diff --git a/conf/interfaces.json b/conf/interfaces.json index 2d483e5..d4bdb12 100644 --- a/conf/interfaces.json +++ b/conf/interfaces.json @@ -4,6 +4,6 @@ "fd42::/112" ], "listen_port": "__PORT_WG__", - "post_up": "", - "post_down": "" + "post_up": "iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o __INTERFACE__ -j MASQUERADE; ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -A FORWARD -o %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o __INTERFACE__ -j MASQUERADE; ip link set multicast on dev %i", + "post_down": "iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o __INTERFACE__ -j MASQUERADE; ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -D FORWARD -o %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o __INTERFACE__ -j MASQUERADE" } diff --git a/conf/wg0.conf b/conf/wg0.conf index 8077375..a0d5882 100644 --- a/conf/wg0.conf +++ b/conf/wg0.conf @@ -8,5 +8,5 @@ Address = 10.10.10.0/24,fd42::/112 ListenPort = __PORT_WG__ PrivateKey = __PRIVATE_KEY__ MTU = 1450 -PostUp = -PostDown = +PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o __INTERFACE__ -j MASQUERADE; ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -A FORWARD -o %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o __INTERFACE__ -j MASQUERADE; ip link set multicast on dev %i +PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o __INTERFACE__ -j MASQUERADE; ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -D FORWARD -o %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o __INTERFACE__ -j MASQUERADE diff --git a/scripts/_common.sh b/scripts/_common.sh index cb7337e..26317a4 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -14,6 +14,8 @@ fi # dependencies used by the app pkg_dependencies="$pkg_headers wireguard-dkms wireguard" +interface=$(ip route | awk '/default/ { print $5 }') + #================================================= # PERSONAL HELPERS #================================================= diff --git a/scripts/install b/scripts/install index 55a9364..e9c0f07 100644 --- a/scripts/install +++ b/scripts/install @@ -49,6 +49,7 @@ ynh_script_progression --message="Storing installation settings..." --weight=1 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin +ynh_app_setting_set --app=$app --key=interface --value=$interface #================================================= # STANDARD MODIFICATIONS @@ -130,16 +131,15 @@ ynh_replace_string "__USER__" "${app}" /etc/sudoers.d/${app}_ynh mkdir -p $final_path/db/server # Add interface configuration file for the Web UI -cp ../conf/interfaces.json $final_path/db/server/interfaces.json -ynh_replace_string --match_string="__PORT_WG__" --replace_string="$port_wg" --target_file="$final_path/db/server/interfaces.json" +ynh_add_config --template="../conf/interfaces.json" --destination="$final_path/db/server/interfaces.json" +ynh_delete_file_checksum --file="$final_path/db/server/interfaces.json" # Create WireGuard configuration directory mkdir -p /etc/wireguard # Add interface configuration file for WireGuard -cp ../conf/wg0.conf /etc/wireguard/wg0.conf -ynh_replace_string --match_string="__PORT_WG__" --replace_string="$port_wg" --target_file="/etc/wireguard/wg0.conf" -ynh_replace_string --match_string="__PRIVATE_KEY__" --replace_string="$(wg genkey)" --target_file="/etc/wireguard/wg0.conf" +ynh_add_config --template="../conf/wg0.conf" --destination="/etc/wireguard/wg0.conf" +ynh_delete_file_checksum --file="/etc/wireguard/wg0.conf" #================================================= # SETUP SYSTEMD diff --git a/scripts/upgrade b/scripts/upgrade index a026238..684ffae 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -187,13 +187,6 @@ systemctl enable --quiet wireguard_ui_conf.service # CONFIGURING WIREGUARD #================================================= -# Create db directory for securing it later -mkdir -p $final_path/db/server - -# Add interface configuration file -cp ../conf/interfaces.json $final_path/db/server/interfaces.json -ynh_replace_string --match_string="__PORT_WG__" --replace_string="$port_wg" --target_file="$final_path/db/server/interfaces.json" - #================================================= # GENERIC FINALIZATION #=================================================