Add PreUp/PostUp/PreDown/PostDown to env variables for server.conf creation

Christoph Spörk · DarwinsBuddy · commit bebd0bea941d · 2021-09-19T17:08:27.000+02:00
diff --git a/README.md b/README.md
@@ -133,7 +133,10 @@ $ subspace --http-host subspace.example.com
 | `SUBSPACE_THEME`            | `green`             | The theme to use, please refer to [semantic-ui](https://semantic-ui.com/usage/theming.html) for accepted colors                                      |
 | `SUBSPACE_BACKLINK`         | `/`                 | The page to set the home button to                                                                                                                   |
 | `SUBSPACE_DISABLE_DNS`      | `false`             | Whether to disable DNS so the client uses their own configured DNS server(s). Consider disabling DNS server, if supporting international VPN clients |
-
+| `SUBSPACE_PREUP`           | null             | PreUp=Action for wireguard server interface |
+| `SUBSPACE_PREDOWN`          | null             | PreDown=Action for wireguard server interface |
+| `SUBSPACE_POSTUP`           | null             | PostUp=Action for wireguard server interface |
+| `SUBSPACE_POSTDOWN`         | null             | PostDown=Action for wireguard server interface |
 ### Run as a Docker container
 
 #### Install WireGuard on the host
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -163,15 +163,42 @@ cat <<WGSERVER >/data/wireguard/server.conf
 PrivateKey = $(cat /data/wireguard/server.private)
 ListenPort = ${SUBSPACE_LISTENPORT}
 
+PreUp      = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+PostDown   = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+
 WGSERVER
+
+if [ ! -z "${SUBSPACE_PREUP-}" ];
+then
+  echo "PreUp = $SUBSPACE_PREUP" >> /data/wireguard/server.conf
+fi
+if [ ! -z "${SUBSPACE_PREDOWN-}" ];
+then
+  echo "PreDown = $SUBSPACE_PREDOWN" >> /data/wireguard/server.conf
+fi
+if [ ! -z "${SUBSPACE_POSTUP-}" ];
+then
+  echo "PostUp = $SUBSPACE_POSTUP" >> /data/wireguard/server.conf
+fi
+if [ ! -z "${SUBSPACE_POSTDOWN-}" ];
+then
+  echo "PostDown = $SUBSPACE_POSTDOWN" >> /data/wireguard/server.conf
+fi
+
 cat /data/wireguard/peers/*.conf >>/data/wireguard/server.conf
 umask ${umask_val}
 [ -f /data/config.json ] && chmod 600 /data/config.json # Special handling of file not created by start-up script
 
 if ip link show wg0 2>/dev/null; then
   ip link del wg0
 fi
-ip link add wg0 type wireguard
+
+#wg setconf wg0 /data/wireguard/server.conf
+#ip link set wg0 up
+cp /data/wireguard/server.conf /data/wireguard/wg0.conf
+wg-quick up /data/wireguard/wg0.conf
+
+#ip link add wg0 type wireguard
 if [[ ${SUBSPACE_IPV4_NAT_ENABLED} -ne 0 ]]; then
   export SUBSPACE_IPV4_CIDR=$(echo ${SUBSPACE_IPV4_POOL-} | cut -d '/' -f2)
   ip addr add ${SUBSPACE_IPV4_GW}/${SUBSPACE_IPV4_CIDR} dev wg0
@@ -180,8 +207,6 @@ if [[ ${SUBSPACE_IPV6_NAT_ENABLED} -ne 0 ]]; then
   export SUBSPACE_IPV6_CIDR=$(echo ${SUBSPACE_IPV6_POOL-} | cut -d '/' -f2)
   ip addr add ${SUBSPACE_IPV6_GW}/${SUBSPACE_IPV6_CIDR} dev wg0
 fi
-wg setconf wg0 /data/wireguard/server.conf
-ip link set wg0 up
 
 # dnsmasq service
 if [[ ${SUBSPACE_DISABLE_DNS} == "0" ]]; then
@@ -252,3 +277,4 @@ RUNIT
 fi
 
 exec $@
+
