mirror of
https://github.com/wgtunnel/desktop.git
synced 2026-06-02 00:29:09 +02:00
zaneschepke
229 lines
5.7 KiB
Plaintext
229 lines
5.7 KiB
Plaintext
include required("https://raw.githubusercontent.com/hydraulic-software/conveyor/master/configs/jvm/extract-native-libraries.conf")
|
|
include required("composeApp/generated.conveyor.conf")
|
|
|
|
app {
|
|
fsname = wgtunnel
|
|
display-name = "WG Tunnel"
|
|
description = "WG Tunnel: WireGuard and AmneziaWG VPN client with auto-tunneling, lockdown and proxying."
|
|
license = MIT
|
|
homepage = "https://wgtunnel.com"
|
|
vcs-url = "https://github.com/wgtunnel/desktop"
|
|
|
|
updates = background
|
|
|
|
icons = ["icon.png"]
|
|
|
|
site {
|
|
display-name = "WG Tunnel"
|
|
|
|
show-conveyor-badge = true
|
|
theme = "dark"
|
|
}
|
|
|
|
jvm {
|
|
# for performance
|
|
options += "-XX:+UseG1GC"
|
|
options += "-XX:+UseStringDeduplication"
|
|
|
|
|
|
|
|
jlink-flags = [
|
|
"--compress=zip-9",
|
|
"--strip-debug"
|
|
]
|
|
|
|
# for high-res displays
|
|
system-properties {
|
|
"apple.laf.useScreenMenuBar" = "true"
|
|
}
|
|
|
|
modules = [ detect ]
|
|
|
|
gui {
|
|
main-class = com.zaneschepke.wireguardautotunnel.desktop.MainKt
|
|
}
|
|
|
|
cli {
|
|
wgtctl {
|
|
main-class = com.zaneschepke.wireguardautotunnel.cli.MainKt
|
|
exe-name = wgtctl
|
|
}
|
|
daemon {
|
|
main-class = com.zaneschepke.wireguardautotunnel.daemon.MainKt
|
|
console = false
|
|
}
|
|
}
|
|
}
|
|
|
|
inputs += "composeApp/build/libs/*.jar"
|
|
inputs += "daemon/build/install/daemon/lib/*.jar"
|
|
inputs += "cli/build/install/cli/lib/*.jar"
|
|
|
|
# Target platforms
|
|
machines = [
|
|
linux.amd64.glibc,
|
|
windows.amd64,
|
|
// windows.aarch64,
|
|
// mac.amd64,
|
|
// mac.aarch64
|
|
]
|
|
|
|
linux {
|
|
deb.depends = ["systemd"]
|
|
rpm.requires = ["systemd"]
|
|
|
|
gpg {
|
|
name = "WG Tunnel"
|
|
email = "support@wgtunnel.com"
|
|
}
|
|
|
|
apt {
|
|
codename = "stable"
|
|
component = "main"
|
|
architectures = ["amd64"]
|
|
}
|
|
|
|
desktop-file {
|
|
"Desktop Entry" {
|
|
Categories = "Network;Security;Settings;Utility;"
|
|
}
|
|
}
|
|
|
|
# for CLI
|
|
symlinks = [
|
|
/usr/bin/wgtunnel -> ${app.linux.install-path}/bin/wgtunnel,
|
|
/usr/bin/wgtctl -> ${app.linux.install-path}/bin/wgtctl,
|
|
]
|
|
|
|
services {
|
|
daemon {
|
|
include "/stdlib/linux/service.conf"
|
|
|
|
file-name = "wgtunnel-daemon.service"
|
|
|
|
# start early to avoid leaks
|
|
Unit {
|
|
Description = "WG Tunnel Daemon"
|
|
Documentation = "https://wgtunnel.com"
|
|
Before= network.target network-pre.target
|
|
Wants= network.target
|
|
After= local-fs.target
|
|
StartLimitBurst = 5
|
|
StartLimitIntervalSec = 20
|
|
}
|
|
|
|
Service {
|
|
Restart = always
|
|
RestartSec = 1s
|
|
ExecStart = ${app.linux.install-path}/bin/daemon
|
|
Type = exec
|
|
|
|
StandardOutput = journal
|
|
