diff --git a/Dockerfile b/Dockerfile index 7ca96618..c43105f1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,22 +14,37 @@ RUN \ apt-get update && \ apt-get install -y \ bc \ + build-essential \ curl \ - dkms \ + git \ gnupg \ ifupdown \ iproute2 \ iptables \ iputils-ping \ + jq \ libc6 \ + libelf-dev \ perl \ + pkg-config \ qrencode && \ - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E1B39B6EF6DDB96564797591AE33835F504A1A25 && \ - echo "deb http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \ - echo "deb-src http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \ echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \ echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \ - apt-get install resolvconf && \ + apt-get install -y --no-install-recommends \ + dkms \ + resolvconf && \ + echo "**** install wireguard-tools ****" && \ + if [ -z ${WIREGUARD_RELEASE+x} ]; then \ + WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \ + | jq -r .[0].name); \ + fi && \ + cd /app && \ + git clone https://git.zx2c4.com/wireguard-linux-compat && \ + git clone https://git.zx2c4.com/wireguard-tools && \ + cd wireguard-tools && \ + git checkout "${WIREGUARD_RELEASE}" && \ + make -C src -j$(nproc) && \ + make -C src install && \ echo "**** install CoreDNS ****" && \ COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \ | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \ diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index 9aa7a40c..89ebff46 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -14,22 +14,37 @@ RUN \ apt-get update && \ apt-get install -y \ bc \ + build-essential \ curl \ - dkms \ + git \ gnupg \ ifupdown \ iproute2 \ iptables \ iputils-ping \ + jq \ libc6 \ + libelf-dev \ perl \ + pkg-config \ qrencode && \ - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E1B39B6EF6DDB96564797591AE33835F504A1A25 && \ - echo "deb http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \ - echo "deb-src http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \ echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \ echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \ - apt-get install resolvconf && \ + apt-get install -y --no-install-recommends \ + dkms \ + resolvconf && \ + echo "**** install wireguard-tools ****" && \ + if [ -z ${WIREGUARD_RELEASE+x} ]; then \ + WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \ + | jq -r .[0].name); \ + fi && \ + cd /app && \ + git clone https://git.zx2c4.com/wireguard-linux-compat && \ + git clone https://git.zx2c4.com/wireguard-tools && \ + cd wireguard-tools && \ + git checkout "${WIREGUARD_RELEASE}" && \ + make -C src -j$(nproc) && \ + make -C src install && \ echo "**** install CoreDNS ****" && \ COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \ | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \ diff --git a/Dockerfile.armhf b/Dockerfile.armhf index a09dc5a6..e7177f21 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -14,22 +14,37 @@ RUN \ apt-get update && \ apt-get install -y \ bc \ + build-essential \ curl \ - dkms \ + git \ gnupg \ ifupdown \ iproute2 \ iptables \ iputils-ping \ + jq \ libc6 \ + libelf-dev \ perl \ + pkg-config \ qrencode && \ - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E1B39B6EF6DDB96564797591AE33835F504A1A25 && \ - echo "deb http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \ - echo "deb-src http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic main" >> /etc/apt/sources.list.d/wireguard.list && \ echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \ echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \ - apt-get install resolvconf && \ + apt-get install -y --no-install-recommends \ + dkms \ + resolvconf && \ + echo "**** install wireguard-tools ****" && \ + if [ -z ${WIREGUARD_RELEASE+x} ]; then \ + WIREGUARD_RELEASE=$(curl -sX GET "https://api.github.com/repos/WireGuard/wireguard-tools/tags" \ + | jq -r .[0].name); \ + fi && \ + cd /app && \ + git clone https://git.zx2c4.com/wireguard-linux-compat && \ + git clone https://git.zx2c4.com/wireguard-tools && \ + cd wireguard-tools && \ + git checkout "${WIREGUARD_RELEASE}" && \ + make -C src -j$(nproc) && \ + make -C src install && \ echo "**** install CoreDNS ****" && \ COREDNS_VERSION=$(curl -sX GET "https://api.github.com/repos/coredns/coredns/releases/latest" \ | awk '/tag_name/{print $4;exit}' FS='[""]' | awk '{print substr($1,2); }') && \ diff --git a/Jenkinsfile b/Jenkinsfile index b2372316..46ba20d9 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -103,7 +103,7 @@ pipeline { steps{ script{ env.EXT_RELEASE = sh( - script: ''' curl -sX GET http://ppa.launchpad.net/wireguard/wireguard/ubuntu/dists/bionic/main/binary-amd64/Packages.gz | gunzip -c |grep -A 7 -m 1 'Package: wireguard' | awk -F ': ' '/Version/{print $2;exit}' ''', + script: ''' curl -sX GET https://api.github.com/repos/WireGuard/wireguard-tools/tags | jq -r .