diff --git a/docker/Dockerfile b/docker/Dockerfile index 4b98e20..1c5c681 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -7,12 +7,14 @@ COPY entrypoint.sh /entrypoint.sh # Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet. ARG dash_ver="v3.0.6.2" +ENV wg_net="10.0.0.1" +# wg_net is used functionally as an ARG for its environment variable nature, do not change unless you know what you are doing. ENV tz="Europe/Amsterdam" -ENV public_ip="0.0.0.0" -ENV wg_net="10.0.0.1" ENV global_dns="1.1.1.1" ENV enable_wg0="false" +ENV isolated_peers="true" +ENV public_ip="0.0.0.0" # Doing basic system maintenance. Change the timezone to the desired timezone. RUN ln -sf /usr/share/zoneinfo/${tz} /etc/localtime \ @@ -45,7 +47,9 @@ RUN wg genkey | tee /etc/wireguard/wg0_privatekey \ && echo "Address = ${wg_net}/24" >> /etc/wireguard/wg0.conf \ && echo "PrivateKey = $(cat /etc/wireguard/wg0_privatekey)" >> /etc/wireguard/wg0.conf \ && echo "PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /etc/wireguard/wg0.conf \ + && echo "PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP" >> /etc/wireguard/wg0.conf \ && echo "PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /etc/wireguard/wg0.conf \ + && echo "PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP" >> /etc/wireguard/wg0.conf \ && echo "ListenPort = 51820" >> /etc/wireguard/wg0.conf \ #&& echo "DNS = ${global_dns}" >> /etc/wireguard/wg0.conf \ && rm /etc/wireguard/wg0_privatekey diff --git a/docker/compose.yaml b/docker/compose.yaml index 733d755..7ac31af 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -1,22 +1,23 @@ services: wireguard-dashboard: - image: repo.nerthus.nl/app/wireguard-dashboard:05-06-2024 + image: repo.nerthus.nl/app/wireguard-dashboard:dev restart: unless-stopped container_name: wire-dash environment: #- tz= # <--- Set container timezone, default: Europe/Amsterdam. #- global_dns= # <--- Set global DNS address, default: 1.1.1.1. + - enable_wg0=true # <--- If true, wg0 will be started on container startup. defaul: + - isolated_peers=false # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true. #- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me. - - enable_wg0=true # <--- If set to true, it will try to enable the wg0 (main) interface on startup, to immediatly accept connections. When true, there will be no need to manually start the interface. ports: - 10086:10086/tcp - 51820:51820/udp volumes: - - wireguard_confs:/etc/wireguard - - wireguard_app:/opt/wireguardashboard/app + - conf:/etc/wireguard + - app:/opt/wireguardashboard/app cap_add: - NET_ADMIN volumes: - wireguard_confs: - wireguard_app: + conf: + app: diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index c2a9614..2825e61 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -19,8 +19,20 @@ start_core() { cd ${WGDASH}/app/src bash wgd.sh start + echo "${isolated_peers}" + if [ "${isolated_peers,,}" == "false" ]; then + echo "Isolated peers disabled, adjusting." + + sed -i '/^.*FORWARD -i wg0 -o wg0 -j DROP.*$/s/^/#/' /etc/wireguard/wg0.conf + elif [ "${isolated_peers,,}" == "true" ]; then + echo "Isolated peers enabled, adjusting." + + sed -i 's/^#//' /etc/wireguard/wg0.conf + fi + if [ "${enable_wg0,,}" == "true" ]; then echo "Preference for wg0 to be turned on found." + wg-quick up wg0 else echo "Preference for wg0 to be turned off found."