diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..5c097e7 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,56 @@ +name: Docker Image Build and Analysis + +on: + schedule: + - cron: "0 0 * * *" # Schedule the workflow to run daily at midnight (UTC time). Adjust the time if needed. + workflow_dispatch: # Manual run trigger + inputs: + trigger-build: + description: 'Trigger a manual build and push' + default: 'true' + +jobs: + build-and-analyze: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Build Docker image + id: build-image + run: | + echo "Building Docker image..." + docker build -t my-app-image:latest . + echo "Docker image built successfully." + + - name: Install Docker Scout + run: | + echo "Installing Docker Scout..." + curl -sSfL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s -- + echo "Docker Scout installed successfully." + + - name: Analyze Docker image with Docker Scout + id: analyze-image + run: | + echo "Analyzing Docker image with Docker Scout..." + docker scout cves my-app-image:latest > scout-results.txt + cat scout-results.txt # Print the report to the workflow logs for easy viewing + echo "Docker Scout analysis completed." + + - name: Post Comment on Issue or PR + run: | + COMMENT="**Docker Image Build and Analysis Report**\n\nThe Docker image was built and analyzed successfully.\n\n**Build Summary:**\n- Image Tag: my-app-image:latest\n\n**Analysis Report:**\n\`\`\`\n$(cat scout-results.txt)\n\`\`\`" + + # Post comment using GitHub API + curl -X POST \ + -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + -H "Accept: application/vnd.github.v3+json" \ + -d "{\"body\": \"$COMMENT\"}" \ + "https://api.github.com/repos/NOXCIS/WGDashboard/issues/1/comments" # Replace '1' with the issue or PR number diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..ad73bb2 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,31 @@ +# Pull from small Debian stable image. +FROM alpine:latest AS builder + +LABEL maintainer="dselen@nerthus.nl" + +WORKDIR /opt/wireguarddashboard/src + +RUN apk update && \ + apk add --no-cache sudo gcc musl-dev rust cargo linux-headers + +COPY ./docker/alpine/builder.sh /opt/wireguarddashboard/src/ +COPY ./docker/alpine/requirements.txt /opt/wireguarddashboard/src/ +RUN chmod u+x /opt/wireguarddashboard/src/builder.sh +RUN /opt/wireguarddashboard/src/builder.sh + + +FROM alpine:latest +WORKDIR /opt/wireguarddashboard/src + +COPY ./src /opt/wireguarddashboard/src/ +COPY --from=builder /opt/wireguarddashboard/src/venv /opt/wireguarddashboard/src/venv +COPY --from=builder /opt/wireguarddashboard/src/log /opt/wireguarddashboard/src/log/ + +RUN apk update && \ + apk add --no-cache wireguard-tools sudo && \ + apk add --no-cache iptables ip6tables && \ + chmod u+x /opt/wireguarddashboard/src/entrypoint.sh + +HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 CMD curl -f http://localhost:10086/signin || exit 1 + +ENTRYPOINT ["/opt/wireguarddashboard/src/entrypoint.sh"] \ No newline at end of file diff --git a/compose.yaml b/compose.yaml new file mode 100644 index 0000000..a75ef45 --- /dev/null +++ b/compose.yaml @@ -0,0 +1,26 @@ +services: + + wireguard-dashboard: + build: ./ + container_name: wiregate + cap_add: + - NET_ADMIN + - SYS_MODULE + restart: unless-stopped + environment: + - wg_net=10.0.0.1/24 + - wg_port=51820 + volumes: + - wgd_configs:/etc/wireguard + - wgd_app:/opt/wireguarddashboard/src + ports: + - 10086:10086/tcp + - 51820:51820/udp + sysctls: + - net.ipv4.ip_forward=1 + - net.ipv4.conf.all.src_valid_mark=1 + + +volumes: + wgd_configs: + wgd_app: \ No newline at end of file diff --git a/docker/Dockerfile b/docker/Dockerfile deleted file mode 100644 index fb373d2..0000000 --- a/docker/Dockerfile +++ /dev/null @@ -1,77 +0,0 @@ -# Pull from small Debian stable image. -FROM debian:stable-slim -LABEL maintainer="dselen@nerthus.nl" - -# Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet. -ENV wg_net="10.0.0.1" -# wg_net is used functionally as an ARG for its environment variable nature, do not change unless you know what you are doing. - -# Following ENV variables are changable on container runtime because /entrypoint.sh handles that. See compose.yaml for more info. -ENV tz="Europe/Amsterdam" -ENV global_dns="1.1.1.1" -ENV enable_wg0="false" -ENV isolated_peers="true" -ENV public_ip="0.0.0.0" - -# Doing basic system maintenance. Change the timezone to the desired timezone. -RUN ln -sf /usr/share/zoneinfo/${tz} /etc/localtime - -# Doing package management operations, such as upgrading -RUN apt-get update && apt-get upgrade -y \ - && apt-get install -y --no-install-recommends curl \ - git \ - iproute2 \ - iptables \ - iputils-ping \ - openresolv \ - procps \ - python3 \ - python3-pip \ - python3-venv \ - traceroute \ - wireguard \ - wireguard-tools \ - && apt-get remove linux-image-* --autoremove -y \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* -# Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update. - -# Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable. -ENV WGDASH=/opt/wireguarddashboard -RUN python3 -m venv ${WGDASH}/venv - -# Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example. -RUN . ${WGDASH}/venv/bin/activate \ - && git clone https://github.com/donaldzou/WGDashboard.git ${WGDASH}/app \ - && pip3 install -r ${WGDASH}/app/src/requirements.txt \ - && chmod +x ${WGDASH}/app/src/wgd.sh \ - && .${WGDASH}/app/src/wgd.sh install - -# Set the volume to be used for persistency. -VOLUME /etc/wireguard - -# Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency. -# Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006. -SHELL ["/bin/bash", "-o", "pipefail", "-c"] -RUN wg genkey | tee /etc/wireguard/wg0_privatekey \ - && echo "[Interface]" > /wg0.conf \ - && echo "SaveConfig = true" >> /wg0.conf \ - && echo "Address = ${wg_net}/24" >> /wg0.conf \ - && echo "PrivateKey = $(cat /etc/wireguard/wg0_privatekey)" >> /wg0.conf \ - && echo "PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /wg0.conf \ - && echo "PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP" >> /wg0.conf \ - && echo "PreDown = iptables -t nat -D POSTROUTING 1" >> /wg0.conf \ - && echo "PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP" >> /wg0.conf \ - && echo "ListenPort = 51820" >> /wg0.conf \ - #&& echo "DNS = ${global_dns}" >> /wg0.conf \ - && rm /etc/wireguard/wg0_privatekey - -# Defining a way for Docker to check the health of the container. In this case: checking the login URL. -HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 CMD curl -f http://localhost:10086/signin || exit 1 - -# Copy the basic entrypoint.sh script. -COPY entrypoint.sh /entrypoint.sh - -# Exposing the default WireGuard Dashboard port for web access. -EXPOSE 10086 -ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] \ No newline at end of file diff --git a/docker/alpine/builder.sh b/docker/alpine/builder.sh new file mode 100644 index 0000000..5511413 --- /dev/null +++ b/docker/alpine/builder.sh @@ -0,0 +1,43 @@ +venv_python="./venv/bin/python3" +venv_gunicorn="./venv/bin/gunicorn" +pythonExecutable="python3" + + +_check_and_set_venv(){ + VIRTUAL_ENV="./venv" + if [ ! -d $VIRTUAL_ENV ]; then + printf "[WGDashboard] Creating Python Virtual Environment under ./venv\n" + { $pythonExecutable -m venv $VIRTUAL_ENV; } >> ./log/install.txt + fi + + if ! $venv_python --version > /dev/null 2>&1 + then + printf "[WGDashboard] %s Python Virtual Environment under ./venv failed to create. Halting now.