Added interfaceOpts Adapted to usage in amnezia-wg (#56)

mikolajsobolewski · web-flow · commit 60ceb2d21e24 · 2024-09-08T06:56:19.000-05:00
I adapted this charr for usage in amnezia-wg (https://github.com/amnezia-vpn/amneziawg-tools) but we should to add extra obfuscation opts in interface part of config.
diff --git a/helm/wireguard/Chart.yaml b/helm/wireguard/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: wireguard
 description: A Helm chart for managing a wireguard vpn in kubernetes
 type: application
-version: 0.25.0
+version: 0.26.0
 appVersion: "0.0.0"
 maintainers:
   - name: bryopsida
diff --git a/helm/wireguard/README.md b/helm/wireguard/README.md
@@ -1,6 +1,6 @@
 # wireguard
 
-![Version: 0.25.0](https://img.shields.io/badge/Version-0.25.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.0](https://img.shields.io/badge/AppVersion-0.0.0-informational?style=flat-square)
+![Version: 0.26.0](https://img.shields.io/badge/Version-0.26.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.0](https://img.shields.io/badge/AppVersion-0.0.0-informational?style=flat-square)
 
 A Helm chart for managing a wireguard vpn in kubernetes
 
@@ -129,6 +129,7 @@ A Helm chart for managing a wireguard vpn in kubernetes
 | volumeMounts | object | `{}` | Passthrough pod volume mounts |
 | volumes | object | `{}` | Passthrough pod volumes |
 | wireguard.clients | list | `[]` | A collection of clients that will be added to wg0.conf, accepts objects with keys PublicKey and AllowedIPs (mandatory) and optional FriendlyName or FriendlyJson (https://github.com/MindFlavor/prometheus_wireguard_exporter#friendly-tags) and PersistentKeepalive (https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence), stored in secret |
+| wireguard.interfaceOpts | object | `{}` | A collection of extraopts for wireguard interface |
 | wireguard.natAddSourceNet | bool | `true` | Add the serverCidr to the nat source net option |
 | wireguard.serverAddress | string | `"10.34.0.1/24"` | Address of the VPN server |
 | wireguard.serverCidr | string | `"10.34.0.0/24"` | Subnet for your VPN, take care not to clash with cluster POD cidr |
diff --git a/helm/wireguard/templates/config.yaml b/helm/wireguard/templates/config.yaml
@@ -5,7 +5,9 @@ Address = {{ .Values.wireguard.serverAddress }}
 ListenPort = 51820
 PostUp = wg set wg0 private-key /etc/wireguard/privatekey && iptables -t nat -A POSTROUTING {{ $natSourceNetOption }} -o eth0 -j MASQUERADE
 PostDown = iptables -t nat -D POSTROUTING -s {{ $natSourceNetOption }} -o eth0 -j MASQUERADE
-
+{{- range $key, $value := .Values.wireguard.interfaceOpts }}
+{{ $key }} = {{ $value }}
+{{- end }}
 # Clients
 {{- range .Values.wireguard.clients }}
 [Peer]
@@ -34,4 +36,4 @@ metadata:
   name: "{{ .Release.Name }}-wg-config"
 data:
   wg0.conf: {{ include "wg-config-template" . | b64enc }}
-{{- end }}
+{{- end }}
diff --git a/helm/wireguard/values.yaml b/helm/wireguard/values.yaml
@@ -52,6 +52,8 @@ wireguard:
   serverCidr: 10.34.0.0/24
   # -- Add the serverCidr to the nat source net option
   natAddSourceNet: true
+  # -- A collection of extraopts for wireguard interface
+  interfaceOpts: {}
   # -- A collection of clients that will be added to wg0.conf, accepts objects with keys PublicKey and AllowedIPs (mandatory) and optional FriendlyName or FriendlyJson (https://github.com/MindFlavor/prometheus_wireguard_exporter#friendly-tags) and PersistentKeepalive (https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence), stored in secret
   clients: []
     # - FriendlyName: username1
