hoelsner/Dockerfile Secret

## docker-compose.yml
version: "3.9"

networks:
  wireguard_network:
    enable_ipv6: true
    name: wg_internal
    driver_opts:
      com.docker.network.enable_ipv6: "true"
    ipam:
      config:
        - subnet: "172.29.0.0/28"
          gateway: "172.29.0.1"
        - subnet: "FD00::0:0/112"
          gateway: "FD00::0:EEEE"

services:
  wireguard_hub:
    image: localhost.local/wireguard-container-endpoint:test
    cap_add:
      - NET_ADMIN
    sysctls:
      - "net.ipv4.ip_forward=1"
      - "net.ipv4.conf.all.src_valid_mark=1"
      - "net.ipv6.conf.all.forwarding=1"
      - "net.ipv6.conf.all.disable_ipv6=0"
    # use Dockerfile from this gist
    build:
      context: .
    command: sleep infinity
    ports:
      - 0.0.0.0:51820:51820/udp
    networks:
      wireguard_network:
        ipv4_address: "172.29.0.2"
        ipv6_address: "FD00::0:2"

  nginx_demo:
    image: nginxdemos/nginx-hello:latest
    networks:
      wireguard_network:
        ipv4_address: "172.29.0.3"
        ipv6_address: "FD00::0:3"

## Dockerfile
# dockerfile for the Wireguard Container Endpoint
# container required cap-add=NET_ADMIN and cap-add=NET_RAW to work properly
FROM ubuntu:20.04

ENV PATH="/home/appuser/.local/bin:${PATH}"

ADD --chown=root:root https://raw.githubusercontent.com/WireGuard/wireguard-tools/v1.0.20210914/contrib/json/wg-json /bin/wg-json

RUN set -x \
	&& apt-get update \
	&& apt-get install -y --no-install-recommends \
        curl=7.68.0-1ubuntu2.7 \
        wireguard=1.0.20200513-1~20.04.2 \
        wireguard-tools=1.0.20200513-1~20.04.2 \
        iproute2=5.5.0-1ubuntu1 \
        iputils-ping=3:20190709-3 \
        inetutils-traceroute=2:1.9.4-11ubuntu0.1 \
        iptables=1.8.4-3ubuntu2 \
        nano=4.8-1ubuntu1 \
	&& apt-get clean autoclean \
	&& apt-get autoremove -y \
    && chmod 755 /bin/wg-json  \
	&& rm -rf /var/lib/apt/lists/*

# the container must be root, because it uses wg-quick and various other commands to
# configure the wireguard endpoints (otherwise, it won't work)
USER root

CMD ["/bin/bash"]
	version: "3.9"

	networks:
	wireguard_network:
	enable_ipv6: true
	name: wg_internal
	driver_opts:
	com.docker.network.enable_ipv6: "true"
	ipam:
	config:
	- subnet: "172.29.0.0/28"
	gateway: "172.29.0.1"
	- subnet: "FD00::0:0/112"
	gateway: "FD00::0:EEEE"

	services:
	wireguard_hub:
	image: localhost.local/wireguard-container-endpoint:test
	cap_add:
	- NET_ADMIN
	sysctls:
	- "net.ipv4.ip_forward=1"
	- "net.ipv4.conf.all.src_valid_mark=1"
	- "net.ipv6.conf.all.forwarding=1"
	- "net.ipv6.conf.all.disable_ipv6=0"
	# use Dockerfile from this gist
	build:
	context: .
	command: sleep infinity
	ports:
	- 0.0.0.0:51820:51820/udp
	networks:
	wireguard_network:
	ipv4_address: "172.29.0.2"
	ipv6_address: "FD00::0:2"

	nginx_demo:
	image: nginxdemos/nginx-hello:latest
	networks:
	wireguard_network:
	ipv4_address: "172.29.0.3"
	ipv6_address: "FD00::0:3"
	# dockerfile for the Wireguard Container Endpoint
	# container required cap-add=NET_ADMIN and cap-add=NET_RAW to work properly
	FROM ubuntu:20.04

	ENV PATH="/home/appuser/.local/bin:${PATH}"

	ADD --chown=root:root https://raw.githubusercontent.com/WireGuard/wireguard-tools/v1.0.20210914/contrib/json/wg-json /bin/wg-json

	RUN set -x \
	&& apt-get update \
	&& apt-get install -y --no-install-recommends \
	curl=7.68.0-1ubuntu2.7 \
	wireguard=1.0.20200513-1~20.04.2 \
	wireguard-tools=1.0.20200513-1~20.04.2 \
	iproute2=5.5.0-1ubuntu1 \
	iputils-ping=3:20190709-3 \
	inetutils-traceroute=2:1.9.4-11ubuntu0.1 \
	iptables=1.8.4-3ubuntu2 \
	nano=4.8-1ubuntu1 \
	&& apt-get clean autoclean \
	&& apt-get autoremove -y \
	&& chmod 755 /bin/wg-json \
	&& rm -rf /var/lib/apt/lists/*

	# the container must be root, because it uses wg-quick and various other commands to
	# configure the wireguard endpoints (otherwise, it won't work)
	USER root

	CMD ["/bin/bash"]