initial commit

wireguard/.env.example

@@ -0,0 +1,5 @@
+# DOMAIN_ROOT is the root domain that this service will register as with Traefik
+DOMAIN_ROOT=domain.tld
+
+# UI_PASSWORD if set, will be the required password for the admin UI
+UI_PASSWORD=

wireguard/docker-compose.yml

@@ -0,0 +1,53 @@
+version: "3"
+services:
+  wireguard:
+    image: ghcr.io/wg-easy/wg-easy
+    restart: unless-stopped
+    container_name: wireguard
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.wireguard.rule=Host(`wireguard.${DOMAIN_ROOT}`)"
+      - "traefik.http.services.wireguard.loadbalancer.server.port=51821"
+      - 'traefik.http.routers.wireguard.middlewares=authelia@docker'
+
+    ports:
+      - target: 51820
+        published: 51820
+        protocol: tcp
+        mode: host
+      - target: 51820
+        published: 51820
+        protocol: udp
+        mode: host
+ 
+    volumes:
+     - wireguard_data:/etc/wireguard
+
+    environment:
+      - WG_HOST=wireguard.${DOMAIN_ROOT}
+      - PASSWORD=${UI_PASSWORD}
+      - DOMAIN_ROOT=${DOMAIN_ROOT}
+
+    cap_add:
+     - NET_ADMIN
+     - SYS_MODULE 
+
+    sysctls:
+      - "net.ipv4.conf.all.src_valid_mark=1"
+      - "net.ipv4.ip_forward=1"
+
+    networks:
+      - default
+      - home-proxy
+
+
+volumes:
+  wireguard_data:
+    external: true
+
+networks:
+  default:
+  home-proxy:
+    external: true
+
+