102 lines
2.5 KiB
Bash
102 lines
2.5 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Wireguard / VPN Service
|
|
|
|
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
|
|
config_wireguard() {
|
|
echo -ne "\n* Configuring /federated/apps/wireguard container.."
|
|
spin &
|
|
SPINPID=$!
|
|
|
|
if [ ! -d "/federated/apps/wireguard" ]; then
|
|
mkdir -p /federated/apps/wireguard/data/config
|
|
fi
|
|
|
|
DOMAIN_ARRAY=(${DOMAIN//./ })
|
|
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
|
|
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
|
|
|
|
cat > /federated/apps/wireguard/docker-compose.yml <<EOF
|
|
version: "3.7"
|
|
services:
|
|
wireguard:
|
|
image: linuxserver/wireguard:\${IMAGE_VERSION}
|
|
container_name: vpn
|
|
hostname: vpn.$DOMAIN
|
|
domainname: $DOMAIN
|
|
restart: always
|
|
networks:
|
|
federated:
|
|
ipv4_address: 172.99.0.22
|
|
ports:
|
|
- 51820:51820/udp
|
|
volumes:
|
|
- ./data/config:/config
|
|
- /lib/modules:/lib/modules
|
|
env_file:
|
|
- ./.env
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- SYS_MODULE
|
|
sysctls:
|
|
- net.ipv4.conf.all.src_valid_mark=1
|
|
|
|
networks:
|
|
federated:
|
|
external: true
|
|
EOF
|
|
|
|
cat > /federated/apps/wireguard/.env <<EOF
|
|
IMAGE_VERSION="1.0.20210914"
|
|
PUID=1000
|
|
PGID=1000
|
|
SERVERURL=vpn.$DOMAIN
|
|
SERVERPORT=51820
|
|
PEERS=1
|
|
PEERDNS=auto
|
|
ALLOWEDIPS=172.99.0.0/24
|
|
LOG_CONFS=true
|
|
EOF
|
|
chmod 600 /federated/apps/wireguard/.env
|
|
|
|
kill -9 $SPINPID &> /dev/null
|
|
echo -ne "done."
|
|
}
|
|
|
|
start_wireguard() {
|
|
# Start /federated/apps/wireguard with output to /dev/null
|
|
echo -ne "\n* Starting /federated/apps/wireguard service.."
|
|
spin &
|
|
SPINPID=$!
|
|
|
|
if [ $DEBUG ]; then
|
|
# Start /federated/apps/wireguard with output to console for debug
|
|
docker-compose -f /federated/apps/wireguard/docker-compose.yml -p wireguard up
|
|
[ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service /federated/apps/wireguard"
|
|
else
|
|
docker-compose -f /federated/apps/wireguard/docker-compose.yml -p wireguard up -d &> /dev/null
|
|
|
|
# Keep trying wireguard port 80 to make sure it's up
|
|
# before we proceed
|
|
RETRY="30"
|
|
while [ $RETRY -gt 0 ]; do
|
|
nc -uvz 172.99.0.22 51820 &> /dev/null
|
|
if [ $? -eq 0 ]; then
|
|
break
|
|
else
|
|
if [ "$RETRY" == 1 ]; then
|
|
docker-compose -f /federated/apps/wireguard/docker-compose.yml -p wireguard down &> /dev/null
|
|
kill -9 $SPINPID &> /dev/null
|
|
fail "There was a problem starting service /federated/apps/wireguard\nCheck the output of 'docker logs wireguard' or turn on\ndebug with -d"
|
|
fi
|
|
((RETRY--))
|
|
sleep 7
|
|
fi
|
|
done
|
|
fi
|
|
|
|
kill -9 $SPINPID &> /dev/null
|
|
echo -ne "done."
|
|
}
|