[0].name ''', returnStdout: true).trim() env.RELEASE_LINK = 'custom_command' } diff --git a/README.md b/README.md index 06d7bd1a..29519c0b 100644 --- a/README.md +++ b/README.md @@ -168,11 +168,11 @@ In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as bel   ## Application Setup -This image is designed for Ubuntu and Debian based systems only. During container start, it will download the necessary kernel headers and build the kernel module (until kernel 5.6, which has the module built-in, goes mainstream). +This image is designed for Ubuntu and Debian based systems mainly (it works on some others, but ymmv). During container start, it will first check if the wireguard module is already installed and loaded. If not, it will then check if the kernel headers are already installed (in `/usr/src`) and if not, attempt to download the necessary kernel headers from the ubuntu/debian/raspbian repos; then will compile and install the kernel module. If you're on a debian/ubuntu based host with a custom or downstream distro provided kernel (ie. Pop!_OS), the container won't be able to install the kernel headers from the regular ubuntu and debian repos. In those cases, you can try installing the headers on the host via `sudo apt install linux-headers-$(uname -r)` (if distro version) and then add a volume mapping for `/usr/src:/usr/src`, or if custom built, map the location of the existing headers to allow the container to use host installed headers to build the kernel module (tested successful on Pop!_OS, ymmv). -With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees). +With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images prior to focal](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees). This can be run as a server or a client, based on the parameters used. @@ -268,6 +268,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **19.06.20:** - Add support for Ubuntu Focal (20.04) kernels. Compile wireguard tools and kernel module instead of using the ubuntu packages. Make module install optional. Improve verbosity in logs. * **29.05.20:** - Add support for 64bit raspbian. * **28.04.20:** - Add Buster/Stretch backports repos for Debian. Tested with OMV 5 and OMV 4 (on kernel 4.19.0-0.bpo.8-amd64). * **20.04.20:** - Fix typo in client mode conf existence check. diff --git a/jenkins-vars.yml b/jenkins-vars.yml index b6111099..1b241b7f 100644 --- a/jenkins-vars.yml +++ b/jenkins-vars.yml @@ -3,7 +3,7 @@ # jenkins variables project_name: docker-wireguard external_type: na -custom_version_command: "curl -sX GET http://ppa.launchpad.net/wireguard/wireguard/ubuntu/dists/bionic/main/binary-amd64/Packages.gz | gunzip -c |grep -A 7 -m 1 'Package: wireguard' | awk -F ': ' '/Version/{print $2;exit}'" +custom_version_command: "curl -sX GET https://api.github.com/repos/WireGuard/wireguard-tools/tags | jq -r .[0].name" release_type: stable release_tag: latest ls_branch: master diff --git a/readme-vars.yml b/readme-vars.yml index c46194bc..f9966e53 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -54,11 +54,11 @@ optional_block_1_items: "" # application setup block app_setup_block_enabled: true app_setup_block: | - This image is designed for Ubuntu and Debian based systems only. During container start, it will download the necessary kernel headers and build the kernel module (until kernel 5.6, which has the module built-in, goes mainstream). + This image is designed for Ubuntu and Debian based systems mainly (it works on some others, but ymmv). During container start, it will first check if the wireguard module is already installed and loaded. If not, it will then check if the kernel headers are already installed (in `/usr/src`) and if not, attempt to download the necessary kernel headers from the ubuntu/debian/raspbian repos; then will compile and install the kernel module. If you're on a debian/ubuntu based host with a custom or downstream distro provided kernel (ie. Pop!_OS), the container won't be able to install the kernel headers from the regular ubuntu and debian repos. In those cases, you can try installing the headers on the host via `sudo apt install linux-headers-$(uname -r)` (if distro version) and then add a volume mapping for `/usr/src:/usr/src`, or if custom built, map the location of the existing headers to allow the container to use host installed headers to build the kernel module (tested successful on Pop!