YunoHost-Apps/wireguard_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/wireguard_ynh.git synced 2024-09-03 20:35:58 +02:00
Code Issues Activity Actions

Merge pull request #45 from YunoHost-Apps/testing

Browse source 
Testing
This commit is contained in:
tituspijean 2021-12-30 18:24:57 +01:00 committed by GitHub
commit ee491145a6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
29 changed files with 210 additions and 310 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
README.md
View file

@ -15,9 +15,9 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
## Overview ## Overview
Virtual Private Networks (VPN) via WireGuard, with a web UI to ease configuration WireGuard® is fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN.
**Shipped version:** 0.2.7~ynh8 **Shipped version:** 0.3.2~ynh1
@ -31,35 +31,12 @@ Virtual Private Networks (VPN) via WireGuard, with a web UI to ease configuratio
* WireGuard for YunoHost will add a DMKS module to your Linux kernel. * WireGuard for YunoHost will add a DMKS module to your Linux kernel.
* You may need to reboot your server for WireGuard to be able to start. * You may need to reboot your server for WireGuard to be able to start.
* The package includes WireGuard and non-official web UI to configure it. * The package includes WireGuard and non-official web UI to configure it.
* Avoid altering the configuration files via the command line interface, though. * Do not manually alter the configuration files.
* Use YunoHost permissions panel to allow users to access the web UI. * Use YunoHost permissions panel to allow users to access the web UI.
* Only one network interface, *wg0*, can be managed with this app at the moment. * Only one network interface, *wg0*, can be managed with this app at the moment.
* `Status` page is not working for the time being.
### Make your server share its Internet connection After installation, you need to `Apply Config` once in the UI before the VPN service can be started.
#### Enable port forwarding
```bash
sudo nano /etc/sysctl.conf
# Uncomment the following lines:
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
# Save and quit (CTRL+O, CTRL+X)
sudo sysctl -p
```
Add the following commands in `WireGuard Server` menu, like in [this picture](https://user-images.githubusercontent.com/8769166/124400150-cf354980-dd20-11eb-87c6-9478938d9c82.png). Replace `eth0` with the interface connected to the Internet:
#### Post Up Script
```
iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
```
#### Post Down Script
```
iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
```
## Documentation and resources ## Documentation and resources

33
README_fr.md
View file

@ -11,9 +11,9 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
## Vue d'ensemble ## Vue d'ensemble
Réseaux Privés Virtuels (VPN) via WireGuard, avec une web UI pour faciliter sa configuration WireGuard® is fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN.
**Version incluse :** 0.2.7~ynh8 **Version incluse :** 0.3.2~ynh1
@ -27,35 +27,12 @@ Réseaux Privés Virtuels (VPN) via WireGuard, avec une web UI pour faciliter sa
* Cette application ajoutera un module DMKS à votre noyau Linux. * Cette application ajoutera un module DMKS à votre noyau Linux.
* Vous devriez redémarrer votre serveur pour que WireGuard puisse se lancer. * Vous devriez redémarrer votre serveur pour que WireGuard puisse se lancer.
* Cette application inclut WireGuard et une interface web non-officielle pour le configurer. * Cette application inclut WireGuard et une interface web non-officielle pour le configurer.
* Évitez de modifier les fichiers de configuration via la ligne de commande. * Ne modifiez pas les fichiers de configuration à la main.
* Utiliser le panneau de permissions de YunoHost pour autoriser des utilisateurs à accéder à WireGuard UI. * Utiliser le panneau de permissions de YunoHost pour autoriser des utilisateurs à accéder à WireGuard UI.
* Une seule interface réseau, *wg0*, peut actuellement être gérée par cette app. * Une seule interface réseau, *wg0*, peut actuellement être gérée par cette app.
* La page `Status` demeure non fonctionnelle pour l'instant.
### Partagez votre connexion Internet via WireGuard Après installation, vous devrez cliquer sur `Apply Config` une fois dans l'UI avant que le service VPN puisse être démarré.
#### Activez le *port forwarding*
```bash
sudo nano /etc/sysctl.conf
# Décommentez les lignes suivantes :
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
# Sauvegardez et quittez (CTRL+O, CTRL+X)
sudo sysctl -p
```
Ajoutez les commandes suivantes dans le menu `WireGuard Server`, tel que dans [cette image](https://user-images.githubusercontent.com/8769166/124400150-cf354980-dd20-11eb-87c6-9478938d9c82.png). Remplacez `eth0` avec l'interface connectée à Internet :
#### Post Up Script
```
iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
```
#### Post Down Script
```
iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
```
## Documentations et ressources ## Documentations et ressources

15
check_process
View file

@ -1,13 +1,8 @@
# See here for more information
# https://github.com/YunoHost/package_check#syntax-check_process-file
# Move this file from check_process.default to check_process when you have filled it.
;; Test complet ;; Test complet
; Manifest ; Manifest
domain="domain.tld" (DOMAIN) domain="domain.tld"
path="/" (PATH) path="/"
admin="john" (USER) admin="john"
; Checks ; Checks
pkg_linter=1 pkg_linter=1
setup_sub_dir=0 setup_sub_dir=0
@ -19,11 +14,7 @@
upgrade=1 from_commit=797a3e5990571629a8525764ce6e8d359277313f upgrade=1 from_commit=797a3e5990571629a8525764ce6e8d359277313f
backup_restore=1 backup_restore=1
multi_instance=0 multi_instance=0
port_already_use=0
change_url=0 change_url=0
;;; Levels
# If the level 5 (Package linter) is forced to 1. Please add justifications here.
Level 5=auto
;;; Options ;;; Options
Email= Email=
Notification=none Notification=none

