YunoHost-Apps/wireguard_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/wireguard_ynh.git synced 2024-09-03 20:35:58 +02:00
Code Issues Activity Actions

Drop wg0.conf autoinstall

Browse source
This commit is contained in:
tituspijean 2021-12-22 19:20:27 +01:00
parent 20ecc320aa
commit 1929f4bba0
No known key found for this signature in database
GPG key ID: EF3B0D7CC0A94720
3 changed files with 4 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
conf/wg0.conf
View file

@ -1,12 +0,0 @@
# This file was generated using wireguard-ui (https://github.com/ngoduykhanh/wireguard-ui)
# Please don't modify it manually, otherwise your change might got replaced.
# Address updated at:
# Private Key updated at:
[Interface]
Address = 10.10.10.0/24,fd42::/112
ListenPort = __PORT_WG__
PrivateKey = __PRIVATE_KEY__
MTU = 1450
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o __INTERFACE__ -j MASQUERADE; ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -A FORWARD -o %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o __INTERFACE__ -j MASQUERADE; ip link set multicast on dev %i
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o __INTERFACE__ -j MASQUERADE; ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -D FORWARD -o %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o __INTERFACE__ -j MASQUERADE

6
conf/wireguard_ui.service
View file

@ -16,7 +16,8 @@ ExecStart=__FINALPATH__/wireguard-ui --bind-address="127.0.0.1:__PORT__" --disab
NoNewPrivileges=yes NoNewPrivileges=yes
PrivateTmp=yes PrivateTmp=yes
PrivateDevices=yes PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 # Disabling the following restriction since the UI needs to poll the interfaces
#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes RestrictNamespaces=yes
RestrictRealtime=yes RestrictRealtime=yes
DevicePolicy=closed DevicePolicy=closed
@ -36,7 +37,8 @@ CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW # Disabling the following restriction since the UI needs to poll the interfaces
#CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
# Exception to ProtectSystem # Exception to ProtectSystem

4
scripts/install
View file

@ -134,10 +134,6 @@ ynh_delete_file_checksum --file="$final_path/db/server/interfaces.json"
# Create WireGuard configuration directory # Create WireGuard configuration directory
mkdir -p /etc/wireguard mkdir -p /etc/wireguard
# Add interface configuration file for WireGuard
ynh_add_config --template="../conf/wg0.conf" --destination="/etc/wireguard/wg0.conf"
ynh_delete_file_checksum --file="/etc/wireguard/wg0.conf"
#================================================= #=================================================
# SETUP SYSTEMD # SETUP SYSTEMD
#================================================= #=================================================