Wireguard standalone touches /etc/wireguard + sysctl exclusively (genuine root) -> runSystem for all its mkdir/chmod/sed/rm/grep/tee/qrencode. Traefik dynamic configs live under containers/traefik (docker-install-owned) -> runFileOp/runFileWrite (whitelist.yml, protectionauth.yml, the router-rewrite awk|tee|mv in port_subdomains). sudo -u drops left. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
29 lines
874 B
Bash
Executable File
29 lines
874 B
Bash
Executable File
#!/bin/bash
|
|
|
|
traefikUpdateWhitelist()
|
|
{
|
|
local whitelist_file="${containers_dir}traefik/etc/dynamic/whitelist.yml"
|
|
if [ -f "$whitelist_file" ]; then
|
|
# Split the CFG_IPS_WHITELIST into an array
|
|
IFS=',' read -ra IP_ARRAY <<< "$CFG_IPS_WHITELIST"
|
|
|
|
# Build the YAML content dynamically
|
|
YAML_CONTENT="http:
|
|
middlewares:
|
|
global-ipwhitelist:
|
|
ipWhiteList:
|
|
sourceRange:"
|
|
|
|
for IP in "${IP_ARRAY[@]}"; do
|
|
YAML_CONTENT+="\n - \"$IP\""
|
|
done
|
|
|
|
# Add CFG_NETWORK_SUBNET to the YAML content
|
|
YAML_CONTENT+="\n - \"$CFG_NETWORK_SUBNET\""
|
|
|
|
# Now update the YAML file with the new content using sudo
|
|
echo -e "$YAML_CONTENT" | runFileWrite "$whitelist_file" > /dev/null
|
|
isSuccessful "Traefik has been updated with the latest whitelist IPs."
|
|
fi
|
|
}
|