6
conf/386.src
View file

@ -1,6 +0,0 @@
SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.2.7/wireguard-ui-v0.2.7-linux-386.tar.gz
SOURCE_SUM=16EA7A77E5BAC17C1B680ABF9CFF31E3F8313F8E00F9B88F8F6151D8F6A6EE12
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=false
SOURCE_FILENAME=

5
conf/amd64.src
View file

@ -1,6 +1,5 @@
SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.2.7/wireguard-ui-v0.2.7-linux-amd64.tar.gz SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.3.2/wireguard-ui-v0.3.2-linux-amd64.tar.gz
SOURCE_SUM=DC0FF54ABD2E08DB5ED722E07CEDA6E007CD5E6DFABD3A3B5A948CC8275D8100 SOURCE_SUM=71972b81f2d2ade50484cc1501a5896c8a08cfd82297f81c1d6279d7e0ff1f35
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=false SOURCE_IN_SUBDIR=false
SOURCE_FILENAME=

6
conf/arm.src
View file

@ -1,6 +0,0 @@
SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.2.7/wireguard-ui-v0.2.7-linux-arm.tar.gz
SOURCE_SUM=07003BF178A81C3D699CB3977028DB728C5E4D44003A7972855C3488F416E467
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=false
SOURCE_FILENAME=

5
conf/arm64.src
View file

@ -1,6 +1,5 @@
SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.2.7/wireguard-ui-v0.2.7-linux-arm64.tar.gz SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.3.2/wireguard-ui-v0.3.2-linux-arm64.tar.gz
SOURCE_SUM=32331E591B0C3B9E4EC360B53B967A3CCEEEFE5B7FFEC3ADD61A9483B50B9F0D SOURCE_SUM=8d31fc39495f8a6480531859f225f0fee36788515532d75d9cfaaa866000f52f
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=false SOURCE_IN_SUBDIR=false
SOURCE_FILENAME=

5
conf/armhf.src Normal file
View file

@ -0,0 +1,5 @@
SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.3.2/wireguard-ui-v0.3.2-linux-arm.tar.gz
SOURCE_SUM=4632fd96c7574321031907695fbbe6535884a8006b517c7f7d3ab289fb94be5f
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=false

5
conf/i386.src Normal file
View file

@ -0,0 +1,5 @@
SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.3.2/wireguard-ui-v0.3.2-linux-386.tar.gz
SOURCE_SUM=f76fc030d54e735977236d1984a906e749abb038208f410b406a2972498e3b9e
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=false

7
conf/interfaces.json
View file

@ -1,8 +1,9 @@
{ {
"addresses": [ "addresses": [
"10.10.10.0/24" "10.10.10.0/24",
"fd42::/112"
], ],
"listen_port": "__PORT_WG__", "listen_port": "__PORT_WG__",
"post_up": "", "post_up": "iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o __INTERFACE__ -j MASQUERADE; ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -A FORWARD -o %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o __INTERFACE__ -j MASQUERADE; ip link set multicast on dev %i",
"post_down": "" "post_down": "iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o __INTERFACE__ -j MASQUERADE; ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -D FORWARD -o %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o __INTERFACE__ -j MASQUERADE"
} }

5
conf/nginx.conf
View file

@ -1,11 +1,6 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ { location __PATH__/ {
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
proxy_pass http://127.0.0.1:__PORT__/; proxy_pass http://127.0.0.1:__PORT__/;
proxy_redirect off; proxy_redirect off;
proxy_set_header Host $host; proxy_set_header Host $host;

2
conf/sudoers.conf
View file

@ -1,2 +0,0 @@
Cmnd_Alias WIREGUARDSERVICE = /usr/bin/systemctl restart wg-quick@wg0.service
%__USER__ ALL = NOPASSWD: WIREGUARDSERVICE

2
conf/sysctl.conf Normal file
View file

@ -0,0 +1,2 @@
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1

12
conf/wg0.conf
View file

@ -1,12 +0,0 @@
# This file was generated using wireguard-ui (https://github.com/ngoduykhanh/wireguard-ui)
# Please don't modify it manually, otherwise your change might got replaced.
# Address updated at:
# Private Key updated at:
[Interface]
Address = 10.10.10.0/24
ListenPort = __PORT_WG__
PrivateKey = __PRIVATE_KEY__
MTU = 1450
PostUp =
PostDown =

8
conf/wireguard@.path Normal file
View file

@ -0,0 +1,8 @@
[Unit]
Description=Watch WireGuard %I.conf for changes
[Path]
PathModified=/etc/wireguard/%I.conf
[Install]
WantedBy=multi-user.target

