Injecting wireguard tunnels in to containers can be tricky, here's a script that tries to help.
Go to file
2024-09-07 17:05:24 +01:00
example-provisioner initial commit 2024-09-07 16:59:01 +01:00
example-systemd initial commit 2024-09-07 16:59:01 +01:00
.gitignore Initial commit 2024-09-07 13:07:23 +00:00
README.md initial commit 2024-09-07 16:59:01 +01:00
wireguard-inject.sh fix logic when updating modtimes 2024-09-07 17:05:24 +01:00

wireguard-inject

Provisioning wireguard tunnels between a host and namespaces can be tricky, particularly if the namespaces are dynamically created as when using containers.

wireguard-inject is a small shell script which can create and inject wireguard interfaces in to a namespace using a configuration directory and helper provisioning script.

The provisioning script includes a number of functions to identify actual and required tunnels, together with functions to add and remove tunnels appropriately. As such, the script can be used with arbirary configuration sources or namespace configurations.

The script is intended to run via a systemd path unit so that config changes are picked up immediately, and via a timer unit to validate the actual configuration on a periodic basis (for example, in case the namespace is re-created or a temporary error occurs)