Skip to content

automatically restart wireguard container service on configuration update

License

Notifications You must be signed in to change notification settings

kking124/wireguard-monitor

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 

Repository files navigation

wireguard-monitor

Current Release Current Issues Current Pull Requests License (MIT)

A systemd service container to monitor wg0.conf and restart a docker container on the same host if the monitored file changes.

Features

  • Choose container name to restart

Run wireguard-monitor

You can run the container directly from the command line:

docker run -d --name wg-monitor \
    --security-opt seccomp=unconfined \  # see parent image
    --tmpfs /tmp \  # see parent image
    --tmpfs /run \  # see parent image
    --tmpfs /run/lock \  # see parent image
    -v /path/to/wireguard/config/folder:/etc/wireguard:ro # required
    -v /sys/fs/cgroup:/sys/fs/cgroup:ro \ # see parent image
    -v /var/run/docker.sock:/var/run/docker.sock \ #required
    -e SVC_HOST=docker \ #optional - currently docker is the only service host
    -e CONTAINER=wireguard \ #optional - default container name is wireguard
    kking124/wireguard-monitor

Or you can run using docker-compose:

version: "2.1"
services:
  wg-monitor:
    image: kking124/wireguard-monitor
    container_name: wg-monitor
    security_opt:
      - seccomp:unconfined # see parent image
    environment:
      - SVC_HOST=docker #optional - currently docker is the only service host
      - CONTAINER=wireguard #optional - default container name is wireguard
    volumes:
      - /path/to/wireguard/config:/etc/wireguard:ro # required
      - /sys/fs/cgroup:/sys/fs/cgroup:ro # see parent image
      - /var/run/docker.sock:/var/run/docker.sock # required if SVC_HOST=docker
    tmpfs:
      - /tmp # see parent image
      - /run # see parent image
      - /run/lock # see parent image
    tty: true # see parent image

Example Usage

Original use is in a 3 container setup with ghcr.io/linuxserver/wireguard and ngoduykhanh/wireguard-ui.

version: "2.1"
services:
  wireguard:
    image: ghcr.io/linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - PEERS=0
    volumes:
      - ./config:/config:ro
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: always
  wgui:
    image: ngoduykhanh/wireguard-ui
    container_name: wireguard-ui
    ports:
      - 5000:5000
    environment:
      - PASS="S0M3_C0MPLEX_P@$$W0RD"
    volumes:
      - ./config:/etc/wireguard
    depends_on:
      - "wireguard"
    restart: always
  wg-monitor:
    image: kking124/wireguard-monitor
    container_name: wireguard-monitor
    security_opt:
      - seccomp:unconfined # see parent image
    environment:
      - SVC_HOST=docker #optional - currently docker is the only service host
      - CONTAINER=wireguard #optional - default container name is wireguard
    volumes:
      - ./config:/etc/wireguard:ro # required
      - /sys/fs/cgroup:/sys/fs/cgroup:ro # see parent image
      - /var/run/docker.sock:/var/run/docker.sock # required if SVC_HOST=docker
    depends_on:
      - "wireguard"
    restart: always
    tmpfs:
      - /tmp # see parent image
      - /run # see parent image
      - /run/lock # see parent image
    tty: true # see parent image

For more information on the above wireguard container, see: https://github.com/linuxserver/docker-wireguard

For more information on the above admin ui container, see: https://github.com/ngoduykhanh/wireguard-ui

For more information on the parent image's startup values, see: https://github.com/j8r/dockerfiles/tree/master/systemd

Build

Build docker image

Go to the project src directory and run the following command:

docker build -t wireguard-monitor .

Contributions

Please make all pull requests to development. Pull requests to master will be rejected.

License

MIT. See LICENSE.

About

automatically restart wireguard container service on configuration update

Resources

License

Stars

Watchers

Forks