14
conf/wireguard@.service Normal file
View file

@ -0,0 +1,14 @@
[Unit]
Description=WireGuard on %I
After=network-online.target nss-lookup.target
Wants=network-online.target nss-lookup.target
[Service]
Type=oneshot
User=root
RemainAfterExit=yes
ExecStart=/bin/systemctl restart wg-quick@%I.service
ExecStop=/bin/systemctl stop wg-quick@%I.service
[Install]
WantedBy=multi-user.target

35
conf/wireguard_ui.service
View file

@ -9,5 +9,40 @@ Group=__APP__
WorkingDirectory=__FINALPATH__/ WorkingDirectory=__FINALPATH__/
ExecStart=__FINALPATH__/wireguard-ui --bind-address="127.0.0.1:__PORT__" --disable-login ExecStart=__FINALPATH__/wireguard-ui --bind-address="127.0.0.1:__PORT__" --disable-login
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
# Disabling the following restriction since the UI needs to poll the interfaces
#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
# Disabling the following restriction since the UI needs to poll the interfaces
#CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
# Exception to ProtectSystem
ReadWritePaths=/etc/wireguard
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

8
conf/wireguard_ui_conf.path
View file

@ -1,8 +0,0 @@
[Unit]
Description=Watch WireGuard wg0.conf for changes
[Path]
PathModified=/etc/wireguard/wg0.conf
[Install]
WantedBy=multi-user.target

9
conf/wireguard_ui_conf.service
View file

@ -1,9 +0,0 @@
[Unit]
Description=WireGuard restart
After=network.target
[Service]
Type=oneshot
User=__APP__
Group=__APP__
ExecStart=sudo /usr/bin/systemctl restart wg-quick@wg0.service

1
doc/DESCRIPTION.md Normal file
View file

@ -0,0 +1 @@
WireGuard® is fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN.

29
doc/DISCLAIMER.md
View file

@ -1,32 +1,9 @@
* WireGuard for YunoHost will add a DMKS module to your Linux kernel. * WireGuard for YunoHost will add a DMKS module to your Linux kernel.
* You may need to reboot your server for WireGuard to be able to start. * You may need to reboot your server for WireGuard to be able to start.
* The package includes WireGuard and non-official web UI to configure it. * The package includes WireGuard and non-official web UI to configure it.
* Avoid altering the configuration files via the command line interface, though. * Do not manually alter the configuration files.
* Use YunoHost permissions panel to allow users to access the web UI. * Use YunoHost permissions panel to allow users to access the web UI.
* Only one network interface, *wg0*, can be managed with this app at the moment. * Only one network interface, *wg0*, can be managed with this app at the moment.
* `Status` page is not working for the time being.
### Make your server share its Internet connection After installation, you need to `Apply Config` once in the UI before the VPN service can be started.
#### Enable port forwarding
```bash
sudo nano /etc/sysctl.conf
# Uncomment the following lines:
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
# Save and quit (CTRL+O, CTRL+X)
sudo sysctl -p
```
Add the following commands in `WireGuard Server` menu, like in [this picture](https://user-images.githubusercontent.com/8769166/124400150-cf354980-dd20-11eb-87c6-9478938d9c82.png). Replace `eth0` with the interface connected to the Internet:
#### Post Up Script
```
iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
```
#### Post Down Script
```
iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
```

29
doc/DISCLAIMER_fr.md
View file

@ -1,32 +1,9 @@
* Cette application ajoutera un module DMKS à votre noyau Linux. * Cette application ajoutera un module DMKS à votre noyau Linux.
* Vous devriez redémarrer votre serveur pour que WireGuard puisse se lancer. * Vous devriez redémarrer votre serveur pour que WireGuard puisse se lancer.
* Cette application inclut WireGuard et une interface web non-officielle pour le configurer. * Cette application inclut WireGuard et une interface web non-officielle pour le configurer.
* Évitez de modifier les fichiers de configuration via la ligne de commande. * Ne modifiez pas les fichiers de configuration à la main.
* Utiliser le panneau de permissions de YunoHost pour autoriser des utilisateurs à accéder à WireGuard UI. * Utiliser le panneau de permissions de YunoHost pour autoriser des utilisateurs à accéder à WireGuard UI.
* Une seule interface réseau, *wg0*, peut actuellement être gérée par cette app. * Une seule interface réseau, *wg0*, peut actuellement être gérée par cette app.
* La page `Status` demeure non fonctionnelle pour l'instant.
### Partagez votre connexion Internet via WireGuard Après installation, vous devrez cliquer sur `Apply Config` une fois dans l'UI avant que le service VPN puisse être démarré.
#### Activez le *port forwarding*
```bash
sudo nano /etc/sysctl.conf
# Décommentez les lignes suivantes :
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
# Sauvegardez et quittez (CTRL+O, CTRL+X)
sudo sysctl -p
```
Ajoutez les commandes suivantes dans le menu `WireGuard Server`, tel que dans [cette image](https://user-images.githubusercontent.com/8769166/124400150-cf354980-dd20-11eb-87c6-9478938d9c82.png). Remplacez `eth0` avec l'interface connectée à Internet :
#### Post Up Script
```
iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
```
#### Post Down Script
```
iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
```

