1
0
mirror of https://github.com/donaldzou/WGDashboard.git synced 2024-11-22 15:20:09 +01:00

Working on isolated peers feature.

This commit is contained in:
Daan 2024-06-06 00:12:11 +02:00
parent 8ad601fcc0
commit 6dc28f11e0
3 changed files with 25 additions and 8 deletions

View File

@ -7,12 +7,14 @@ COPY entrypoint.sh /entrypoint.sh
# Declaring environment variables, change Peernet to an address you like, standard is a 24 bit subnet.
ARG dash_ver="v3.0.6.2"
ENV wg_net="10.0.0.1"
# wg_net is used functionally as an ARG for its environment variable nature, do not change unless you know what you are doing.
ENV tz="Europe/Amsterdam"
ENV public_ip="0.0.0.0"
ENV wg_net="10.0.0.1"
ENV global_dns="1.1.1.1"
ENV enable_wg0="false"
ENV isolated_peers="true"
ENV public_ip="0.0.0.0"
# Doing basic system maintenance. Change the timezone to the desired timezone.
RUN ln -sf /usr/share/zoneinfo/${tz} /etc/localtime \
@ -45,7 +47,9 @@ RUN wg genkey | tee /etc/wireguard/wg0_privatekey \
&& echo "Address = ${wg_net}/24" >> /etc/wireguard/wg0.conf \
&& echo "PrivateKey = $(cat /etc/wireguard/wg0_privatekey)" >> /etc/wireguard/wg0.conf \
&& echo "PostUp = iptables -t nat -I POSTROUTING 1 -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /etc/wireguard/wg0.conf \
&& echo "PostUp = iptables -I FORWARD -i wg0 -o wg0 -j DROP" >> /etc/wireguard/wg0.conf \
&& echo "PreDown = iptables -t nat -D POSTROUTING -s ${wg_net}/24 -o $(ip -o -4 route show to default | awk '{print $NF}') -j MASQUERADE" >> /etc/wireguard/wg0.conf \
&& echo "PreDown = iptables -D FORWARD -i wg0 -o wg0 -j DROP" >> /etc/wireguard/wg0.conf \
&& echo "ListenPort = 51820" >> /etc/wireguard/wg0.conf \
#&& echo "DNS = ${global_dns}" >> /etc/wireguard/wg0.conf \
&& rm /etc/wireguard/wg0_privatekey

View File

@ -1,22 +1,23 @@
services:
wireguard-dashboard:
image: repo.nerthus.nl/app/wireguard-dashboard:05-06-2024
image: repo.nerthus.nl/app/wireguard-dashboard:dev
restart: unless-stopped
container_name: wire-dash
environment:
#- tz= # <--- Set container timezone, default: Europe/Amsterdam.
#- global_dns= # <--- Set global DNS address, default: 1.1.1.1.
- enable_wg0=true # <--- If true, wg0 will be started on container startup. defaul:
- isolated_peers=false # <--- When set to true, it disallows peers to talk to eachother, setting to false, allows it, default: true.
#- public_ip= # <--- Set public IP to ensure the correct one is chosen, defaulting to the IP give by ifconfig.me.
- enable_wg0=true # <--- If set to true, it will try to enable the wg0 (main) interface on startup, to immediatly accept connections. When true, there will be no need to manually start the interface.
ports:
- 10086:10086/tcp
- 51820:51820/udp
volumes:
- wireguard_confs:/etc/wireguard
- wireguard_app:/opt/wireguardashboard/app
- conf:/etc/wireguard
- app:/opt/wireguardashboard/app
cap_add:
- NET_ADMIN
volumes:
wireguard_confs:
wireguard_app:
conf:
app:

View File

@ -19,8 +19,20 @@ start_core() {
cd ${WGDASH}/app/src
bash wgd.sh start
echo "${isolated_peers}"
if [ "${isolated_peers,,}" == "false" ]; then
echo "Isolated peers disabled, adjusting."
sed -i '/^.*FORWARD -i wg0 -o wg0 -j DROP.*$/s/^/#/' /etc/wireguard/wg0.conf
elif [ "${isolated_peers,,}" == "true" ]; then
echo "Isolated peers enabled, adjusting."
sed -i 's/^#//' /etc/wireguard/wg0.conf
fi
if [ "${enable_wg0,,}" == "true" ]; then
echo "Preference for wg0 to be turned on found."
wg-quick up wg0
else
echo "Preference for wg0 to be turned off found."