StandardError = journal
|
|
|
|
Environment = [
|
|
"WG_TUNNEL_SERVICE=1",
|
|
"HOME=%S/wgtunnel"
|
|
]
|
|
|
|
WorkingDirectory = ${app.linux.install-path}
|
|
|
|
# Allow socket access
|
|
UMask = 0000
|
|
|
|
ProtectSystem = true
|
|
|
|
StateDirectory = "wgtunnel"
|
|
LogsDirectory = "wgtunnel"
|
|
ConfigurationDirectory = "wgtunnel"
|
|
RuntimeDirectory = "wgtunnel"
|
|
RuntimeDirectoryMode = 0755
|
|
RuntimeDirectoryPreserve = "restart"
|
|
|
|
# Added CAP_DAC_OVERRIDE for per user IPC key read
|
|
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_DAC_OVERRIDE"
|
|
AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_DAC_OVERRIDE"
|
|
|
|
RestrictAddressFamilies = "AF_INET AF_INET6 AF_NETLINK AF_UNIX"
|
|
|
|
KillSignal = SIGTERM
|
|
TimeoutStopSec = 30
|
|
|
|
ReadWritePaths = [
|
|
"/run/wgtunnel",
|
|
"/etc/resolv.conf",
|
|
"/var/lib/wgtunnel",
|
|
"/home", # Need home to be able to read user's IPC key
|
|
|
|
# Optionally systemd-resolved paths for resolved support
|
|
"-/run/systemd/resolve",
|
|
"-/run/systemd/resolve/stub-resolv.conf",
|
|
"-/run/systemd/resolve/resolv.conf"
|
|
]
|
|
}
|
|
|
|
Install {
|
|
WantedBy = "multi-user.target"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
mac {
|
|
|
|
entitlements-plist = {
|
|
"com.apple.security.network.client" = true
|
|
"com.apple.security.network.server" = true
|
|
}
|
|
}
|
|
|
|
windows {
|
|
|
|
inputs += daemon/winsw/artifacts/publish/WinSW-x64.exe -> service-wrapper.exe
|
|
|
|
aarch64 {
|
|
inputs += tunnel/tools/wintun/arm64/wintun.dll -> wintun.dll
|
|
}
|
|
amd64 {
|
|
inputs += tunnel/tools/wintun/amd64/wintun.dll -> wintun.dll
|
|
}
|
|
|
|
manifests {
|
|
|
|
exe {
|
|
requested-execution-level = asInvoker
|
|
}
|
|
msix {
|
|
display-name = "WG Tunnel"
|
|
description = "WireGuard and AmneziaWG VPN client with auto-tunneling, lockdown and proxying."
|
|
|
|
min-version = "10.0.19041.0"
|
|
capabilities += "rescap:allowElevation"
|
|
capabilities += "rescap:localSystemServices"
|
|
capabilities += "rescap:packagedServices"
|
|
|
|
namespaces {
|
|
desktop6 = "http://schemas.microsoft.com/appx/manifest/desktop/windows10/6"
|
|
uap3 = "http://schemas.microsoft.com/appx/manifest/uap/windows10/3"
|
|
}
|
|
|
|
ignorable-namespaces += "desktop6"
|
|
ignorable-namespaces += "uap3"
|
|
|
|
extensions-xml = """
|
|
<desktop6:Extension Category="windows.service" Executable="bin/service-wrapper.exe" EntryPoint="Windows.FullTrustApplication">
|
|
<desktop6:Service Name="wgtunnel-daemon" StartupType="auto" StartAccount="localSystem" />
|
|
</desktop6:Extension>
|
|
"""
|
|
|
|
// WinSW will clean up daemon cache and socket in onuninstall hook of the windows service
|
|
virtualization {
|
|
excluded-directories += "LocalAppData/Temp"
|
|
}
|
|
}
|
|
}
|
|
|
|
start-on-login = false
|
|
}
|
|
}
|
|
conveyor.compatibility-level = 21 |