18
manifest.json
View file

@ -3,10 +3,10 @@
"id": "wireguard", "id": "wireguard",
"packaging_format": 1, "packaging_format": 1,
"description": { "description": {
"en": "Virtual Private Networks (VPN) via WireGuard, with a web UI to ease configuration", "en": "Web user interface to manage your WireGuard setup",
"fr": "Réseaux Privés Virtuels (VPN) via WireGuard, avec une web UI pour faciliter sa configuration" "fr": "Interface utilisateur Web pour gérer votre configuration WireGuard"
}, },
"version": "0.2.7~ynh8", "version": "0.3.2~ynh1",
"url": "https://github.com/ngoduykhanh/wireguard-ui", "url": "https://github.com/ngoduykhanh/wireguard-ui",
"upstream": { "upstream": {
"license": "MIT", "license": "MIT",
@ -19,7 +19,7 @@
"email": "tituspijean@outlook.com" "email": "tituspijean@outlook.com"
}, },
"requirements": { "requirements": {
"yunohost": ">= 4.2" "yunohost": ">= 4.3.0"
}, },
"multi_instance": false, "multi_instance": false,
"services": [ "services": [
@ -37,17 +37,11 @@
}, },
{ {
"name": "domain", "name": "domain",
"type": "domain", "type": "domain"
"example": "wg.example.com",
"help": {
"en": "The web UI requires its own dedicated domain.",
"fr": "L'interface web nécessite son propre domaine."
}
}, },
{ {
"name": "admin", "name": "admin",
"type": "user", "type": "user"
"example": "johndoe"
} }
] ]
} }

35
scripts/_common.sh
View file

@ -4,16 +4,19 @@
# COMMON VARIABLES # COMMON VARIABLES
#================================================= #=================================================
# dependencies used by the app # WireGuard was integrated in Linux kernel 5.6
if grep "Raspberry Pi" /proc/device-tree/model; then # Before that, we need Linux Headers
pkg_headers="raspberrypi-kernel-headers" if dpkg --compare-versions $(uname -r) lt 5.6; then
pkg_headers="raspberrypi-kernel-headers|linux-headers-generic|linux-headers-virtual|linux-headers-$(uname -r)"
else else
pkg_headers="linux-headers-$(uname -r)" pkg_headers=""
fi fi
# dependencies used by the app # dependencies used by the app
pkg_dependencies="$pkg_headers wireguard-dkms wireguard" pkg_dependencies="$pkg_headers wireguard-dkms wireguard"
interface=$(ip route | awk '/default/ { print $5 }')
#================================================= #=================================================
# PERSONAL HELPERS # PERSONAL HELPERS
#================================================= #=================================================
@ -63,30 +66,6 @@ ynh_install_repo_gpg () {
# EXPERIMENTAL HELPERS # EXPERIMENTAL HELPERS
#================================================= #=================================================
# Check the architecture
#
# example: architecture=$(ynh_detect_arch)
#
# usage: ynh_detect_arch
#
# Requires YunoHost version 2.2.4 or higher.
ynh_detect_arch(){
local architecture
if [ -n "$(uname -m | grep arm64)" ] || [ -n "$(uname -m | grep aarch64)" ]; then
architecture="arm64"
elif [ -n "$(uname -m | grep 64)" ]; then
architecture="amd64"
elif [ -n "$(uname -m | grep 86)" ]; then
architecture="386"
elif [ -n "$(uname -m | grep arm)" ]; then
architecture="arm"
else
architecture="unknown"
fi
echo $architecture
}
# Send an email to inform the administrator # Send an email to inform the administrator
# #
# usage: ynh_send_readme_to_admin --app_message=app_message [--recipients=recipients] [--type=type] # usage: ynh_send_readme_to_admin --app_message=app_message [--recipients=recipients] [--type=type]

11
scripts/backup
View file

@ -55,9 +55,8 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#================================================= #=================================================
ynh_backup --src_path=/etc/systemd/system/wireguard_ui.service ynh_backup --src_path=/etc/systemd/system/wireguard_ui.service
ynh_backup --src_path=/etc/systemd/system/wireguard_ui_conf.path ynh_backup --src_path=/etc/systemd/system/wireguard@.path
ynh_backup --src_path=/etc/systemd/system/wireguard_ui_conf.service ynh_backup --src_path=/etc/systemd/system/wireguard@.service
ynh_backup --src_path="/etc/sudoers.d/${app}_ynh"
#================================================= #=================================================
# BACKUP VARIOUS FILES # BACKUP VARIOUS FILES
@ -66,6 +65,12 @@ ynh_backup --src_path="/etc/sudoers.d/${app}_ynh"
# Backup the wireguard interface config # Backup the wireguard interface config
ynh_backup --src_path="/etc/wireguard" ynh_backup --src_path="/etc/wireguard"
# Backing up specific config file, in case of it is not in /etc/wireguard
ynh_backup --src_path="$(jq -r ".config_file_path" $final_path/db/server/global_settings.json)" --not_mandatory
# Backup the sysctl config file to enable port forwarding
ynh_backup --src_path="/etc/sysctl.d/$app.conf"
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================

