diff --git a/README.md b/README.md index 8f02939..0345b21 100644 --- a/README.md +++ b/README.md @@ -46,5 +46,6 @@ Not every stack is tested to fully work. - [ ] Sonarr (prototype state, working itself, but transmission-on-host integration didn't work due to path mismatch) - [x] Speedtest (LibreSpeed) - [x] Watchtower +- [ ] [Wireguard](https://hub.docker.com/r/cmulk/wireguard-docker) (prototype state) - [ ] Wordpress (prototype state) - [ ] YaCy (abandoned due to upstream code problems) diff --git a/wireguard/.env.dist b/wireguard/.env.dist new file mode 100644 index 0000000..ff40f29 --- /dev/null +++ b/wireguard/.env.dist @@ -0,0 +1,9 @@ +# https://hub.docker.com/r/cmulk/wireguard-docker + +PORT=5555 + +# Configuration directory where Wireguard configuration will be stored. +CONFIG_DIR=./config + +LOG_MAX_SIZE=5m +LOG_MAX_FILE=5 diff --git a/wireguard/.gitignore b/wireguard/.gitignore new file mode 100644 index 0000000..430cdc2 --- /dev/null +++ b/wireguard/.gitignore @@ -0,0 +1,2 @@ +config/* +!config/.gitkeep diff --git a/wireguard/README.md b/wireguard/README.md new file mode 100644 index 0000000..a767e81 --- /dev/null +++ b/wireguard/README.md @@ -0,0 +1,50 @@ +# Wireguard VPN + +![Wireguard Logo](https://www.wireguard.com/img/wireguard.svg) + +## Basic configuration + +### Create config files + +```shell +cp examples/server/wg0.conf.dist config/wg0.conf +``` + +You can edit configuration according to your needs. + +### Generate keys + +Don't forget to set public and private keys for the server and client! + +To get the keys you can use `genkeys` command: + +```shell +docker-compose run wireguard genkeys +``` + +Output example: + +``` +Private Key: aAaAAaaaAAaa+AAaAaAaAA1aa/aaAA1aaaaAa1aaaA1= +Public Key: /11a1aAaA1a/AAa11AAaa1AAa/AaAA1a1aaa11/AaAa= +``` + +Not you can use these keys in your configuration file. + +## Additional requirements + +### Kernel module + +You need to be sure that [Wireguard](https://www.wireguard.com/install/) kernel module is installed on the host system. + +#### Ubuntu / Debian + +For kernel versions [older than 5.6](https://www.phoronix.com/scan.php?page=news_item&px=Linux-5.6-Released): + +```shell +apt-get install -y --no-install-recommends wireguard-dkms +``` + +### See also + +You can also check Docker image instructions [here](https://hub.docker.com/r/cmulk/wireguard-docker). \ No newline at end of file diff --git a/wireguard/config/.gitkeep b/wireguard/config/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/wireguard/docker-compose.yml b/wireguard/docker-compose.yml new file mode 100644 index 0000000..dd6c466 --- /dev/null +++ b/wireguard/docker-compose.yml @@ -0,0 +1,26 @@ +version: '3.7' + +services: + wireguard: + # https://hub.docker.com/r/cmulk/wireguard-docker + image: cmulk/wireguard-docker:alpine + container_name: wireguard + volumes: + - "${CONFIG_DIR:-./config}:/etc/wireguard:ro" + networks: + - network + ports: + - "${PORT:-5555}:5555/udp" + env_file: .env + restart: unless-stopped + cap_add: + - NET_ADMIN + - SYS_MODULE + logging: + driver: "json-file" + options: + max-size: "${LOG_MAX_SIZE:-5m}" + max-file: "${LOG_MAX_FILE:-5}" + +networks: + network: diff --git a/wireguard/examples/client/wg0.conf.dist b/wireguard/examples/client/wg0.conf.dist new file mode 100644 index 0000000..628123c --- /dev/null +++ b/wireguard/examples/client/wg0.conf.dist @@ -0,0 +1,10 @@ +[Interface] +Address = 192.168.20.2/24 +PrivateKey = +ListenPort = 0 #needed for some clients to accept the config + +[Peer] +PublicKey = +Endpoint = :5555 +AllowedIPs = 0.0.0.0/0,::/0 #makes sure ALL traffic routed through VPN +PersistentKeepalive = diff --git a/wireguard/examples/server/wg0.conf.dist b/wireguard/examples/server/wg0.conf.dist new file mode 100644 index 0000000..6cd92d5 --- /dev/null +++ b/wireguard/examples/server/wg0.conf.dist @@ -0,0 +1,9 @@ +# https://github.com/cmulk/wireguard-docker#configuration +[Interface] +Address = 192.168.20.1/24 +PrivateKey = +ListenPort = 5555 + +[Peer] +PublicKey = +AllowedIPs = 192.168.20.2 \ No newline at end of file