12345678910111213141516171819202122232425262728293031 |
- #!/bin/bash
- # The net.ipv4.conf.all.src_valid_mark sysctl is set when running the Docker container, so don't have WireGuard also set it
- sed -i "s:sysctl -q net.ipv4.conf.all.src_valid_mark=1:echo Skipping setting net.ipv4.conf.all.src_valid_mark:" /usr/bin/wg-quick
- /usr/bin/wg-quick up wg0;
- sed -ie 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config;
- sed -ie 's/AllowTcpForwarding no/AllowTcpForwarding yes/' /etc/ssh/sshd_config;
- sed -ie 's/#MaxSessions 10/MaxSessions 15/' /etc/ssh/sshd_config;
- [ -n /root/.ssh/authorized_keys ] && chown root:root /root/.ssh/authorized_keys
- ssh-keygen -A;
- /usr/sbin/sshd -D;
- for local_subnet in ${LOCAL_SUBNETS//,/$IFS}
- do
- echo "Allowing traffic to local subnet ${local_subnet}" >&2
- ip route add $local_subnet via $default_route_ip
- iptables -I OUTPUT -d $local_subnet -j ACCEPT
- done
- shutdown () {
- wg-quick down $interface
- exit 0
- }
- # missing documentation
- trap shutdown SIGTERM SIGINT SIGQUIT
- sleep infinity &
- wait $!
|