feat: Added wg-easy

dist/gitea/.env.template

@@ -1,5 +0,0 @@
-SERVICE_DOMAIN=gitea.example.com
-
-POSTGRES_DB=gitea
-POSTGRES_USER=postgres
-POSTGRES_PASSWORD=postgres

dist/gitea/compose.yaml

@@ -1,52 +0,0 @@
-networks:
-    gitea:
-        external: false
-    traefik-network:
-        external: true
-
-services:
-    gitea:
-        image: docker.gitea.com/gitea:1.25.3
-        container_name: gitea
-        environment:
-            - USER_UID=1000
-            - USER_GID=1000
-            - GITEA__database__DB_TYPE=postgres
-            - GITEA__database__HOST=db:5432
-            - GITEA__database__NAME=${POSTGRES_DB}
-            - GITEA__database__USER=${POSTGRES_USER}
-            - GITEA__database__PASSWD=${POSTGRES_PASSWORD}
-        networks:
-            - traefik-network
-            - gitea
-        volumes:
-            - ./gitea:/data
-            - /etc/timezone:/etc/timezone:ro
-            - /etc/localtime:/etc/locatltime:ro
-        labels:
-            - "traefik.enable=true"
-            - "traefik.docker.network=traefik-network"
-            - "traefik.http.routers.gitea.rule=Host(`${SERVICE_DOMAIN}`)"
-            - "traefik.http.routers.gitea.entrypoints=https"
-            - "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
-            - "traefik.http.routers.gitea.service=gitea-service"
-            - "traefik.http.services.gitea-service.loadbalancer.server.port=3000"
-            - "traefik.tcp.routers.gitea-openssh.rule=HostSNI(`*`)"
-            - "traefik.tcp.routers.gitea-openssh.entrypoints=gitea-openssh"
-            - "traefik.tcp.routers.gitea-openssh.service=gitea-openssh"
-            - "traefik.tcp.services.gitea-openssh-service.loadbalancer.server.port=22"
-        restart: unless-stopped
-        depends_on:
-            - db
-
-    db:
-        image: postgres:14.20-alpine3.23
-        environment:
-            - POSTGRES_USER=${POSTGRES_USER}
-            - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
-            - POSTGRES_DB=${POSTGRES_DB}
-        restart: unless-stopped
-        networks:
-            - gitea
-        volumes:
-            - ./postgre:/var/lib/postgresql/data

dist/traefik/.env.template

@@ -1,4 +0,0 @@
-BASE_DOMAIN=example.com
-SERVICE_DOMAIN=traefik.example.com
-# admin:admin
-DASHBOARD_HTPASSWORD=admin:$2b$10$1DxaLIdVmJVNcQUmMxdfiOjlnp2gDKiMQjpTNxagVJEoTGTUOfVnG

dist/traefik/compose.yaml

@@ -1,42 +0,0 @@
-networks:
-  traefik-network:
-
-services:
-  traefik:
-    image: traefik:v3.6.4
-    container_name: traefik
-    restart: unless-stopped
-    dns:
-      - 1.1.1.1
-      - 8.8.8.8
-    ports:
-      - 80:80
-      - 443:443
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.dashboard.rule=Host(`${SERVICE_DOMAIN}`)"
-      - "traefik.http.routers.dashboard.entrypoints=https"
-      - "traefik.http.routers.dashboard.service=api@internal"
-      - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.dashboard.middlewares=dashboard-auth"
-      - "traefik.http.middlewares.dashboard-auth.basicauth.users=${DASHBOARD_HTPASSWORD}"
-    command:
-      - "--log.level=DEBUG"
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-      - ./traefik.yaml:/traefik.yaml:ro
-      - ./acme.json:/acme.json
-      - ./certs:/certs
-    networks:
-      - traefik-network
-
-  traefik-certs-dumper:
-    image: ldez/traefik-certs-dumper:v2.9.3
-    container_name: traefik-certs-dumper
-    restart: unless-stopped
-    volumes:
-      - ./acme.json:/acme.json:ro
-      - ./certs:/output
-    environment:
-      - DOMAIN=${BASE_DOMAIN}
-    command: "file --version v2 --watch --source /acme.json --dest /output"

dist/traefik/traefik.yaml

@@ -1,26 +0,0 @@
-api:
-  insecure: false
-  dashboard: true
-
-entryPoints:
-  http:
-    address: ":80"
-    http:
-      redirections:
-        entryPoint:
-          to: https
-          scheme: https
-  https:
-    address: ":443"
-
-providers:
-  docker:
-    exposedByDefault: false
-
-certificatesResolvers:
-  letsencrypt:
-    acme:
-      email: YOUR_EMAIL@example.com
-      storage: /acme.json
-      httpChallenge:
-        entryPoint: web

dist/wg-easy/.env.template

@@ -0,0 +1,5 @@
+BASE_DOMAIN=example.com
+SERVICE_DOMAIN=wg-easy.example.com
+
+WG_NETWORK_SUBNET=10.42.42.0/24
+WG_NETWORK_ADDRESS=10.42.42.42

dist/wg-easy/compose.yaml

@@ -0,0 +1,41 @@
+services:
+  wg-easy:
+
+    image: ghcr.io/wg-easy/wg-easy:15
+    container_name: wg-easy
+    networks:
+      traefik-network: {}
+      wg:
+        ipv4_address: ${WG_NETWORK_ADDRESS}
+    volumes:
+      - ./etc_wireguard:/etc/wireguard
+      - /lib/modules:/lib/modules:ro
+    environment:
+      - WG_HOST=${SERVICE_DOMAIN}
+    ports:
+      - "51820:51820/udp"
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.src_valid_mark=1
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.wg-easy.rule=Host(`${SERVICE_DOMAIN}`)"
+      - "traefik.http.routers.wg-easy.entrypoints=https"
+      - "traefik.http.routers.wg-easy.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.wg-easy-service.service=wg-easy"
+      - "traefik.http.services.wg-easy-service.loadbalancer.server.port=51821"
+
+networks:
+  traefik-network:
+    external: true
+  wg:
+    driver: bridge
+    enable_ipv6: false
+    ipam:
+      driver: default
+      config:
+        - subnet: ${WG_NETWORK_SUBNET}