Manage Wireguard restarts from docker container (ngoduykhanh#267)

Author: mojothemonkey2

Dockerfile

@@ -62,17 +62,17 @@ FROM alpine:3.16
 RUN addgroup -S wgui && \
     adduser -S -D -G wgui wgui
 
-RUN apk --no-cache add ca-certificates
+RUN apk --no-cache add ca-certificates wireguard-tools jq
 
 WORKDIR /app
 
 RUN mkdir -p db
 
 # Copy binary files
-COPY --from=builder --chown=wgui:wgui /build/wg-ui /app
-
+COPY --from=builder --chown=wgui:wgui /build/wg-ui .
 RUN chmod +x wg-ui
+COPY init.sh .
 
 EXPOSE 5000/tcp
 HEALTHCHECK CMD ["wget","--output-document=-","--quiet","--tries=1","http://127.0.0.1:5000/_health"]
-ENTRYPOINT ["./wg-ui"]
+ENTRYPOINT ["./init.sh"]

README.md

@@ -34,6 +34,7 @@ Note:
 
 - There is a Status option that needs docker to be able to access the network of the host in order to read the 
 wireguard interface stats. See the `cap_add` and `network_mode` options on the docker-compose.yaml
+- Similarly the `WGUI_MANAGE_START` and `WGUI_MANAGE_RESTART` settings need the same access, in order to restart the wireguard interface.
 - Because the `network_mode` is set to `host`, we don't need to specify the exposed ports. The app will listen on port `5000` by default.
 
 
@@ -75,6 +76,15 @@ These environment variables are used to set the defaults used in `New Client` di
 | `WGUI_DEFAULT_CLIENT_USE_SERVER_DNS`        | Boolean value [`0`, `f`, `F`, `false`, `False`, `FALSE`, `1`, `t`, `T`, `true`, `True`, `TRUE`] (default `true`) |
 | `WGUI_DEFAULT_CLIENT_ENABLE_AFTER_CREATION` | Boolean value [`0`, `f`, `F`, `false`, `False`, `FALSE`, `1`, `t`, `T`, `true`, `True`, `TRUE`] (default `true`) |
 
+### Docker only
+
+These environment variables only apply to the docker container.
+
+| Variable              | Description                                                                      |
+|-----------------------|----------------------------------------------------------------------------------|
+| `WGUI_MANAGE_START`   | Start/stop WireGaurd when the container is started/stopped. (default `false`)    |
+| `WGUI_MANAGE_RESTART` | Auto restart WireGuard when we Apply Config changes in the UI. (default `false`) |
+
 ### Email configuration
 
 To use custom `wg.conf` template set the `WG_CONF_TEMPLATE` environment variable to a path to such file. Make sure `wireguard-ui` will be able to work with it - use [default template](templates/wg.conf) for reference.
@@ -168,6 +178,12 @@ rc-service wgui start
 rc-update add wgui default
 ```
 
+### docker
+
+Set `WGUI_MANAGE_RESTART=true` to manage Wireguard interface restarts.
+Using `WGUI_MANAGE_START=true` can also replace the function of `wg-quick@wg0` service, to start Wireguard at boot, by running the container with `restart: unless-stopped`.
+These settings can also pick up changes to Wireguard Config File Path, after restarting the container.
+
 ## Build
 
 ### Build docker image

docker-compose.yaml

@@ -16,6 +16,8 @@ services:
       - WGUI_USERNAME=alpha
       - WGUI_PASSWORD=this-unusual-password
       - WG_CONF_TEMPLATE
+      - WGUI_MANAGE_START=false
+      - WGUI_MANAGE_RESTART=false
     logging:
       driver: json-file
       options:

init.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# extract wg config file path, or use default
+conf="$(jq -r .config_file_path db/server/global_settings.json || echo /etc/wireguard/wg0.conf)"
+
+# manage wireguard stop/start with the container
+case $WGUI_MANAGE_START in (1|t|T|true|True|TRUE)
+    wg-quick up "$conf"
+    trap 'wg-quick down "$conf"' SIGTERM # catches container stop
+esac
+
+# manage wireguard restarts
+case $WGUI_MANAGE_RESTART in (1|t|T|true|True|TRUE)
+    [[ -f $conf ]] || touch "$conf" # inotifyd needs file to exist
+    inotifyd - "$conf":w | while read -r event file; do
+        wg-quick down "$file"
+        wg-quick up "$file"
+    done &
+esac
+
+
+./wg-ui &
+wait $!