\n" "$heavy_crossmark" + kill $TOP_PID + fi + + source ${VIRTUAL_ENV}/bin/activate + +} + +build_core () { + if [ ! -d "log" ] + then + printf "[WGDashboard] Creating ./log folder\n" + mkdir "log" + fi + + + apk add --no-cache python3 net-tools python3-dev py3-virtualenv + _check_and_set_venv + printf "[WGDashboard] Upgrading Python Package Manage (PIP)\n" + { date; python3 -m pip install --upgrade pip; printf "\n\n"; } >> ./log/install.txt + printf "[WGDashboard] Building Bcrypt & Psutil\n" + { date; python3 -m pip install -r requirements.txt ; printf "\n\n"; } >> ./log/install.txt + printf "[WGDashboard] Build Successfull!\n" + printf "[WGDashboard] Clean Up Pip!\n" + { date; rm -rf /opt/wireguarddashboard/src/venv/lib/python3.12/site-packages/pip* ; printf "\n\n"; } >> ./log/install.txt + +} + +build_core diff --git a/docker/alpine/requirements.txt b/docker/alpine/requirements.txt new file mode 100644 index 0000000..074ed2f --- /dev/null +++ b/docker/alpine/requirements.txt @@ -0,0 +1,2 @@ +bcrypt +psutil diff --git a/docker/compose.yaml b/docker/compose.yaml deleted file mode 100644 index 9d7509f..0000000 --- a/docker/compose.yaml +++ /dev/null @@ -1,23 +0,0 @@ -services: - wireguard-dashboard: - image: repo.nerthus.nl/app/wireguard-dashboard:latest - restart: unless-stopped - container_name: wire-dash - environment: - #- tz= # <--- Set container timezone, default: Europe/Amsterdam. - #- global_dns= # <--- Set global DNS address, default: 1.1.1.1. - - enable_wg0=true # <--- If true, wg0 will be started on container startup. default: false. - - isolated_peers=false # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true. - #- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. - ports: - - 10086:10086/tcp - - 51820:51820/udp - volumes: - - conf:/etc/wireguard - - app:/opt/wireguarddashboard/app - cap_add: - - NET_ADMIN - -volumes: - conf: - app: diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh deleted file mode 100644 index 118e9ef..0000000 --- a/docker/entrypoint.sh +++ /dev/null @@ -1,109 +0,0 @@ -#!/bin/bash -echo "Starting the WireGuard Dashboard Docker container." - -clean_up() { - # Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv. - echo "Looking for remains of previous instances..." - if [ -f "/opt/wireguarddashboard/app/src/gunicorn.pid" ]; then - echo "Found old .pid file, removing." - rm /opt/wireguarddashboard/app/src/gunicorn.pid - else - echo "No remains found, continuing." - fi -} - -start_core() { - # This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage. - if [ ! -f "/etc/wireguard/wg0.conf" ]; then - cp "/wg0.conf" "/etc/wireguard/wg0.conf" - echo "WireGuard interface file copied over." - else - echo "WireGuard interface file looks to already be existing." - fi - - echo "Activating Python venv and executing the WireGuard Dashboard service." - - . "${WGDASH}"/venv/bin/activate - cd "${WGDASH}"/app/src || return # If changing the directory fails (permission or presence error), then bash will exist this