Add PreUp/PostUp/PreDown/PostDown to env variables for server.conf cr…

README.md

@@ -133,6 +133,11 @@ $ subspace --http-host subspace.example.com
 | `SUBSPACE_THEME`            | `green`             | The theme to use, please refer to [semantic-ui](https://semantic-ui.com/usage/theming.html) for accepted colors                                      |
 | `SUBSPACE_BACKLINK`         | `/`                 | The page to set the home button to                                                                                                                   |
 | `SUBSPACE_DISABLE_DNS`      | `false`             | Whether to disable DNS so the client uses their own configured DNS server(s). Consider disabling DNS server, if supporting international VPN clients |
+| `SUBSPACE_PREUP`           | null             | PreUp=Action for wireguard server interface |
+| `SUBSPACE_PREDOWN`          | null             | PreDown=Action for wireguard server interface |
+| `SUBSPACE_POSTUP`           | null             | PostUp=Action for wireguard server interface |
+| `SUBSPACE_POSTDOWN`         | null             | PostDown=Action for wireguard server interface |
+| `SUBSPACE_FORWARD_GW`         | null             |  If set, will forward to this device (e.g. a nic in a different subnet) e.g. eth0, wlan0|
 
 ### Run as a Docker container
 

entrypoint.sh

@@ -163,15 +163,44 @@ cat <<WGSERVER >/data/wireguard/server.conf
 PrivateKey = $(cat /data/wireguard/server.private)
 ListenPort = ${SUBSPACE_LISTENPORT}
 
+
 WGSERVER
+
+if [ ! -z "${SUBSPACE_FORWARD_GW-}" ];
+then
+  echo "PostUp   = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ${SUBSPACE_FORWARD_GW} -j MASQUERADE" >> /data/wireguard/server.conf
+  echo "PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ${SUBSPACE_FORWARD_GW} -j MASQUERADE" >> /data/wireguard/server.conf
+fi
+
+if [ ! -z "${SUBSPACE_PREUP-}" ];
+then
+  echo "PreUp = $SUBSPACE_PREUP" >> /data/wireguard/server.conf
+fi
+if [ ! -z "${SUBSPACE_PREDOWN-}" ];
+then
+  echo "PreDown = $SUBSPACE_PREDOWN" >> /data/wireguard/server.conf
+fi
+if [ ! -z "${SUBSPACE_POSTUP-}" ];
+then
+  echo "PostUp = $SUBSPACE_POSTUP" >> /data/wireguard/server.conf
+fi
+if [ ! -z "${SUBSPACE_POSTDOWN-}" ];
+then
+  echo "PostDown = $SUBSPACE_POSTDOWN" >> /data/wireguard/server.conf
+fi
+
 cat /data/wireguard/peers/*.conf >>/data/wireguard/server.conf
 umask ${umask_val}
 [ -f /data/config.json ] && chmod 600 /data/config.json # Special handling of file not created by start-up script
 
 if ip link show wg0 2>/dev/null; then
   ip link del wg0
 fi
-ip link add wg0 type wireguard
+
+cp /data/wireguard/server.conf /data/wireguard/wg0.conf
+wg-quick up /data/wireguard/wg0.conf
+
+#ip link add wg0 type wireguard
 if [[ ${SUBSPACE_IPV4_NAT_ENABLED} -ne 0 ]]; then
   export SUBSPACE_IPV4_CIDR=$(echo ${SUBSPACE_IPV4_POOL-} | cut -d '/' -f2)
   ip addr add ${SUBSPACE_IPV4_GW}/${SUBSPACE_IPV4_CIDR} dev wg0
@@ -180,8 +209,6 @@ if [[ ${SUBSPACE_IPV6_NAT_ENABLED} -ne 0 ]]; then
   export SUBSPACE_IPV6_CIDR=$(echo ${SUBSPACE_IPV6_POOL-} | cut -d '/' -f2)
   ip addr add ${SUBSPACE_IPV6_GW}/${SUBSPACE_IPV6_CIDR} dev wg0
 fi
-wg setconf wg0 /data/wireguard/server.conf
-ip link set wg0 up
 
 # dnsmasq service
 if [[ ${SUBSPACE_DISABLE_DNS} == "0" ]]; then
@@ -252,3 +279,4 @@ RUNIT
 fi
 
 exec $@
+