_OS, ymmv). - With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees). + With regards to arm32/64 devices, Raspberry Pi 2-4 running the [official ubuntu images prior to focal](https://ubuntu.com/download/raspberry-pi) or Raspbian Buster are supported out of the box. For all other devices and OSes, you can try installing the kernel headers on the host, and mapping `/usr/src:/usr/src` and it may just work (no guarantees). This can be run as a server or a client, based on the parameters used. @@ -85,6 +85,7 @@ app_setup_block: | # changelog changelogs: + - { date: "19.06.20:", desc: "Add support for Ubuntu Focal (20.04) kernels. Compile wireguard tools and kernel module instead of using the ubuntu packages. Make module install optional. Improve verbosity in logs." } - { date: "29.05.20:", desc: "Add support for 64bit raspbian." } - { date: "28.04.20:", desc: "Add Buster/Stretch backports repos for Debian. Tested with OMV 5 and OMV 4 (on kernel 4.19.0-0.bpo.8-amd64)." } - { date: "20.04.20:", desc: "Fix typo in client mode conf existence check." } diff --git a/root/etc/cont-init.d/30-config b/root/etc/cont-init.d/30-config index 86430af9..318ad0fe 100644 --- a/root/etc/cont-init.d/30-config +++ b/root/etc/cont-init.d/30-config @@ -2,83 +2,153 @@ mkdir -p /config/{templates,coredns} -# install headers and wireguard -apt-get update -if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then - apt-get install -y \ - linux-headers-$(uname -r) \ - wireguard -elif (uname -r | grep -q 'v7+') || (uname -r | grep -q 'v7l+') || (uname -r | grep -q 'v8+'); then - echo "Raspbian kernel naming convention detected, attempting to install raspbian kernel headers" - curl -s http://archive.raspberrypi.org/debian/raspberrypi.gpg.key | apt-key add - - echo -e \ - "deb http://archive.raspberrypi.org/debian/ buster main\ndeb-src http://archive.raspberrypi.org/debian/ buster main" \ - > /etc/apt/sources.list.d/raspbian.list - apt-get update - apt-get install -y \ - raspberrypi-kernel-headers \ - wireguard -elif uname -v | grep -q 'Ubuntu'; then - echo "Attempting to install kernel headers from Ubuntu Xenial repo" - echo -e \ - "deb http://archive.ubuntu.com/ubuntu/ xenial main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted\n\ndeb http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted" \ - > /etc/apt/sources.list.d/xenial.list - apt-get update - if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then - apt-get install -y \ - linux-headers-$(uname -r) \ - wireguard +# check for wireguard module +if grep -q wireguard /proc/modules; then + echo "**** It seems the wireguard module is already loaded, let's test to make sure it works. ****" + /app/wireguard-tools/contrib/ncat-client-server/client-quick.sh + wg-quick up demo + if wg show | grep -q demo; then + echo "**** The module is working properly, skipping kernel header install and module compilation. ****" + SKIP_COMPILE="true" else - echo "No kernel headers found in the Ubuntu repos!! Will try the headers from host (if mapped), may or may not work" - apt-get install -y \ - wireguard + echo "**** The module is not functional, will attempt kernel header install and module compilation. ****" fi -elif uname -v | grep -q 'Debian'; then - echo "Debian host detected, attempting to install kernel headers from Debian Buster repo" - curl -s https://ftp-master.debian.org/keys/archive-key-10.asc | apt-key add - - echo -e \ - "deb http://deb.debian.org/debian buster main contrib non-free\ndeb-src http://deb.debian.org/debian buster main contrib non-free\ndeb http://deb.debian.org/debian buster-backports main contrib non-free\ndeb-src http://deb.debian.org/debian buster-backports main contrib non-free" \ - > /etc/apt/sources.list.d/debian.list + wg-quick down demo + rm -f /etc/wireguard/demo.conf +else + echo "**** The wireguard module is not loaded, will attempt kernel header install and module compilation. ****" +fi + +# install headers if necessary +if [ "$SKIP_COMPILE" != "true" ] && [ ! -e /lib/modules/$(uname -r)/build ]; then + echo "**** Attempting kernel header install ****" apt-get update if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then - if uname -r | grep -qs "bpo"; then - echo "Backported kernel detected" - apt-get install -y -t buster-backports \ - linux-headers-$(uname -r) - apt-get install -y \ - wireguard + apt-get install -y \ + linux-headers-$(uname -r) + elif (uname -r | grep -q 'v7+') || (uname -r | grep -q 'v7l+') || (uname -r | grep -q 