function, causing the WireGuard Dashboard to not be succesfully launched. - bash wgd.sh start - - # The following section takes care of the firewall rules regarding the 'isolated_peers' feature, which allows or drops packets destined from the wg0 to the wg0 interface. - if [ "${isolated_peers,,}" = "false" ]; then - echo "Isolated peers disabled, adjusting." - - sed -i '/PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP/d' /etc/wireguard/wg0.conf - sed -i '/PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP/d' /etc/wireguard/wg0.conf - elif [ "${isolated_peers,,}" = "true" ]; then - upblocking=$(grep -c "PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP" /etc/wireguard/wg0.conf) - downblocking=$(grep -c "PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP" /etc/wireguard/wg0.conf) - if [ "$upblocking" -lt 1 ] && [ "$downblocking" -lt 1 ]; then - echo "Isolated peers enabled, adjusting." - - sed -i '/PostUp = iptables -t nat -I POSTROUTING 1 -s/a PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP' /etc/wireguard/wg0.conf - sed -i '/PreDown = iptables -t nat -D POSTROUTING 1 -s/a PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP' /etc/wireguard/wg0.conf - fi - - fi - - # The following section takes care of - if [ "${enable_wg0,,}" = "true" ]; then - echo "Preference for wg0 to be turned on found." - - wg-quick up wg0 - else - echo "Preference for wg0 to be turned off found." - fi -} - -set_envvars() { - echo "Setting relevant variables for operation." - - # If the timezone is different, for example in North-America or Asia. - if [ "${tz}" != "$(cat /etc/timezone)" ]; then - echo "Changing timezone." - - ln -sf /usr/share/zoneinfo/"${tz}" /etc/localtime - echo "${tz}" > /etc/timezone - fi - - # Changing the DNS used for clients and the dashboard itself. - if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguarddashboard/app/src/wg-dashboard.ini | awk '{print $NF}')" ]; then - echo "Changing default dns." - - #sed -i "s/^DNS = .*/DNS = ${global_dns}/" /etc/wireguard/wg0.conf # Uncomment if you want to have DNS on server-level. - sed -i "s/^peer_global_dns = .*/peer_global_dns = ${global_dns}/" /opt/wireguarddashboard/app/src/wg-dashboard.ini - fi - - # Setting the public IP of the WireGuard Dashboard container host. If not defined, it will trying fetching it using a curl to ifconfig.me. - if [ "${public_ip}" = "0.0.0.0" ]; then - default_ip=$(curl -s ifconfig.me) - echo "Trying to fetch the Public-IP using ifconfig.me: ${default_ip}" - - sed -i "s/^remote_endpoint = .*/remote_endpoint = ${default_ip}/" /opt/wireguarddashboard/app/src/wg-dashboard.ini - elif [ "${public_ip}" != "$(grep "remote_endpoint = " /opt/wireguarddashboard/app/src/wg-dashboard.ini | awk '{print $NF}')" ]; then - echo "Setting the Public-IP using given variable: ${public_ip}" - - sed -i "s/^remote_endpoint = .*/remote_endpoint = ${public_ip}/" /opt/wireguarddashboard/app/src/wg-dashboard.ini - fi -} - -ensure_blocking() { - sleep 1s - echo "Ensuring container continuation." - - # This function checks if the latest error log is created and tails it for docker logs uses. - if find "/opt/wireguarddashboard/app/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then - latestErrLog=$(find /opt/wireguarddashboard/app/src/log -name "error_*.log" | head -n 1) - latestAccLog=$(find /opt/wireguarddashboard/app/src/log -name "access_*.log" | head -n 1) - tail -f "${latestErrLog}" "${latestAccLog}" - fi - - # Blocking command in case of erroring. So the container does not quit. - sleep infinity -} - -# Execute functions for the WireGuard Dashboard services, then set the environment variables -clean_up -start_core -set_envvars -ensure_blocking \ No newline at end of file diff --git a/src/entrypoint.sh b/src/entrypoint.sh new file mode 100644 index 0000000..c8056f2 --- /dev/null +++ b/src/entrypoint.sh @@ -0,0 +1,34 @@ +#!