If you don't know what Wireguard is, well, you should. It's fast, easy to setup and highly configurable. We will configure Wireguard for multiple users with various restrictions using iptables.
This should fit most setups (not mine though 😉)
// CheckTUN checks the tunnel device is present and accessible | |
func (c *configurator) CheckTUN() error { | |
c.logger.Info("%s: checking for device %s", logPrefix, constants.TunnelDevice) | |
f, err := c.openFile(string(constants.TunnelDevice), os.O_RDWR, 0) | |
if err != nil { | |
return fmt.Errorf("TUN device is not available: %w", err) | |
} | |
if err := f.Close(); err != nil { | |
c.logger.Warn("Could not close TUN device file: %s", err) | |
} |
func (c *configurator) CreateTUN() error { | |
c.logger.Info("%s: creating %s", logPrefix, constants.TunnelDevice) | |
if err := c.fileManager.CreateDir("/dev/net"); err != nil { | |
return err | |
} | |
dev := c.mkDev(10, 200) | |
if err := c.mkNod(string(constants.TunnelDevice), unix.S_IFCHR, int(dev)); err != nil { | |
return err | |
} | |
if err := c.fileManager.SetUserPermissions(string(constants.TunnelDevice), 666); err != nil { |
package command | |
import ( | |
"bufio" | |
"context" | |
"fmt" | |
"io" | |
) | |
type StreamMerger interface { |
func (c *commander) Start(name string, arg ...string) (stdoutPipe, stderrPipe io.ReadCloser, waitFn func() error, err error) { | |
cmd := c.execCommand(name, arg...) | |
stdout, err := cmd.StdoutPipe() | |
if err != nil { | |
return nil, nil, nil, err | |
} | |
stderr, err := cmd.StderrPipe() | |
if err != nil { | |
return nil, nil, nil, err | |
} |
{ | |
"global": { | |
"check_for_updates_on_startup": true, | |
"show_in_menu_bar": true, | |
"show_profile_name_in_menu_bar": false | |
}, | |
"profiles": [ | |
{ | |
"name": "Default profile", | |
"selected": true, |
name: Buildx latest | |
on: | |
push: | |
branches: [master] | |
paths-ignore: | |
- .github/workflows/buildx-release.yml | |
- README.md | |
jobs: | |
buildx: | |
runs-on: ubuntu-latest |
name: Buildx latest | |
on: | |
push: | |
branches: [master] | |
paths-ignore: | |
- .github/workflows/buildx-release.yml | |
- README.md | |
jobs: | |
buildx: | |
runs-on: ubuntu-latest |
name: Buildx release | |
on: | |
release: | |
types: [published] | |
paths-ignore: | |
- .github/workflows/buildx-latest.yml | |
- README.md | |
jobs: | |
buildx: |
If you don't know what Wireguard is, well, you should. It's fast, easy to setup and highly configurable. We will configure Wireguard for multiple users with various restrictions using iptables.
This should fit most setups (not mine though 😉)
FROM debian:buster-slim | |
WORKDIR /domoticz | |
EXPOSE 8080/tcp 443/tcp 6144 | |
ENTRYPOINT [ "/domoticz/domoticz" ] | |
RUN apt-get update -y && \ | |
apt-get install -y wget libusb-0.1-4 libcurl3-gnutls && \ | |
wget -q -O domoticz.tgz https://releases.domoticz.com/releases/release/domoticz_linux_x86_64.tgz && \ | |
tar -xf domoticz.tgz && \ | |
rm domoticz.tgz *.txt |