Merge claude/1

This commit is contained in:
librelad 2026-05-26 17:48:43 +01:00
commit c0e01ae77d
2 changed files with 26 additions and 16 deletions

View File

@ -122,18 +122,11 @@ installWireguard()
echo "---- $menu_number. Enabling IP forwarding"
echo ""
# Check if the setting exists, if not, add it to the file
if ! grep -q "net.ipv4.ip_forward" /etc/sysctl/99-custom.conf; then
local result=$(echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl/99-custom.conf > /dev/null)
checkSuccess "Enabling IPv4 IP Forwarding in the 99-sysctl.conf file (Kernel)"
local result=$(sudo sed -i "s/#net.ipv4.ip_forward/net.ipv4.ip_forward/g" /etc/sysctl/99-custom.conf)
checkSuccess "Enabling IPv4 IP Forwarding in the 99-sysctl.conf file (Kernel)"
else
isNotice "IPv4 IP Forwarding setting already exists in the 99-custom.conf file."
fi
local result=$(sudo sysctl -p)
checkSuccess "Apply changes made to the System's Kernel"
# Drop in /etc/sysctl.d/99-libreportal-wireguard.conf + reload — the
# whole thing runs as root through libreportal-appcfg so the manager
# never needs blanket /etc write or `sudo sysctl` itself.
local result=$(runAppCfg wireguard-ip-forward)
checkSuccess "Enabling IPv4 IP Forwarding (sysctl drop-in + reload)"
((menu_number++))
echo ""

View File

@ -52,6 +52,22 @@ adguard_auth() {
rm -f "$tmp"
}
# --- WireGuard: enable IPv4 ip_forward via a sysctl drop-in --------------------
# The container needs the host kernel to forward packets between WG and the LAN.
# Lays down a conventional /etc/sysctl.d drop-in (idempotent overwrite) and asks
# the kernel to reload — avoids the legacy `/etc/sysctl/99-custom.conf` path
# (non-standard, may not exist) the old wireguard.sh edited via blanket sudo.
wireguard_ip_forward() {
local dropin="/etc/sysctl.d/99-libreportal-wireguard.conf"
cat > "$dropin" <<'EOF'
# Enable IPv4 forwarding for the LibrePortal WireGuard container.
# Managed by libreportal-appcfg wireguard-ip-forward.
net.ipv4.ip_forward=1
EOF
chmod 0644 "$dropin"
sysctl --system >/dev/null 2>&1 || sysctl -p "$dropin" >/dev/null 2>&1 || true
}
# --- CrowdSec: set nftables ipv4/ipv6 priority to -100 in the bouncer yaml ------
crowdsec_priority() {
local cfg="/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml"
@ -129,5 +145,6 @@ case "$action" in
adguard-auth) adguard_auth "${1:-}" "${2:-}" ;;
crowdsec-priority) crowdsec_priority ;;
owncloud-config) owncloud_config "${1:-}" "${2:-}" "${3:-}" "${4:-}" ;;
*) echo "usage: libreportal-appcfg {adguard-auth <user> <bcrypt>|crowdsec-priority|owncloud-config <public> <host> <ip> <public_ip>}" >&2; exit 2 ;;
wireguard-ip-forward) wireguard_ip_forward ;;
*) echo "usage: libreportal-appcfg {adguard-auth <user> <bcrypt>|crowdsec-priority|owncloud-config <public> <host> <ip> <public_ip>|wireguard-ip-forward}" >&2; exit 2 ;;
esac