'v8+'); then + echo "**** Raspbian kernel naming convention detected, attempting to install raspbian kernel headers ****" + curl -s http://archive.raspberrypi.org/debian/raspberrypi.gpg.key | apt-key add - + echo -e \ + "deb http://archive.raspberrypi.org/debian/ buster main\ndeb-src http://archive.raspberrypi.org/debian/ buster main" \ + > /etc/apt/sources.list.d/raspbian.list + apt-get update + apt-get install -y \ + raspberrypi-kernel-headers + elif uname -v | grep -q 'Ubuntu'; then + echo "**** Ubuntu kernel detected, but likely not Bionic. ****" + echo "**** Attempting to install kernel headers from Ubuntu Xenial repo ****" + if uname -m | grep -q 'x86_64'; then + echo -e \ + "deb http://archive.ubuntu.com/ubuntu/ xenial main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted\n\ndeb http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted\ndeb-src http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted" \ + > /etc/apt/sources.list.d/xenial-focal.list else + echo -e \ + "deb http://ports.ubuntu.com/ubuntu-ports/ xenial main restricted\ndeb-src http://ports.ubuntu.com/ubuntu-ports/ xenial main restricted\n\ndeb http://ports.ubuntu.com/ubuntu-ports/ xenial-updates main restricted\ndeb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-updates main restricted" \ + > /etc/apt/sources.list.d/xenial-focal.list + fi + apt-get update + if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then apt-get install -y \ - linux-headers-$(uname -r) \ - wireguard + linux-headers-$(uname -r) + else + echo "**** No kernel headers found in the Ubuntu Xenial repo!! Trying Ubuntu Focal. ****" + sed -i 's/xenial/focal/g' /etc/apt/sources.list.d/xenial-focal.list + apt-get update + if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then + apt-get install -y \ + linux-headers-$(uname -r) + else + echo "**** No kernel headers found in the Ubuntu repos!! Will try the headers from host (if mapped), may or may not work ****" + rm -rf /etc/apt/sources.list.d/xenial-focal.list + fi fi - else - echo "Attempting to install kernel headers from the Debian Stretch repo" - curl -s https://ftp-master.debian.org/keys/archive-key-9.asc | apt-key add - - sed -i 's/buster/stretch/g' /etc/apt/sources.list.d/debian.list + elif uname -v | grep -q 'Debian'; then + echo "**** Debian host detected, attempting to install kernel headers from Debian Buster repo ****" + curl -s https://ftp-master.debian.org/keys/archive-key-10.asc | apt-key add - + echo -e \ + "deb http://deb.debian.org/debian buster main contrib non-free\ndeb-src http://deb.debian.org/debian buster main contrib non-free\ndeb http://deb.debian.org/debian buster-backports main contrib non-free\ndeb-src http://deb.debian.org/debian buster-backports main contrib non-free" \ + > /etc/apt/sources.list.d/debian.list apt-get update if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then if uname -r | grep -qs "bpo"; then - echo "Backported kernel detected" - apt-get install -y -t stretch-backports \ + echo "**** Backported kernel detected ****" + apt-get install -y -t buster-backports \ linux-headers-$(uname -r) - apt-get install -y \ - wireguard else apt-get install -y \ - linux-headers-$(uname -r) \ - wireguard + linux-headers-$(uname -r) fi else - echo "No kernel headers found in Debian repos!! Will try the headers from host (if mapped), may or may not work" - apt-get install -y \ - wireguard + echo "**** Attempting to install kernel headers from the Debian Stretch repo ****" + curl -s https://ftp-master.debian.org/keys/archive-key-9.asc | apt-key add - + sed -i 's/buster/stretch/g' /etc/apt/sources.list.d/debian.list + apt-get update + if apt-cache show linux-headers-$(uname -r) 2&>1 >/dev/null; then + if uname -r | grep -qs "bpo"; then + echo "**** Backported kernel detected ****" + apt-get install -y -t stretch-backports \ + linux-headers-$(uname -r) + else + apt-get install -y \ + linux-headers-$(uname -r) + fi + else + echo "**** No kernel headers found in Debian repos!! Will try the headers from host (if mapped), may or may not work ****" + rm -rf /etc/apt/sources.list.d/debian.list + fi fi + else + echo "**** No kernel headers found in the Ubuntu or Debian repos!! Will try the headers from host (if mapped), may or may not work ****" + fi +fi + +if [ "$SKIP_COMPILE" != "true" ]; then + if [ -e /lib/modules/$(uname -r)/build ]; then + echo "**** Kernel headers seem to be present, attempting to build the wireguard module. . . ****" + if [ ! -f /lib/modules/$(uname -r)/build/certs/signing_key.pem ]; then + cd /lib/modules/$(uname -r)/build/certs + cat <> x509.genkey +[ req ] +default_bits = 4096 +distinguished_name = req_distinguished_name +prompt = no +string_mask = utf8only +x509_extensions = myexts + +[ req_distinguished_name ] +CN = Modules + +[ myexts ] +basicConstraints=critical,CA:FALSE +keyUsage=digitalSignature +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid +DUDE + echo "**** Generating signing key ****" + openssl req -new -nodes -utf8 -sha512 -days 36500 -batch -x509 -config x509.genkey -outform DER -out signing_key.x509 -keyout signing_key.pem + fi + cd /app + echo "**** Building the module ****" + make -C wireguard-linux-compat/src -j$(nproc) + make -C wireguard-linux-compat/src install + echo "**** Let's test our new module. ****" + /app/wireguard-tools/contrib/ncat-client-server/client-quick.sh + wg-quick up demo + if wg show | grep -q demo; then + echo "**** The module is working properly, moving forward with setup. ****" + else + wg-quick down demo + rm -f /etc/wireguard/demo.conf + echo "**** The module is not working, review the logs. Sleeping now. . . ****" + sleep infinity + fi + wg-quick down demo + rm -f /etc/wireguard/demo.conf + else + echo "**** Kernel headers don't seem to be available, can't compile the module. Sleeping now. . . ****" + sleep infinity fi -else - echo "No kernel headers found in the Ubuntu or Debian repos!! Will try the headers from host (if mapped), may or may not work" - apt-get install -y \ - wireguard fi # prepare symlinks @@ -135,48 +205,48 @@ DUDE } if [ -n "$PEERS" ]; then - echo "Server mode is selected" + echo "**** Server mode is selected ****" if ! [[ "$PEERS" =~ ^[0-9]+$ ]]; then - echo "PEERS is not set to an integer, setting it to 1" + echo "**** PEERS is not set to an integer, setting it to 1 ****" PEERS="1" fi if [ -z "$SERVERURL" ] || [ "$SERVERURL" = "auto" ]; then SERVERURL=$(curl icanhazip.com) - echo "SERVERURL var is either not set or is set to \"auto\", setting external IP to auto detected value of $SERVERURL" + echo "**** SERVERURL var is either not set or is set to \"auto\", setting external IP to auto detected value of $SERVERURL ****" else - echo "External server address is set to $SERVERURL" + echo "**** External server address is set to $SERVERURL ****" fi SERVERPORT=${SERVERPORT:-51820} - echo "External server port is set to ${SERVERPORT}. Make sure that port is properly forwarded to port 51820 inside this container" + echo "**** External server port is set to ${SERVERPORT}. Make sure that port is properly forwarded to port 51820 inside this container ****" INTERNAL_SUBNET=${INTERNAL_SUBNET:-10.13.13.0} - echo "Internal subnet is set to $INTERNAL_SUBNET" + echo "**** Internal subnet is set to $INTERNAL_SUBNET ****" INTERFACE=$(echo "$INTERNAL_SUBNET" | awk 'BEGIN{FS=OFS="."} NF--') if [ -z "$PEERDNS" ] || [ "$PEERDNS" = "auto" ]; then PEERDNS="${INTERFACE}.1" - echo "PEERDNS var is either not set or is set to \"auto\", setting peer DNS to ${INTERFACE}.1 to use wireguard docker host's DNS." + echo "**** PEERDNS var is either not set or is set to \"auto\", setting peer DNS to ${INTERFACE}.1 to use wireguard docker host's DNS. ****" else - echo "Peer DNS servers will be set to $PEERDNS" + echo "**** Peer DNS servers will be set to $PEERDNS ****" fi if [ ! -f /config/wg0.conf ]; then - echo "No found wg0.conf found (maybe an initial install), generating 1 server and $PEERS peer/client confs" + echo "**** No found wg0.conf found (maybe an initial install), generating 1 server and $PEERS peer/client confs ****" generate_confs save_vars else - echo "Server mode is selected" + echo "**** Server mode is selected ****" [[ -f /config/.donoteditthisfile ]] && \ . /config/.donoteditthisfile if [ "$SERVERURL" != "$ORIG_SERVERURL" ] || [ "$SERVERPORT" != "$ORIG_SERVERPORT" ] || [ "$PEERDNS" != "$ORIG_PEERDNS" ] || [ "$PEERS" != "$ORIG_PEERS" ] || [ "$INTERFACE" != "$ORIG_INTERFACE" ]; then - echo "Server related environment variables changed, regenerating 1 server and $PEERS peer/client confs" + echo "**** Server related environment variables changed, regenerating 1 server and $PEERS peer/client confs ****" generate_confs save_vars else - echo "No changes to parameters. Existing configs are used." + echo "**** No changes to parameters. Existing configs are used. ****" fi fi else - echo "Client mode selected." + echo "**** Client mode selected." if [ ! -f /config/wg0.conf ]; then - echo "No client conf found. Provide your own client conf as \"/config/wg0.conf\" and restart the container." + echo "**** No client conf found. Provide your own client conf as \"/config/wg0.conf\" and restart the container. ****" sleep infinity fi fi