Mirrored_Repos/unifios-utilities
1
0
Fork 0
mirror of https://github.com/unifi-utilities/unifios-utilities.git synced 2024-08-30 18:32:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Wireguard instructions added, nextdns container updates

Browse Source
This commit is contained in:
John Dorman
2020-07-09 20:28:49 -07:00
parent 40e7a8e7bd
commit 8761d928bc
6 changed files with 62 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -11,6 +11,11 @@ Enables init.d style scripts to run on every boot of your UDM. Includes a wpa-su
### python ### python
If you need python3 on your UDM, generally not recommended, can always use it in unifi-os container If you need python3 on your UDM, generally not recommended, can always use it in unifi-os container
## VPN Servers / Clients
### wireguard-go
Run a Wireguard client/server on your UDM/P. Utilizes wireguard-go, not linux kernel modules. The performance will take a hit due to that.
## DNS Providers ## DNS Providers
### dns-common ### dns-common
Configurations for DNS containers, both IPv4 and IPv6. Utilizes MacVLAN CNI plugins to completely isolate the network stack. Configurations for DNS containers, both IPv4 and IPv6. Utilizes MacVLAN CNI plugins to completely isolate the network stack.

2
nextdns/README.md
View File

@ -25,7 +25,7 @@ podman build . -t nextdns-udm:latest
``` ```
Building from another device is possible. You must have [buildx](https://github.com/docker/buildx/) installed to do cross platform builds. This is useful if you want to mirror to a private repo Building from another device is possible. You must have [buildx](https://github.com/docker/buildx/) installed to do cross platform builds. This is useful if you want to mirror to a private repo
```shell script ```shell script
docker buildx build --platform linux/arm64 -t nextdns-udm:latest . docker buildx build --platform linux/arm64/v8 -t nextdns-udm:latest .
``` ```
### Steps ### Steps

14
nextdns/docker/Dockerfile
View File

@ -1,11 +1,11 @@
FROM alpine FROM alpine as builder
ENV VERSION=1.7.0 ENV VERSION=1.7.0
LABEL maintainer="John Dorman <dorman@ataxia.cloud>" LABEL maintainer="John Dorman <dorman@ataxia.cloud>"
RUN apk add --no-cache ca-certificates \ RUN wget -O /tmp/nextdns.tar.gz https://github.com/nextdns/nextdns/releases/download/v${VERSION}/nextdns_${VERSION}_linux_arm64.tar.gz \
&& mkdir -p /opt/nextdns \ && mkdir /tmp/nextdns && tar zxf /tmp/nextdns.tar.gz -C /tmp/nextdns
&& wget -O /tmp/nextdns.tar.gz https://github.com/nextdns/nextdns/releases/download/v${VERSION}/nextdns_${VERSION}_linux_arm64.tar.gz \
&& tar zxf /tmp/nextdns.tar.gz -C /opt/nextdns \ FROM arm64v8/alpine
&& rm /tmp/nextdns.tar.gz RUN apk add --no-cache ca-certificates
COPY --from=builder /tmp/nextdns /opt/nextdns
EXPOSE 53/tcp 53/udp EXPOSE 53/tcp 53/udp
ENTRYPOINT ["/opt/nextdns/nextdns","run", "-config-file", "/etc/nextdns/nextdns.conf"] ENTRYPOINT ["/opt/nextdns/nextdns","run", "-config-file", "/etc/nextdns/nextdns.conf"]
CMD []

36
wireguard-go/README.md Normal file
View File

@ -0,0 +1,36 @@
# Wireguard VPN server / client
### Features
1. Wireguard VPN to anywhere! Uses wireguard-go, not the kernel module.
1. Persists through reboots and firmware updates.
1. Tested with a Wireguard Server in AWS.
### Requirements
1. You have successfully setup the on boot script described [here](https://github.com/boostchicken/udm-utilities/tree/master/on-boot-script)
1. Not recommended for Wireguard newbies. Set it up on other devices first. This document does not include iptables / nat rules.
### Customization
* Update [wg0.conf](configs/wg0.conf) to match your env
### Steps
1. Create your public and private keys
```shell script
podman run -i --rm --net=host --name wireguard_conf masipcat/wireguard-go wg genkey > /mnt/data/wireguard/privatekey
podman run -i --rm --net=host --name wireguard_conf masipcat/wireguard-go wg genkey < /mnt/data/wireguard/privatekey > /mnt/data/wireguard/publickey
```
1. Make configurations dir
```shell script
mkdir -p /mnt/data/wireguard
```
1. Create wireguard configuration file in /mnt/data/wireguard. Template: [wg0.conf](configs/wg0.conf)
1. Copy [20-wireguard.sh](on_boot.d/20-wireguard.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
1. Execute /mnt/data/on_boot.d/20-wireguard.sh
1. If you are running a server, make the appropriate firewall rules / port forwards
### Useful commands
```shell script
podman exec -it wireguard wg
podman exec -it wireguard wg-quick up wg0
podman exec -it wireguard wg-quick down wg0
```

12
wireguard-go/configs/wg0.conf Normal file
View File

@ -0,0 +1,12 @@
[Interface]
# Change to map to your subnet
Address = 10.20.0.3/24
PrivateKey = <server privatekey>
# Can be whatever port you like
ListenPort = 51820
[Peer]
PublicKey = <client public key>
Endpoint = <server ip>:<server port>
# Change to the CIDRs you want routed over the VPN
AllowedIPs = 10.20.0.0/24

1
wireguard-go/on_boot.d/20-wireguard.sh Normal file
View File

@ -0,0 +1 @@
podman run -i -d --rm --net=host --name wireguard --privileged -v /mnt/data/wireguard:/etc/wireguard -v /dev/net/tun:/dev/net/tun -e LOG_LEVEL=info -e WG_COLOR_MODE=always masipcat/wireguard-go