diff --git a/conf/wg0.conf b/conf/wg0.conf deleted file mode 100644 index a0d5882..0000000 --- a/conf/wg0.conf +++ /dev/null @@ -1,12 +0,0 @@ -# This file was generated using wireguard-ui (https://github.com/ngoduykhanh/wireguard-ui) -# Please don't modify it manually, otherwise your change might got replaced. - -# Address updated at: -# Private Key updated at: -[Interface] -Address = 10.10.10.0/24,fd42::/112 -ListenPort = __PORT_WG__ -PrivateKey = __PRIVATE_KEY__ -MTU = 1450 -PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o __INTERFACE__ -j MASQUERADE; ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -A FORWARD -o %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o __INTERFACE__ -j MASQUERADE; ip link set multicast on dev %i -PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o __INTERFACE__ -j MASQUERADE; ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -D FORWARD -o %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o __INTERFACE__ -j MASQUERADE diff --git a/conf/wireguard_ui.service b/conf/wireguard_ui.service index 2495c87..a98c57f 100644 --- a/conf/wireguard_ui.service +++ b/conf/wireguard_ui.service @@ -16,7 +16,8 @@ ExecStart=__FINALPATH__/wireguard-ui --bind-address="127.0.0.1:__PORT__" --disab NoNewPrivileges=yes PrivateTmp=yes PrivateDevices=yes -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +# Disabling the following restriction since the UI needs to poll the interfaces +#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 RestrictNamespaces=yes RestrictRealtime=yes DevicePolicy=closed @@ -36,7 +37,8 @@ CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE -CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +# Disabling the following restriction since the UI needs to poll the interfaces +#CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG # Exception to ProtectSystem diff --git a/scripts/install b/scripts/install index bf40673..2e8032b 100644 --- a/scripts/install +++ b/scripts/install @@ -134,10 +134,6 @@ ynh_delete_file_checksum --file="$final_path/db/server/interfaces.json" # Create WireGuard configuration directory mkdir -p /etc/wireguard -# Add interface configuration file for WireGuard -ynh_add_config --template="../conf/wg0.conf" --destination="/etc/wireguard/wg0.conf" -ynh_delete_file_checksum --file="/etc/wireguard/wg0.conf" - #================================================= # SETUP SYSTEMD #=================================================