52
scripts/install
View file

@ -27,6 +27,7 @@ ynh_abort_if_errors
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
path_url="/" path_url="/"
admin=$YNH_APP_ARG_ADMIN admin=$YNH_APP_ARG_ADMIN
architecture=$YNH_ARCH
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
@ -49,13 +50,14 @@ ynh_script_progression --message="Storing installation settings..." --weight=1
ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=interface --value=$interface
#================================================= #=================================================
# STANDARD MODIFICATIONS # STANDARD MODIFICATIONS
#================================================= #=================================================
# FIND AND OPEN A PORT # FIND AND OPEN A PORT
#================================================= #=================================================
ynh_script_progression --message="Configuring firewall..." --weight=1 ynh_script_progression --message="Finding an available port..." --weight=1
# Find an available port for WireGuard # Find an available port for WireGuard
port_wg=$(ynh_find_port --port=8095) port_wg=$(ynh_find_port --port=8095)
@ -66,6 +68,7 @@ port=$(ynh_find_port --port=$(($port_wg+1)))
ynh_app_setting_set --app=$app --key=port --value=$port ynh_app_setting_set --app=$app --key=port --value=$port
# Open the WireGuard port # Open the WireGuard port
ynh_script_progression --message="Configuring firewall..." --weight=1
ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_wg ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_wg
#================================================= #=================================================
@ -97,12 +100,12 @@ ynh_script_progression --message="Setting up source files..." --weight=1
ynh_app_setting_set --app=$app --key=final_path --value=$final_path ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src # Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path" --source_id="$(ynh_detect_arch)" ynh_setup_source --dest_dir="$final_path" --source_id="$architecture"
#================================================= #=================================================
# NGINX CONFIGURATION # NGINX CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Configuring nginx web server..." --weight=1 ynh_script_progression --message="Configuring NGINX web server..." --weight=1
# Create a dedicated nginx config # Create a dedicated nginx config
ynh_add_nginx_config ynh_add_nginx_config
@ -115,10 +118,6 @@ ynh_script_progression --message="Configuring system user..." --weight=1
# Create a system user # Create a system user
ynh_system_user_create --username=$app ynh_system_user_create --username=$app
# Ensure the system user has enough permissions
install -b -o root -g root -m 0440 ../conf/sudoers.conf /etc/sudoers.d/${app}_ynh
ynh_replace_string "__USER__" "${app}" /etc/sudoers.d/${app}_ynh
#================================================= #=================================================
# SPECIFIC SETUP # SPECIFIC SETUP
#================================================= #=================================================
@ -129,17 +128,12 @@ ynh_replace_string "__USER__" "${app}" /etc/sudoers.d/${app}_ynh
mkdir -p $final_path/db/server mkdir -p $final_path/db/server
# Add interface configuration file for the Web UI # Add interface configuration file for the Web UI
cp ../conf/interfaces.json $final_path/db/server/interfaces.json ynh_add_config --template="../conf/interfaces.json" --destination="$final_path/db/server/interfaces.json"
ynh_replace_string --match_string="__PORT_WG__" --replace_string="$port_wg" --target_file="$final_path/db/server/interfaces.json" ynh_delete_file_checksum --file="$final_path/db/server/interfaces.json"
# Create WireGuard configuration directory # Create WireGuard configuration directory
mkdir -p /etc/wireguard mkdir -p /etc/wireguard
# Add interface configuration file for WireGuard
cp ../conf/wg0.conf /etc/wireguard/wg0.conf
ynh_replace_string --match_string="__PORT_WG__" --replace_string="$port_wg" --target_file="/etc/wireguard/wg0.conf"
ynh_replace_string --match_string="__PRIVATE_KEY__" --replace_string="$(wg genkey)" --target_file="/etc/wireguard/wg0.conf"
#================================================= #=================================================
# SETUP SYSTEMD # SETUP SYSTEMD
#================================================= #=================================================
@ -148,12 +142,20 @@ ynh_script_progression --message="Configuring a systemd service..." --weight=1
# Create a dedicated systemd config for the web UI # Create a dedicated systemd config for the web UI
ynh_add_systemd_config --service=wireguard_ui --template=wireguard_ui.service ynh_add_systemd_config --service=wireguard_ui --template=wireguard_ui.service
# Create a dedicated systemd config for monitoring WireGuard's configuration # Create dedicated systemd configs for starting and monitoring WireGuard's configuration
cp ../conf/wireguard_ui_conf.path /etc/systemd/system/wireguard_ui_conf.path cp ../conf/wireguard@.service /etc/systemd/system/wireguard@.service
systemctl enable --quiet wireguard_ui_conf.path cp ../conf/wireguard@.path /etc/systemd/system/wireguard@.path
systemctl daemon-reload
systemctl enable --quiet wireguard@wg0.service
systemctl enable --quiet --now wireguard@wg0.path
# Create a dedicated systemd config for restarting WireGuard when its configuration changes #=================================================
ynh_add_systemd_config --service=wireguard_ui_conf --template=wireguard_ui_conf.service # ENABLE PORT FORWARDING
#=================================================
ynh_script_progression --message="Enabling port forwarding..." --weight=1
ynh_add_config --template="../conf/sysctl.conf" --destination="/etc/sysctl.d/$app.conf"
sysctl -p /etc/sysctl.d/$app.conf
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
@ -175,13 +177,13 @@ chown -R $app: /etc/wireguard
#================================================= #=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add wg-quick@wg0 --description "WireGuard VPN" --needs_exposed_ports $port_wg --test_status "wg show | grep wg0" yunohost service add wireguard@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0"
yunohost service add wireguard_ui --description "WireGuard UI" yunohost service add wireguard_ui --description="WireGuard UI"
#================================================= #=================================================
# START SYSTEMD SERVICE # START UI SYSTEMD SERVICE
#================================================= #=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_script_progression --message="Starting the systemd service for the UI..." --weight=1
# Start a systemd service # Start a systemd service
ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30 ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
@ -191,12 +193,12 @@ ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="ht
#================================================= #=================================================
ynh_script_progression --message="Configuring permissions..." --weight=1 ynh_script_progression --message="Configuring permissions..." --weight=1
ynh_permission_update --permission "main" --remove "all_users" --add "$admin" ynh_permission_update --permission="main" --remove="all_users" --add="$admin"
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX
#================================================= #=================================================
ynh_script_progression --message="Reloading nginx web server..." --weight=1 ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload ynh_systemd_action --service_name=nginx --action=reload

