From c1d5822f417c61f9d7bab3baa15c7dbb8bf5dd48 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 14 Nov 2025 14:10:07 +0000
Subject: [PATCH] Add hooks overrides support with environment variables

- Added WG_PRE_UP, WG_POST_UP, WG_PRE_DOWN, WG_POST_DOWN environment variables
- Created applyHooksOverrides() helper function
- Updated WireGuard service to apply hooks overrides when generating config
- Updated /api/admin/overrides endpoint to include hooks override information
- Updated documentation with hooks environment variables

Co-authored-by: kaaax0815 <32197462+kaaax0815@users.noreply.github.com>
---
 .../advanced/config/optional-config.md        |  9 +++++++
 src/server/api/admin/overrides.get.ts         |  6 +++++
 src/server/utils/WireGuard.ts                 |  3 ++-
 src/server/utils/config.ts                    | 26 +++++++++++++++++++
 4 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/docs/content/advanced/config/optional-config.md b/docs/content/advanced/config/optional-config.md
index 805f3f16..967e64a0 100644
--- a/docs/content/advanced/config/optional-config.md
+++ b/docs/content/advanced/config/optional-config.md
@@ -54,6 +54,15 @@ These environment variables allow you to override settings that would normally b
 | `WG_METRICS_PROMETHEUS` | `true` or `false` | Enable Prometheus metrics |
 | `WG_METRICS_JSON`       | `true` or `false` | Enable JSON metrics       |
 
+### Hooks
+
+| Env            | Example                   | Description           |
+| -------------- | ------------------------- | --------------------- |
+| `WG_PRE_UP`    | `echo "Starting WG"`      | PreUp hook command    |
+| `WG_POST_UP`   | `iptables -A FORWARD ...` | PostUp hook command   |
+| `WG_PRE_DOWN`  | `echo "Stopping WG"`      | PreDown hook command  |
+| `WG_POST_DOWN` | `iptables -D FORWARD ...` | PostDown hook command |
+
 /// warning | Override Behavior
 
 When these override environment variables are set:
diff --git a/src/server/api/admin/overrides.get.ts b/src/server/api/admin/overrides.get.ts
index dda4bb8a..ae3b2ef0 100644
--- a/src/server/api/admin/overrides.get.ts
+++ b/src/server/api/admin/overrides.get.ts
@@ -20,5 +20,11 @@ export default definePermissionEventHandler('admin', 'any', async () => {
       metricsPrometheus: WG_GENERAL_OVERRIDE_ENV.METRICS_PROMETHEUS !== undefined,
       metricsJson: WG_GENERAL_OVERRIDE_ENV.METRICS_JSON !== undefined,
     },
+    hooks: {
+      preUp: WG_HOOKS_OVERRIDE_ENV.PRE_UP !== undefined,
+      postUp: WG_HOOKS_OVERRIDE_ENV.POST_UP !== undefined,
+      preDown: WG_HOOKS_OVERRIDE_ENV.PRE_DOWN !== undefined,
+      postDown: WG_HOOKS_OVERRIDE_ENV.POST_DOWN !== undefined,
+    },
   };
 });
diff --git a/src/server/utils/WireGuard.ts b/src/server/utils/WireGuard.ts
index 27dbad50..8f4d875a 100644
--- a/src/server/utils/WireGuard.ts
+++ b/src/server/utils/WireGuard.ts
@@ -27,10 +27,11 @@ class WireGuard {
   async #saveWireguardConfig(wgInterface: InterfaceType) {
     const clients = await Database.clients.getAll();
     const hooks = await Database.hooks.get();
+    const hooksWithOverrides = applyHooksOverrides(hooks);
 
     const result = [];
     result.push(
-      wg.generateServerInterface(wgInterface, hooks, {
+      wg.generateServerInterface(wgInterface, hooksWithOverrides, {
         enableIpv6: !WG_ENV.DISABLE_IPV6,
       })
     );
diff --git a/src/server/utils/config.ts b/src/server/utils/config.ts
index 5e93e51e..0a8e29fd 100644
--- a/src/server/utils/config.ts
+++ b/src/server/utils/config.ts
@@ -107,6 +107,17 @@ export const WG_GENERAL_OVERRIDE_ENV = {
                  undefined,
 };
 
+export const WG_HOOKS_OVERRIDE_ENV = {
+  /** Override PreUp hook */
+  PRE_UP: process.env.WG_PRE_UP,
+  /** Override PostUp hook */
+  POST_UP: process.env.WG_POST_UP,
+  /** Override PreDown hook */
+  PRE_DOWN: process.env.WG_PRE_DOWN,
+  /** Override PostDown hook */
+  POST_DOWN: process.env.WG_POST_DOWN,
+};
+
 function assertEnv<T extends string>(env: T) {
   const val = process.env[env];
 
@@ -163,3 +174,18 @@ export function applyGeneralOverrides<
     metricsJson: WG_GENERAL_OVERRIDE_ENV.METRICS_JSON ?? generalConfig.metricsJson,
   };
 }
+
+/**
+ * Apply environment variable overrides to a hooks object
+ */
+export function applyHooksOverrides<
+  T extends { preUp: string; postUp: string; preDown: string; postDown: string },
+>(hooks: T): T {
+  return {
+    ...hooks,
+    preUp: WG_HOOKS_OVERRIDE_ENV.PRE_UP ?? hooks.preUp,
+    postUp: WG_HOOKS_OVERRIDE_ENV.POST_UP ?? hooks.postUp,
+    preDown: WG_HOOKS_OVERRIDE_ENV.PRE_DOWN ?? hooks.preDown,
+    postDown: WG_HOOKS_OVERRIDE_ENV.POST_DOWN ?? hooks.postDown,
+  };
+}