Merge pull request #339 from linuxserver/master-ro

Add note about iptables modprobe, move activeconfs
2026-02-06 12:07:36 +08:00 · 2024-06-14 13:33:20 +01:00 · 2024-06-14 13:33:20 +01:00 · aaac281119
commit aaac281119
parent 2442e5905b 640f754eac
3 changed files with 9 additions and 8 deletions
--- a/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run
@ -10,9 +10,10 @@ if ip link add dev test type wireguard; then
    ip link del dev test
    if capsh --current | grep "Current:" | grep -q "cap_sys_module"; then
        echo "**** As the wireguard module is already active you can remove the SYS_MODULE capability from your container run/compose. ****"
+        echo "****     If your host does not automatically load the iptables module, you may still need the SYS_MODULE capability.     ****"
    fi
 else
    echo "**** The wireguard module is not active. If you believe that your kernel should have wireguard support already, make sure that it is activated via modprobe! ****"
-    echo "****  If you have an old kernel without wireguard support built-in, you can try using the "legacy" tag for this image to compile the modules from scratch.   ****"
+    echo "****  If you have an old kernel without wireguard support built-in, you can try using the 'legacy' tag for this image to compile the modules from scratch.   ****"
    sleep infinity
 fi
--- a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/finish
+++ b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/finish
@ -1,12 +1,12 @@
 #!/usr/bin/with-contenv bash
 # shellcheck shell=bash

-if [[ -f "/app/activeconfs" ]]; then
-    . /app/activeconfs
+if [[ -f "/run/activeconfs" ]]; then
+    . /run/activeconfs
    for tunnel in $(printf '%s\n' "${WG_CONFS[@]}" | tac | tr '\n' ' '; echo); do
        echo "**** Disabling tunnel ${tunnel} ****"
        wg-quick down "${tunnel}" || :
    done
    echo "**** All tunnels are down ****"
-    rm -rf /app/activeconfs
+    rm -rf /run/activeconfs
 fi
--- a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/run
+++ b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/run
@ -2,7 +2,7 @@
 # shellcheck shell=bash

 unset WG_CONFS
-rm -rf /app/activeconfs
+rm -rf /run/activeconfs
 # Enumerate interfaces
 for wgconf in $(ls /config/wg_confs/*.conf); do
    if grep -q "\[Interface\]" "${wgconf}"; then
@ -23,13 +23,13 @@ unset FAILED
 for tunnel in ${WG_CONFS[@]}; do
    echo "**** Activating tunnel ${tunnel} ****"
    if ! wg-quick up "${tunnel}"; then
-      FAILED="${tunnel}"
-      break
+        FAILED="${tunnel}"
+        break
    fi
 done

 if [[ -z "${FAILED}" ]]; then
-    declare -p WG_CONFS > /app/activeconfs
+    declare -p WG_CONFS > /run/activeconfs
    echo "**** All tunnels are now active ****"
 else
    echo "**** Tunnel ${FAILED} failed, will stop all others! ****"