28
scripts/remove
View file

@ -35,10 +35,10 @@ then
yunohost service remove wireguard_ui yunohost service remove wireguard_ui
fi fi
if ynh_exec_warn_less yunohost service status wg-quick@wg0 >/dev/null if ynh_exec_warn_less yunohost service status wireguard@wg0 >/dev/null
then then
ynh_script_progression --message="Removing WireGuard service integration..." --weight=1 ynh_script_progression --message="Removing WireGuard service integration..." --weight=1
yunohost service remove wg-quick@wg0 yunohost service remove wireguard@wg0
fi fi
#================================================= #=================================================
@ -47,13 +47,14 @@ fi
ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1
# YunoHost does not handle services not ending with .service, let's remove it manually # YunoHost does not handle services not ending with .service, let's remove it manually
systemctl stop wireguard_ui_conf.path systemctl stop wireguard@wg0.path
systemctl disable wireguard_ui_conf.path --quiet systemctl disable wireguard@wg0.path --quiet
ynh_secure_remove --file="/etc/systemd/system/wireguard_ui_conf.path" ynh_secure_remove --file="/etc/systemd/system/wireguard@.path"
systemctl daemon-reload
systemctl stop wireguard@wg0.service
systemctl disable wireguard@wg0.service --quiet
ynh_secure_remove --file="/etc/systemd/system/wireguard@.service"
# Remove the dedicated systemd configs
ynh_remove_systemd_config --service=wireguard_ui_conf
ynh_remove_systemd_config --service=wireguard_ui ynh_remove_systemd_config --service=wireguard_ui
#================================================= #=================================================
@ -78,7 +79,7 @@ ynh_secure_remove --file="/etc/wireguard"
#================================================= #=================================================
# REMOVE NGINX CONFIGURATION # REMOVE NGINX CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Removing nginx web server configuration..." --weight=1 ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
# Remove the dedicated nginx config # Remove the dedicated nginx config
ynh_remove_nginx_config ynh_remove_nginx_config
@ -101,12 +102,6 @@ then
ynh_exec_warn_less yunohost firewall disallow UDP $port_wg ynh_exec_warn_less yunohost firewall disallow UDP $port_wg
fi fi
if yunohost firewall list | grep -q "\- $port$"
then
ynh_script_progression --message="Closing port $port..." --weight=1
ynh_exec_warn_less yunohost firewall disallow TCP $port
fi
#================================================= #=================================================
# SPECIFIC REMOVE # SPECIFIC REMOVE
#================================================= #=================================================
@ -116,6 +111,9 @@ fi
# Remove sudoers file # Remove sudoers file
ynh_secure_remove --file="/etc/sudoers.d/${app}_ynh" ynh_secure_remove --file="/etc/sudoers.d/${app}_ynh"
# Remove sysctl file for port forwarding
ynh_secure_remove --file="/etc/sysctl.d/$app.conf"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================

