From a3a1be264b67ce0625b8ecc4a347699408ef3c23 Mon Sep 17 00:00:00 2001 From: Bernd Storath <999999bst@gmail.com> Date: Wed, 12 Mar 2025 13:02:33 +0100 Subject: [PATCH] add ui port to template --- docs/content/examples/tutorials/podman.md | 2 +- src/server/utils/config.ts | 12 ++++++++++++ src/server/utils/template.ts | 2 ++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/docs/content/examples/tutorials/podman.md b/docs/content/examples/tutorials/podman.md index 33381f74..3cc49d98 100644 --- a/docs/content/examples/tutorials/podman.md +++ b/docs/content/examples/tutorials/podman.md @@ -88,7 +88,7 @@ In the Admin Panel of your WireGuard server, go to the `Hooks` tab and add the f 1. PostUp ```shell - apk add nftables; nft add table inet wg_table; nft add chain inet wg_table postrouting { type nat hook postrouting priority 100 \; }; nft add rule inet wg_table postrouting ip saddr {{ipv4Cidr}} oifname {{device}} masquerade; nft add rule inet wg_table postrouting ip6 saddr {{ipv6Cidr}} oifname {{device}} masquerade; nft add chain inet wg_table input { type filter hook input priority 0 \; policy drop \; }; nft add rule inet wg_table input udp dport {{port}} accept; nft add chain inet wg_table forward { type filter hook forward priority 0 \; policy drop \; }; nft add rule inet wg_table forward iifname "wg0" accept; nft add rule inet wg_table forward oifname "wg0" accept; + apk add nftables; nft add table inet wg_table; nft add chain inet wg_table postrouting { type nat hook postrouting priority 100 \; }; nft add rule inet wg_table postrouting ip saddr {{ipv4Cidr}} oifname {{device}} masquerade; nft add rule inet wg_table postrouting ip6 saddr {{ipv6Cidr}} oifname {{device}} masquerade; nft add chain inet wg_table input { type filter hook input priority 0 \; policy drop \; }; nft add rule inet wg_table input udp dport {{port}} accept; nft add rule inet wg_table input tcp dport {{uiPort}} accept; nft add chain inet wg_table forward { type filter hook forward priority 0 \; policy drop \; }; nft add rule inet wg_table forward iifname "wg0" accept; nft add rule inet wg_table forward oifname "wg0" accept; ``` 2. PostDown diff --git a/src/server/utils/config.ts b/src/server/utils/config.ts index 8b0f8c09..fb656fc1 100644 --- a/src/server/utils/config.ts +++ b/src/server/utils/config.ts @@ -15,4 +15,16 @@ export const OLD_ENV = { export const WG_ENV = { /** UI is hosted on HTTP instead of HTTPS */ INSECURE: process.env.INSECURE === 'true', + /** Port the UI is listening on */ + PORT: assertEnv('PORT'), }; + +function assertEnv(env: T) { + const val = process.env[env]; + + if (!val) { + throw new Error(`Missing environment variable: ${env}`); + } + + return val; +} diff --git a/src/server/utils/template.ts b/src/server/utils/template.ts index 43fc6927..12f775ed 100644 --- a/src/server/utils/template.ts +++ b/src/server/utils/template.ts @@ -15,6 +15,7 @@ export function template(templ: string, values: Record) { * - ipv6Cidr: IPv6 CIDR * - device: Network device * - port: Port number + * - uiPort: UI port number */ export function iptablesTemplate(templ: string, wgInterface: InterfaceType) { return template(templ, { @@ -22,5 +23,6 @@ export function iptablesTemplate(templ: string, wgInterface: InterfaceType) { ipv6Cidr: wgInterface.ipv6Cidr, device: wgInterface.device, port: wgInterface.port.toString(), + uiPort: WG_ENV.PORT, }); }