/bin/bash +echo "Starting the WireGuard Dashboard Docker container." + +clean_up() { + # Cleaning out previous data such as the .pid file and starting the WireGuard Dashboard. Making sure to use the python venv. + echo "Looking for remains of previous instances..." + if [ -f "/opt/wireguarddashboard/app/src/gunicorn.pid" ]; then + echo "Found old .pid file, removing." + rm /opt/wireguarddashboard/app/src/gunicorn.pid + else + echo "No remains found, continuing." + fi +} +ensure_blocking() { + sleep 1s + echo "Ensuring container continuation." + + # This function checks if the latest error log is created and tails it for docker logs uses. + if find "/opt/wireguarddashboard/src/log" -mindepth 1 -maxdepth 1 -type f | read -r; then + latestErrLog=$(find /opt/wireguarddashboard/src/log -name "error_*.log" | head -n 1) + latestAccLog=$(find /opt/wireguarddashboard/src/log -name "access_*.log" | head -n 1) + tail -f "${latestErrLog}" "${latestAccLog}" + fi + + # Blocking command in case of erroring. So the container does not quit. + sleep infinity +} + +{ date; clean_up; printf "\n\n"; } >> ./log/install.txt + +chmod u+x /opt/wireguarddashboard/src/wgd.sh +/opt/wireguarddashboard/src/wgd.sh install +/opt/wireguarddashboard/src/wgd.sh docker_start +ensure_blocking diff --git a/src/iptable-rules/postdown.sh b/src/iptable-rules/postdown.sh new file mode 100644 index 0000000..962772a --- /dev/null +++ b/src/iptable-rules/postdown.sh @@ -0,0 +1,13 @@ +#!/bin/bash +WIREGUARD_INTERFACE=ADMINS +WIREGUARD_LAN=10.0.0.1/24 +MASQUERADE_INTERFACE=eth0 + +CHAIN_NAME="WIREGUARD_$WIREGUARD_INTERFACE" + +iptables -t nat -D POSTROUTING -o $MASQUERADE_INTERFACE -j MASQUERADE -s $WIREGUARD_LAN + +# Remove and delete the WIREGUARD_wg0 chain +iptables -D FORWARD -j $CHAIN_NAME +iptables -F $CHAIN_NAME +iptables -X $CHAIN_NAME \ No newline at end of file diff --git a/src/iptable-rules/postup.sh b/src/iptable-rules/postup.sh new file mode 100644 index 0000000..0fc8b87 --- /dev/null +++ b/src/iptable-rules/postup.sh @@ -0,0 +1,26 @@ +#!/bin/bash +WIREGUARD_INTERFACE=ADMINS +WIREGUARD_LAN=10.0.0.1/24 +MASQUERADE_INTERFACE=eth0 + +iptables -t nat -I POSTROUTING -o $MASQUERADE_INTERFACE -j MASQUERADE -s $WIREGUARD_LAN + +# Add a WIREGUARD_wg0 chain to the FORWARD chain +CHAIN_NAME="WIREGUARD_$WIREGUARD_INTERFACE" +iptables -N $CHAIN_NAME +iptables -A FORWARD -j $CHAIN_NAME + +# Accept related or established traffic +iptables -A $CHAIN_NAME -o $WIREGUARD_INTERFACE -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + +# Accept traffic from any Wireguard IP address connected to the Wireguard server +iptables -A $CHAIN_NAME -s $WIREGUARD_LAN -i $WIREGUARD_INTERFACE -j ACCEPT + +# Allow traffic to the local loopback interface +iptables -A $CHAIN_NAME -o lo -j ACCEPT + +# Drop everything else coming through the Wireguard interface +iptables -A $CHAIN_NAME -i $WIREGUARD_INTERFACE -j DROP + +# Return to FORWARD chain +iptables -A $CHAIN_NAME -j RETURN \ No newline at end of file diff --git a/src/wgd.sh b/src/wgd.sh index d9abf98..2f25142 100755 --- a/src/wgd.sh +++ b/src/wgd.sh @@ -129,15 +129,15 @@ _installPythonVenv(){ ubuntu|debian) { sudo apt-get update; sudo apt-get install ${pythonExecutable}-venv; } &>> ./log/install.txt ;; -# centos|fedora|redhat|rhel) -# if command -v dnf &> /dev/null; then -# { sudo dnf install -y ${pythonExecutable}-virtualenv; printf "\n\n"; } >> ./log/install.txt -# else -# { sudo yum install -y ${pythonExecutable}-virtualenv; printf "\n\n"; } >> ./log/install.txt -# fi -# ;; -# *) -# printf "[WGDashboard] %s Sorry, your OS is not supported. Currently the install script only support Debian-based, Red Hat-based OS.\n" "$heavy_crossmark" + # centos|fedora|redhat|rhel) + # if command -v dnf &> /dev/null; then + # { sudo dnf install -y ${pythonExecutable}-virtualenv; printf "\n\n"; } >> ./log/install.txt + # else + # { sudo yum install -y ${pythonExecutable}-virtualenv; printf "\n\n"; } >> ./log/install.txt + # fi + # ;; + # *) + # printf "[WGDashboard] %s Sorry, your OS is not supported. Currently the install script only support Debian-based, Red Hat-based OS.\n" "$heavy_crossmark" # printf "%s\n" "$helpMsg" # kill $TOP_PID # ;; @@ -256,9 +256,6 @@ install_wgd(){ _installPythonVenv _installPythonPip - - - if [ ! -d "db" ] then printf "[WGDashboard] Creating ./db folder\n" @@ -266,6 +263,7 @@ install_wgd(){ fi _check_and_set_venv printf "[WGDashboard] Upgrading Python Package Manage (PIP)\n" + { date; python3 -m ensurepip --upgrade; printf "\n\n"; } >> ./log/install.txt { date; python3 -m pip install --upgrade pip; printf "\n\n"; } >> ./log/install.txt printf "[WGDashboard] Installing latest Python dependencies\n" { date; python3 -m pip install -r requirements.txt ; printf "\n\n"; } >> ./log/install.txt @@ -337,6 +335,53 @@ stop_wgd() { fi } +startwgd_docker() { + _checkWireguard + printf "[WGDashboard] WireGuard Config Started\n" + { date; start_core ; printf "\n\n"; } >> ./log/install.txt + gunicorn_start +} +start_core() { + local iptable_dir="/opt/wireguarddashboard/src/iptable-rules" + # Check if wg0.conf exists in /etc/wireguard + if [[ ! -f /etc/wireguard/wg0.conf ]]; then + echo "wg0.conf not found. Running Generate Configuration." + newconf_wgd + else + echo "wg0.conf already exists. Skipping WireGuard Config Generation." + fi + # Re-assign config_files to ensure it includes any newly created configurations + local config_files=$(find /etc/wireguard -type f -name "*.conf") + + # Set file permissions + find /etc/wireguard -type f -name "*.conf" -exec chmod 600 {} \; + find "$iptable_dir" -type f -name "*.sh" -exec chmod +x {} \; + + # Start WireGuard for each config file + for file in $config_files; do + config_name=$(basename "$file" ".conf") + wg-quick up "$config_name" + done +} + + + +newconf_wgd() { + local wg_port_listen=$wg_port + local wg_addr_range=$wg_net + private_key=$(wg genkey) + public_key=$(echo "$private_key" | wg pubkey) + cat <"/etc/wireguard/wg0.conf" +[Interface] +PrivateKey = $private_key +Address = $wg_addr_range +ListenPort = $wg_port_listen +SaveConfig = true +PostUp = /opt/wireguarddashboard/src/iptable-rules/postup.sh +PreDown = /opt/wireguarddashboard/src/iptable-rules/postdown.sh +EOF +} + start_wgd_debug() { printf "%s\n" "$dashes" _checkWireguard @@ -396,6 +441,10 @@ if [ "$#" != 1 ]; else start_wgd fi + elif [ "$1" = "docker_start" ]; then + printf "%s\n" "$dashes" + startwgd_docker + printf "%s\n" "$dashes" elif [ "$1" = "stop" ]; then if check_wgd_status; then printf "%s\n" "$dashes" @@ -432,4 +481,4 @@ if [ "$#" != 1 ]; else help fi -fi +fi \ No newline at end of file