Add wireguard configuration.

2026-04-10 18:08:04 +00:00 · 2026-04-10 18:08:04 +00:00 · f5a53363e6
commit f5a53363e6
parent 512aedcb9f
11 changed files with 267 additions and 221 deletions
--- a/etc/boot.d/wireguard
+++ b/etc/boot.d/wireguard
@ -0,0 +1,3 @@
+#!/bin/bash
+
+wg-quick up wg0
--- a/etc/firewall/default_v4.rules
+++ b/etc/firewall/default_v4.rules
@ -1,7 +1,7 @@
-# These rules are applied as the default firewall when there are no state rules to be applied.
+# Generated by iptables-save v1.8.11 (nf_tables) on Fri Apr 10 15:06:21 2026
 *filter
 :INPUT DROP [0:0]
-:FORWARD DROP [0:0]
+:FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 :sshguard - [0:0]
 -A INPUT -m conntrack --ctstate INVALID -j DROP
@ -20,5 +20,7 @@
 -A INPUT -j sshguard
 -A INPUT -p tcp -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 873 -m conntrack --ctstate NEW -j ACCEPT
+-A INPUT -p udp -m udp --dport 25420 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 25443 -m conntrack --ctstate NEW -j ACCEPT
 COMMIT
+# Completed on Fri Apr 10 15:06:21 2026
--- a/etc/firewall/default_v6.rules
+++ b/etc/firewall/default_v6.rules
@ -1,4 +1,4 @@
-# These rules are applied as the default firewall when there are no state rules to be applied.
+# Generated by ip6tables-save v1.8.11 (nf_tables) on Fri Apr 10 16:11:30 2026
 *filter
 :INPUT DROP [0:0]
 :FORWARD DROP [0:0]
@ -22,5 +22,7 @@
 -A INPUT -j sshguard
 -A INPUT -p tcp -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 873 -m conntrack --ctstate NEW -j ACCEPT
+-A INPUT -p udp -m udp --dport 25420 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 25443 -m conntrack --ctstate NEW -j ACCEPT
 COMMIT
+# Completed on Fri Apr 10 16:11:30 2026
--- a/etc/shutdown.d/wireguard
+++ b/etc/shutdown.d/wireguard
@ -0,0 +1,3 @@
+#!/bin/bash
+
+wg-quick down wg0
--- a/etc/wireguard/.gitignore
+++ b/etc/wireguard/.gitignore
@ -0,0 +1,4 @@
+/*
+!/.gitignore
+!/*.gpg
+!/*-publickey
--- a/etc/wireguard/san1-privatekey.gpg
+++ b/etc/wireguard/san1-privatekey.gpg
--- a/etc/wireguard/san1-publickey
+++ b/etc/wireguard/san1-publickey
@ -0,0 +1 @@
+z51bpD32bhMN5qhkIqmnitYvQEi3fWhiLu+TmXP13C4=
--- a/etc/wireguard/server-privatekey.gpg
+++ b/etc/wireguard/server-privatekey.gpg
--- a/etc/wireguard/server-publickey
+++ b/etc/wireguard/server-publickey
@ -0,0 +1 @@
+ZHjeityzMN/2OVx/KLaafHds6QP1bMlWxZq3oVihvF8=
--- a/etc/wireguard/wg0.conf.gpg
+++ b/etc/wireguard/wg0.conf.gpg
@ -0,0 +1,3 @@
+Œ
	
+£Rî—,Ò÷ZÿÒÀƒg6p`èî×BåÓnE£!-¼<>6ŠEýîÎFV¤l{S64ó½úrÁ@9úBQ<42>„UwH%ž·Ÿ‚¤!˜¡‚<C2A1>‘—Ã{×½%€^ù_‹_1>Ã€þx¢¥ÙœK'dÕØ¤.b/áœeýF´P‰ÿ¤Ê]w»tb¾Å•°Þ÷ß¦·&ˆiböo_½–ûŠ½;ãAPòœ<nw<6E>|Â¢jÄŸªï’Ù¯«<C2AF>Ã<‘þ‚}ó®K!&“n—Ž8a˜Rô/ËqL3,dßv8 UèÅ…Þ×®Õ_wá¯4M ÒAB<41>aÜÙ) ¼<C2A0>€@
@l`÷th_
+>Ðÿ¤3ÙÿÖuËH9á›«Ê2}‹„q äYû8IYl¬qªƒaš4Î¹¬-06o™MûØs ¢7ÞÊÞo&v¢OYP(,–º
				`@ -0,0 +1 @@`
				`z51bpD32bhMN5qhkIqmnitYvQEi3fWhiLu+TmXP13C4=`
				`@ -0,0 +1 @@`
				`ZHjeityzMN/2OVx/KLaafHds6QP1bMlWxZq3oVihvF8=`