERVERPORT=${wg_port:-51820}
+	  - INTERNAL_SUBNET=${wg_subnet}
+	  - ALLOWEDIPS=${network_address}/${global_prefix:-16}
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    restart: always
+    depends_on:
+      - tinc
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1

install.sh

@@ -31,6 +31,11 @@ chown -R $UID:$GID /etc/tinc/
 chmod -R 660 /etc/tinc/
 chmod -R a+X /etc/tinc/
 
+mkdir /etc/wireguard
+chown -R $UID:$GID /etc/wireguard/
+chmod -R 660 /etc/wireguard/
+chmod -R a+X /etc/wireguard/
+
 echo "Setting exclusive read access to SSH keys."
 chmod -v 400 /etc/lixonet/id_rsa
 chmod -v 400 /etc/lixonet/*/id_rsa
@@ -42,4 +47,4 @@ touch /etc/lixonet/version
 chmod 660 /etc/lixonet/version
 stat /etc/lixonet/version
 
-docker build -t lixonet-ee . && docker run --restart always -d -e DOCKER_HOST=unix:///var/run/docker.sock -e GIT_URL=$ORIGIN -v /var/run/docker.sock:/var/run/docker.sock -v /etc/bird:/etc/bird/ -v /etc/tinc:/etc/tinc -v /etc/bind:/etc/bind -v /etc/lixonet:/etc/lixonet -v /etc/lixonet/known_hosts:/home/lixonet/.ssh/known_hosts -v /etc/lixonet/id_rsa:/home/lixonet/.ssh/id_rsa lixonet-ee
+docker build -t lixonet-ee . && docker run --restart always -d -e DOCKER_HOST=unix:///var/run/docker.sock -e GIT_URL=$ORIGIN -v /var/run/docker.sock:/var/run/docker.sock -v /etc/bird:/etc/bird/ -v /etc/tinc:/etc/tinc -v /etc/bind:/etc/bind -v /etc/lixonet:/etc/lixonet -v /etc/wireguard:/etc/wireguard/ -v /etc/lixonet/known_hosts:/home/lixonet/.ssh/known_hosts -v /etc/lixonet/id_rsa:/home/lixonet/.ssh/id_rsa --name lixonet-ee lixonet-ee