Hugging Face's logo

Spaces:
Fred808
/
NATO
Paused

App Files Community
NATO / entrypoint.sh
Fred808's picture
Fred808
Upload 4 files
5fe6df2 verified
raw
history blame contribute delete
1.13 kB
 #!/bin/bash
set -e
# Load WireGuard kernel module
modprobe wireguard || true
# Enable IP forwarding
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1
# Generate WireGuard config and keys if not present
if [ ! -f /etc/wireguard/wg0.conf ]; then
python3 /usr/local/bin/generate_wireguard_config.py
fi
# Set up NAT for eth0
iptables -t nat -C POSTROUTING -o eth0 -j MASQUERADE 2>/dev/null || \
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# Allow forwarding between wg0 and eth0
iptables -C FORWARD -i wg0 -o eth0 -j ACCEPT 2>/dev/null || \
iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT
iptables -C FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT 2>/dev/null || \
iptables -A FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# Save iptables rules
netfilter-persistent save || true
# Start WireGuard
wg-quick up wg0
# Health check loop (optional)
while true; do
sleep 60
if ! ip link show wg0 | grep -q 'state UP'; then
echo "[WARN] wg0 is down, restarting..."
wg-quick down wg0 || true
wg-quick up wg0
fi
done