initial release

2025-10-05 13:32:48 +01:00
parent 7c9c591f8f
commit 7a77645510
6 changed files with 198 additions and 0 deletions
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -0,0 +1,42 @@
+version: "3.9"
+
+services:
+  wireguard:
+    image: lscr.io/linuxserver/wireguard:latest
+    container_name: wg-gateway
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    ports:
+      - "51820:51820/udp"
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/London
+      # --- Auto-generate server + peers ---
+      - SERVERURL=<your.public.ip.or.domain>   # or "auto" if supported by your env
+      - SERVERPORT=51820
+      - PEERS=phone,ipad,laptop                 # names or a number, e.g. "3"
+      - INTERNAL_SUBNET=10.66.0.0               # /24 is implied by the image
+      - ALLOWEDIPS=0.0.0.0/0                    # road-warrior: route all traffic
+      - PEERDNS=10.66.0.1                       # optional; we force-redirect DNS anyway
+      - LOG_CONFS=true                          # see the generated peer QR codes in logs
+    sysctls:
+      net.ipv4.ip_forward: "1"
+      net.ipv6.conf.all.disable_ipv6: "1"
+      net.ipv4.conf.all.src_valid_mark: "1"
+    volumes:
+      - ./wireguard:/config                     # WireGuard configs live here
+      - /lib/modules:/lib/modules               # helps with kernel modules
+      # our startup script that applies Tor iptables rules inside WG's namespace
+      - ./custom-init:/custom-cont-init.d:ro
+
+  tor:
+    build: ./tor                                # same Dockerfile/torrc from earlier
+    container_name: tor
+    network_mode: "service:wg-gateway"          # share WG’s network namespace
+    depends_on:
+      - wireguard
+    restart: unless-stopped
+