43
scripts/restore
View file

@ -39,10 +39,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#================================================= #=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=1 ynh_script_progression --message="Validating restoration parameters..." --weight=1
ynh_webpath_available --domain=$domain --path_url=$path_url \ test ! -d $final_path || ynh_die --message="There is already a directory: $final_path "
|| ynh_die --message="Path not available: ${domain}${path_url}"
test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
#================================================= #=================================================
# STANDARD RESTORATION STEPS # STANDARD RESTORATION STEPS
@ -68,9 +65,6 @@ ynh_script_progression --message="Recreating the dedicated system user..." --wei
# Create the dedicated user (if not existing) # Create the dedicated user (if not existing)
ynh_system_user_create --username=$app ynh_system_user_create --username=$app
# Restore sudoers file
ynh_restore_file --origin_path="/etc/sudoers.d/${app}_ynh"
#================================================= #=================================================
# RESTORE USER RIGHTS # RESTORE USER RIGHTS
#================================================= #=================================================
@ -96,10 +90,10 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=5
# Add buster-backports gpg key # Add buster-backports gpg key
ynh_install_repo_gpg --key="https://ftp-master.debian.org/keys/archive-key-10.asc" --name="$app" ynh_install_repo_gpg --key="https://ftp-master.debian.org/keys/archive-key-10.asc" --name="$app"
#Add buster-backports repo # Add buster-backports repo
ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app" ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app"
#Add pin-priority for wireguard packages # Add pin-priority for wireguard packages
ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debian buster-backports main" --priority=995 --name="$app" ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debian buster-backports main" --priority=995 --name="$app"
# Update the list of package with the new repo # Update the list of package with the new repo
@ -116,41 +110,50 @@ ynh_remove_extra_repo --name=$app
ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 ynh_script_progression --message="Restoring the systemd configuration..." --weight=1
ynh_restore_file --origin_path=/etc/systemd/system/wireguard_ui.service ynh_restore_file --origin_path=/etc/systemd/system/wireguard_ui.service
ynh_restore_file --origin_path=/etc/systemd/system/wireguard_ui_conf.path ynh_restore_file --origin_path=/etc/systemd/system/wireguard@.service
ynh_restore_file --origin_path=/etc/systemd/system/wireguard_ui_conf.service ynh_restore_file --origin_path=/etc/systemd/system/wireguard@.path
systemctl daemon-reload
systemctl enable --quiet wireguard_ui.service systemctl enable --quiet wireguard_ui.service
systemctl enable --quiet wireguard_ui_conf.path systemctl enable --quiet wireguard@wg0.service
systemctl enable --quiet wireguard_ui_conf.service systemctl enable --quiet --now wireguard@wg0.path
#=================================================
# ENABLE PORT FORWARDING
#=================================================
ynh_script_progression --message="Enabling port forwarding..." --weight=1
ynh_restore_file --origin_path="/etc/sysctl.d/$app.conf"
sysctl -p /etc/sysctl.d/$app.conf
#================================================= #=================================================
# INTEGRATE SERVICE IN YUNOHOST # INTEGRATE SERVICE IN YUNOHOST
#================================================= #=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add wg-quick@wg0 --description "WireGuard VPN" --needs_exposed_ports "$port_wg" --test_status "wg show | grep wg0" yunohost service add wireguard@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0"
yunohost service add wireguard_ui --description "WireGuard UI" yunohost service add wireguard_ui --description="WireGuard UI"
#================================================= #=================================================
# RESTORE VARIOUS FILES # RESTORE VARIOUS FILES
#================================================= #=================================================
ynh_restore_file --origin_path=$(jq -r ".config_file_path" $final_path/db/server/global_settings.json) ynh_restore_file --origin_path=$(jq -r ".config_file_path" $final_path/db/server/global_settings.json) --not_mandatory
#================================================= #=================================================
# START SYSTEMD SERVICE # START UI SYSTEMD SERVICE
#================================================= #=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_script_progression --message="Starting the systemd service for the UI..." --weight=1
ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30 ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
sleep 5
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================
# RELOAD NGINX AND PHP-FPM # RELOAD NGINX AND PHP-FPM
#================================================= #=================================================
ynh_script_progression --message="Reloading nginx web server and php-fpm..." --weight=1 ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload ynh_systemd_action --service_name=nginx --action=reload

