Merge pull request #339 from linuxserver/master-ro

Add note about iptables modprobe, move activeconfs
linuxserver · Jun 14, 2024 · aaac281 · aaac281
2 parents 2442e59 + 640f754
commit aaac281
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 8 deletions.
diff --git a/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run b/root/etc/s6-overlay/s6-rc.d/init-wireguard-module/run
@@ -10,9 +10,10 @@ if ip link add dev test type wireguard; then
     ip link del dev test
     if capsh --current | grep "Current:" | grep -q "cap_sys_module"; then
         echo "**** As the wireguard module is already active you can remove the SYS_MODULE capability from your container run/compose. ****"
+        echo "****     If your host does not automatically load the iptables module, you may still need the SYS_MODULE capability.     ****"
     fi
 else
     echo "**** The wireguard module is not active. If you believe that your kernel should have wireguard support already, make sure that it is activated via modprobe! ****"
-    echo "****  If you have an old kernel without wireguard support built-in, you can try using the "legacy" tag for this image to compile the modules from scratch.   ****"
+    echo "****  If you have an old kernel without wireguard support built-in, you can try using the 'legacy' tag for this image to compile the modules from scratch.   ****"
     sleep infinity
 fi
diff --git a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/finish b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/finish
@@ -1,12 +1,12 @@
 #!/usr/bin/with-contenv bash
 # shellcheck shell=bash
 
-if [[ -f "/app/activeconfs" ]]; then
-    . /app/activeconfs
+if [[ -f "/run/activeconfs" ]]; then
+    . /run/activeconfs
     for tunnel in $(printf '%s\n' "${WG_CONFS[@]}" | tac | tr '\n' ' '; echo); do
         echo "**** Disabling tunnel ${tunnel} ****"
         wg-quick down "${tunnel}" || :
     done
     echo "**** All tunnels are down ****"
-    rm -rf /app/activeconfs
+    rm -rf /run/activeconfs
 fi
diff --git a/root/etc/s6-overlay/s6-rc.d/svc-wireguard/run b/root/etc/s6-overlay/s6-rc.d/svc-wireguard/run
@@ -2,7 +2,7 @@
 # shellcheck shell=bash
 
 unset WG_CONFS
-rm -rf /app/activeconfs
+rm -rf /run/activeconfs
 # Enumerate interfaces
 for wgconf in $(ls /config/wg_confs/*.conf); do
     if grep -q "\[Interface\]" "${wgconf}"; then
@@ -23,13 +23,13 @@ unset FAILED
 for tunnel in ${WG_CONFS[@]}; do
     echo "**** Activating tunnel ${tunnel} ****"
     if ! wg-quick up "${tunnel}"; then
-      FAILED="${tunnel}"
-      break
+        FAILED="${tunnel}"
+        break
     fi
 done
 
 if [[ -z "${FAILED}" ]]; then
-    declare -p WG_CONFS > /app/activeconfs
+    declare -p WG_CONFS > /run/activeconfs
     echo "**** All tunnels are now active ****"
 else
     echo "**** Tunnel ${FAILED} failed, will stop all others! ****"