many new containers. work in progress

diy-tunnel/public/docker-container/README.md

@@ -0,0 +1 @@
+Another nice option is instead of installing wireguard on the bare machine, we can fire it up within our existing `docker-compose.yml` and easily expose services from a set of docker containers.

diy-tunnel/public/docker-container/docker-compose.yml

@@ -0,0 +1,27 @@
+services:
+
+  wireguard:
+    image: lscr.io/linuxserver/wireguard:latest
+    hostname: THEPRIVATESERVER
+    cap_add:
+      - NET_ADMIN
+    environment:
+      - TZ=America/Edmonton
+    volumes:
+      - ./wg0.conf:/config/wg_confs/wg0.conf
+    restart: always
+    sysctls:
+      - net.ipv4.ip_forward=1
+
+  caddy:
+    image: caddy:latest
+    restart: always
+    # this is the special sauce.  This attaches this container to the
+    # network context of the wireguard container.  Essentially this means
+    # that Caddy is listening on 10.0.0.2 now.
+    # If you have other containers exposing additional ports, do the same to them.
+    network_mode: service:wireguard
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile    # Mount Caddyfile for configuration
+      - ./webroot:/srv/www                  # Mount local www directory to container
+      - ./data/caddy:/data/caddy            # Persistent storage for certificates

diy-tunnel/public/docker-container/wg0.conf

@@ -0,0 +1,13 @@
+[Interface]
+Address = 10.0.0.2/24         # Private IP for the home server in the VPN network
+PrivateKey = #### PRIVATE KEY OF PRIVATE SERVER ####
+Table = 123
+
+PreUp = ip rule add from 10.0.0.2 table 123 priority 1
+PostDown = ip rule del from 10.0.0.2 table 123 priority 1
+
+[Peer]
+PublicKey = #### PUBLIC KEY OF PUBLIC SERVER ####
+AllowedIPs = 0.0.0.0/0
+Endpoint = 999.999.999.999:51820
+PersistentKeepalive = 25