Closed mcmikemn closed 6 days ago
It appears that it should always recreate the config from .env vars:
https://github.com/EnigmaCurry/d.rymcg.tech/blob/c15bd53163c3ffdff1d8a7cd7cada87b3a695e8a/traefik/docker-compose.yaml#L204-L221 https://github.com/EnigmaCurry/d.rymcg.tech/blob/c15bd53163c3ffdff1d8a7cd7cada87b3a695e8a/traefik/wireguard-client-config/setup.sh#L8
Can you reproduce it?
Yes, I can reproduce it. Here are the steps:
make destroy
the sentrymake install
the sentry - it now has new wg keysmake config
the VM - config it with the new keysmake install
or make reinstall
the VMwg
on the VM shows the previous key next to "Peer" (not the new key) ah, I see this in the logs now:
# docker compose -f docker-compose.yaml --env-file=.env_delorean-traefik-public_default --project-name=traefik logs -f -t wireguard-client-config
wireguard-client-config-1 | 2024-07-02T00:41:28.646565121Z rm: cannot remove '/config/coredns/Corefile': Permission denied
wireguard-client-config-1 | 2024-07-02T00:41:28.646885993Z rm: cannot remove '/config/templates/server.conf': Permission denied
wireguard-client-config-1 | 2024-07-02T00:41:28.646912353Z rm: cannot remove '/config/templates/peer.conf': Permission denied
wireguard-client-config-1 | 2024-07-02T00:41:28.647626922Z rm: cannot remove '/config/wg_confs/wg0.conf': Permission denied
wireguard-client-config-1 | 2024-07-02T00:42:24.005893395Z rm: cannot remove '/config/coredns/Corefile': Permission denied
wireguard-client-config-1 | 2024-07-02T00:42:24.005927059Z rm: cannot remove '/config/templates/server.conf': Permission denied
wireguard-client-config-1 | 2024-07-02T00:42:24.005952682Z rm: cannot remove '/config/templates/peer.conf': Permission denied
wireguard-client-config-1 | 2024-07-02T00:42:24.005978896Z rm: cannot remove '/config/wg_confs/wg0.conf': Permission denied
Thanks, I found the permission error due to unnecessary capabilities drop. I fixed it in a42aa19 as part of #237 .
Once you install traefik with a wireguard-client container, if the peer keys change and you enter the new keys in traefik's config and run make reinstall, the wireguard-client container launches wg with the old keys. you have to
traefik/make destroy
first.