init

Dockerfile

@@ -0,0 +1,25 @@
+FROM debian:buster
+
+RUN echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable-wireguard.list && \
+ printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
+
+RUN apt update && \
+ apt install -y --no-install-recommends wireguard-tools iptables nano net-tools procps && \
+ apt clean
+
+# Copy configs
+COPY wg0.conf /etc/wireguard/wg0.conf
+COPY sysctl.conf /etc/systctl.conf
+
+# generate keys
+RUN cd /etc/wireguard && \
+umask 077 && \
+export PRIVKEY=$(wg genkey) && \
+echo $PRIVKEY | tee privatekey | wg pubkey | tee publickey && \
+echo $PRIVKEY | tee /etc/wireguard/wg0.conf 
+
+RUN sysctl -p
+RUN wg-quick up wg0
+RUN wg
+
+CMD sleep infinity

docker-compose.yaml

@@ -0,0 +1,7 @@
+version: '3'
+services: 
+  wg:
+    build: .
+    image: ducoterra/wireguard:0.0.1
+    cap_add: 
+      - sys_module

sysctl.conf

@@ -0,0 +1,2 @@
+net.ipv4.ip_forward=1
+net.ipv6.conf.all.forwarding=1

wg0.conf

@@ -0,0 +1,7 @@
+[Interface]
+Address = 10.10.0.1/24
+Address = fd86:ea04:1111::1/64
+SaveConfig = true
+PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o ens3 -j MASQUERADE
+ListenPort = 51820