59
scripts/upgrade
View file

@ -21,6 +21,7 @@ path_url=$(ynh_app_setting_get --app=$app --key=path)
port=$(ynh_app_setting_get --app=$app --key=port) port=$(ynh_app_setting_get --app=$app --key=port)
port_wg=$(ynh_app_setting_get --app=$app --key=port_wg) port_wg=$(ynh_app_setting_get --app=$app --key=port_wg)
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
architecture=$YNH_ARCH
#================================================= #=================================================
# CHECK VERSION # CHECK VERSION
@ -70,14 +71,13 @@ then
fi fi
# Downgrade linux-image-$arch if updated to the buster-backports version # Downgrade linux-image-$arch if updated to the buster-backports version
arch=$(ynh_detect_arch) linuximage_version=$(ynh_package_version --package=linux-image-$architecture)
linuximage_version=$(ynh_package_version --package=linux-image-$arch)
if [[ $linuximage_version == *"bpo10"* ]] if [[ $linuximage_version == *"bpo10"* ]]
then then
# Downgrading using ynh_package_install apt command without "--no-remove" and with "--allow-downgrades" # Downgrading using ynh_package_install apt command without "--no-remove" and with "--allow-downgrades"
# It will remove wireguard-ynh-deps and wireguard but they will be reinstalled throught upgrade process # It will remove wireguard-ynh-deps and wireguard but they will be reinstalled throught upgrade process
ynh_apt --allow-downgrades --option Dpkg::Options::=--force-confdef \ ynh_apt --allow-downgrades --option Dpkg::Options::=--force-confdef \
--option Dpkg::Options::=--force-confold install linux-image-$arch/stable --option Dpkg::Options::=--force-confold install linux-image-$architecture/stable
#Remove backports kernel if running on it and send a mail to the admin to ask him to reboot #Remove backports kernel if running on it and send a mail to the admin to ask him to reboot
linuxkernel_version=$(uname -r) linuxkernel_version=$(uname -r)
@ -92,18 +92,21 @@ Now wireguard_ynh use a DKMS module allowing itself to be used with the stable k
fi fi
fi fi
# Add sudoers file if missing # Drop sudoers file if present
if [ -f "/etc/sudoers.d/${app}_ynh" ]; then if [ -f "/etc/sudoers.d/${app}_ynh" ]; then
install -b -o root -g root -m 0440 ../conf/sudoers.conf /etc/sudoers.d/${app}_ynh ynh_secure_remove /etc/sudoers.d/${app}_ynh
ynh_replace_string "__USER__" "${app}" /etc/sudoers.d/${app}_ynh
fi fi
# Remove deprecated services # Remove deprecated services
if systemctl list-units --full -all | grep -Fq "wireguard.path"; then if systemctl list-units --full -all | grep -Fq "wireguard_ui_conf.path"; then
systemctl disable --now --quiet wireguard.path systemctl disable --now --quiet wireguard_ui_conf.path
ynh_secure_remove --file="/etc/systemd/system/wireguard.path" ynh_secure_remove --file="/etc/systemd/system/wireguard_ui_conf.path"
fi
if systemctl list-units --full -all | grep -Fq "wireguard_ui_conf.service"; then
systemctl disable --now --quiet wireguard_ui_conf.service
ynh_secure_remove --file="/etc/systemd/system/wireguard_ui_conf.service"
yunohost service remove wireguard_ui_conf
fi fi
ynh_remove_systemd_config --service="wireguard.service"
#================================================= #=================================================
# STANDARD UPGRADE STEPS # STANDARD UPGRADE STEPS
@ -113,7 +116,7 @@ ynh_remove_systemd_config --service="wireguard.service"
ynh_script_progression --message="Stopping a systemd service..." --weight=1 ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name=wireguard_ui --action="stop" --line_match="Stopped WireGuard UI" --log_path="systemd" --timeout=30 ynh_systemd_action --service_name=wireguard_ui --action="stop" --line_match="Stopped WireGuard UI" --log_path="systemd" --timeout=30
ynh_systemd_action --service_name=wg-quick@wg0 --action="stop" --line_match="Stopped WireGuard via wg-quick(8) for wg0." --log_path="systemd" --timeout=30 ynh_systemd_action --service_name=wireguard@wg0 --action="stop"
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
@ -124,13 +127,13 @@ then
ynh_script_progression --message="Upgrading source files..." --weight=1 ynh_script_progression --message="Upgrading source files..." --weight=1
# Download, check integrity, uncompress and patch the source from app.src # Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path" --source_id="$(ynh_detect_arch)" ynh_setup_source --dest_dir="$final_path" --source_id="$architecture"
fi fi
#================================================= #=================================================
# NGINX CONFIGURATION # NGINX CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=1 ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1
# Create a dedicated nginx config # Create a dedicated nginx config
ynh_add_nginx_config ynh_add_nginx_config
@ -175,23 +178,20 @@ ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
# Create a dedicated systemd config for the web UI # Create a dedicated systemd config for the web UI
ynh_add_systemd_config --service=wireguard_ui --template=wireguard_ui.service ynh_add_systemd_config --service=wireguard_ui --template=wireguard_ui.service
# Create a dedicated systemd config for monitoring WireGuard's configuration # Create dedicated systemd configs for starting and monitoring WireGuard's configuration
cp ../conf/wireguard_ui_conf.path /etc/systemd/system/wireguard_ui_conf.path cp ../conf/wireguard@.service /etc/systemd/system/wireguard@.service
systemctl enable --quiet wireguard_ui_conf.path cp ../conf/wireguard@.path /etc/systemd/system/wireguard@.path
systemctl daemon-reload
# Create a dedicated systemd config for restarting WireGuard when its configuration changes systemctl enable --quiet wireguard@wg0.service
ynh_add_systemd_config --service=wireguard_ui_conf --template=wireguard_ui_conf.service systemctl enable --quiet --now wireguard@wg0.path
#================================================= #=================================================
# CONFIGURING WIREGUARD # ENABLE PORT FORWARDING
#================================================= #=================================================
ynh_script_progression --message="Enabling port forwarding..." --weight=1
# Create db directory for securing it later ynh_add_config --template="../conf/sysctl.conf" --destination="/etc/sysctl.d/$app.conf"
mkdir -p $final_path/db/server sysctl -p /etc/sysctl.d/$app.conf
# Add interface configuration file
cp ../conf/interfaces.json $final_path/db/server/interfaces.json
ynh_replace_string --match_string="__PORT_WG__" --replace_string="$port_wg" --target_file="$final_path/db/server/interfaces.json"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
@ -213,17 +213,16 @@ chown -R $app: /etc/wireguard
#================================================= #=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add wg-quick@wg0 --description "WireGuard VPN" --needs_exposed_ports "$port_wg" --test_status "wg show | grep wg0" yunohost service add wireguard@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0"
yunohost service add wireguard_ui --description "WireGuard UI" yunohost service add wireguard_ui --description="WireGuard UI"
#================================================= #=================================================
# START SYSTEMD SERVICE # START SYSTEMD SERVICE
#================================================= #=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_script_progression --message="Starting the systemd service for the UI..." --weight=1
# Start a systemd service # Start a systemd service
ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30 ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
sleep 5
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX