From a6e00ebb0f1fce49a05110183aab081044760d26 Mon Sep 17 00:00:00 2001 From: thespad Date: Sun, 1 Dec 2024 22:03:39 +0000 Subject: [PATCH] Add cap descriptions --- readme-vars.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/readme-vars.yml b/readme-vars.yml index 5d205009..4b40b7a3 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -35,8 +35,8 @@ param_env_vars: - { env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London"} cap_add_param: true cap_add_param_vars: - - { cap_add_var: "NET_ADMIN" } - - { cap_add_var: "SYS_MODULE" } + - { cap_add_var: "NET_ADMIN", desc: "Neccessary for Wireguard to create its VPN interface." } + - { cap_add_var: "SYS_MODULE", desc: "Neccessary for loading Wireguard kernel module if it's not already loaded." } custom_params: - { name: "sysctl", name_compose: "sysctls", value: ["net.ipv4.conf.all.src_valid_mark=1"], desc: "Required for client mode.", array: "true" } @@ -118,9 +118,9 @@ app_setup_block: | Site-to-site VPN in server mode requires customizing the `AllowedIPs` statement for a specific peer in `wg0.conf`. Since `wg0.conf` is autogenerated when server vars are changed, it is not recommended to edit it manually. In order to customize the `AllowedIPs` statement for a specific peer in `wg0.conf`, you can set an env var `SERVER_ALLOWEDIPS_PEER_` to the additional subnets you'd like to add, comma separated and excluding the peer IP (ie. `"192.168.1.0/24,192.168.2.0/24"`). Replace `` with either the name or number of a peer (whichever is used in the `PEERS` var). - + For instance `SERVER_ALLOWEDIPS_PEER_laptop="192.168.1.0/24,192.168.2.0/24"` will result in the wg0.conf entry `AllowedIPs = 10.13.13.2,192.168.1.0/24,192.168.2.0/24` for the peer named `laptop`. - + Keep in mind that this var will only be considered when the confs are regenerated. Adding this var for an existing peer won't force a regeneration. You can delete wg0.conf and restart the container to force regeneration if necessary. Don't forget to set the necessary POSTUP and POSTDOWN rules in your client's peer conf for lan access.