wg-easy: Initial commit

wg-easy/.env.example

@@ -0,0 +1,5 @@
+WG_HOST=vpn_domain_goes_here
+WG_DOMAIN=web_ui_domain_goes_here
+WG_PASSWORD=password_goes_here
+WG_PORT=51820
+WG_DEFAULT_DNS=dns_servers_go_here

wg-easy/docker-compose.yml

@@ -0,0 +1,39 @@
+version: "3.9"
+
+networks:
+  public:
+    external: true
+  dns_net:
+    external: true
+
+services:
+  wg-easy:
+    image: weejewel/wg-easy
+    container_name: wg-easy
+    restart: always
+    environment:
+      - WG_HOST=${WG_HOST}
+      - PASSWORD=${WG_PASSWORD}
+      - WG_PORT=${WG_PORT}
+      - WG_DEFAULT_DNS=${WG_DEFAULT_DNS}
+    volumes:
+      - "./data:/etc/wireguard"
+    ports:
+      - "${WG_PORT}:51820/udp"
+      # - "51821:51821/tcp"
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.src_valid_mark=1
+    networks:
+      - public
+      - dns_net
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.wg.rule=Host(`${WG_DOMAIN}`)"
+      - "traefik.http.routers.wg.service=wg-service"
+      - "traefik.http.services.wg-service.loadbalancer.server.port=51821"
+      - "traefik.http.routers.wg.tls=true"
+      - "traefik.http.routers.wg.tls.certresolver=le"