Adding Wireguard prototype.

2020-07-26 23:03:17 +03:00 · 2020-07-26 23:03:17 +03:00 · 7fecc9b707
parent 9e5d89bb5d
commit 7fecc9b707
8 changed files with 107 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -46,5 +46,6 @@ Not every stack is tested to fully work.
 - [ ] Sonarr (prototype state, working itself, but transmission-on-host integration didn't work due to path mismatch)
 - [x] Speedtest (LibreSpeed)
 - [x] Watchtower
+- [ ] [Wireguard](https://hub.docker.com/r/cmulk/wireguard-docker) (prototype state)
 - [ ] Wordpress (prototype state)
 - [ ] YaCy (abandoned due to upstream code problems)
--- a/wireguard/.env.dist
+++ b/wireguard/.env.dist
@ -0,0 +1,9 @@
+# https://hub.docker.com/r/cmulk/wireguard-docker
+
+PORT=5555
+
+# Configuration directory where Wireguard configuration will be stored.
+CONFIG_DIR=./config
+
+LOG_MAX_SIZE=5m
+LOG_MAX_FILE=5
--- a/wireguard/.gitignore
+++ b/wireguard/.gitignore
@ -0,0 +1,2 @@
+config/*
+!config/.gitkeep
--- a/wireguard/README.md
+++ b/wireguard/README.md
@ -0,0 +1,50 @@
+# Wireguard VPN
+
+![Wireguard Logo](https://www.wireguard.com/img/wireguard.svg)
+
+## Basic configuration
+
+### Create config files
+
+```shell
+cp examples/server/wg0.conf.dist config/wg0.conf
+```
+
+You can edit configuration according to your needs.
+
+### Generate keys
+
+Don't forget to set public and private keys for the server and client!
+
+To get the keys you can use `genkeys` command:
+
+```shell
+docker-compose run wireguard genkeys
+```
+
+Output example:
+
+```
+Private Key:    aAaAAaaaAAaa+AAaAaAaAA1aa/aaAA1aaaaAa1aaaA1=
+Public Key:     /11a1aAaA1a/AAa11AAaa1AAa/AaAA1a1aaa11/AaAa=
+```
+
+Not you can use these keys in your configuration file.
+
+## Additional requirements
+
+### Kernel module
+
+You need to be sure that [Wireguard](https://www.wireguard.com/install/) kernel module is installed on the host system.
+
+#### Ubuntu / Debian
+
+For kernel versions [older than 5.6](https://www.phoronix.com/scan.php?page=news_item&px=Linux-5.6-Released):
+
+```shell
+apt-get install -y --no-install-recommends wireguard-dkms
+```
+
+### See also
+
+You can also check Docker image instructions [here](https://hub.docker.com/r/cmulk/wireguard-docker).
--- a/wireguard/config/.gitkeep
+++ b/wireguard/config/.gitkeep
--- a/wireguard/docker-compose.yml
+++ b/wireguard/docker-compose.yml
@ -0,0 +1,26 @@
+version: '3.7'
+
+services:
+  wireguard:
+    # https://hub.docker.com/r/cmulk/wireguard-docker
+    image: cmulk/wireguard-docker:alpine
+    container_name: wireguard
+    volumes:
+      - "${CONFIG_DIR:-./config}:/etc/wireguard:ro"
+    networks:
+      - network
+    ports:
+    - "${PORT:-5555}:5555/udp"
+    env_file: .env
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "${LOG_MAX_SIZE:-5m}"
+        max-file: "${LOG_MAX_FILE:-5}"
+
+networks:
+  network:
--- a/wireguard/examples/client/wg0.conf.dist
+++ b/wireguard/examples/client/wg0.conf.dist
@ -0,0 +1,10 @@
+[Interface]
+Address = 192.168.20.2/24
+PrivateKey = <client_private_key>
+ListenPort = 0 #needed for some clients to accept the config
+
+[Peer]
+PublicKey = <server_public_key>
+Endpoint = <server_public_ip>:5555
+AllowedIPs = 0.0.0.0/0,::/0 #makes sure ALL traffic routed through VPN
+PersistentKeepalive =
--- a/wireguard/examples/server/wg0.conf.dist
+++ b/wireguard/examples/server/wg0.conf.dist
@ -0,0 +1,9 @@
+# https://github.com/cmulk/wireguard-docker#configuration
+[Interface]
+Address = 192.168.20.1/24
+PrivateKey = <server_private_key>
+ListenPort = 5555
+
+[Peer]
+PublicKey = <client_public_key>
+AllowedIPs = 192.168.20.2