services: add vpn

services/openvpn/docker-compose.yml

@@ -1,18 +0,0 @@
-version: '3.8'
-
-services:
-  openvpn:
-    image: openvpn/openvpn-as:latest
-    container_name: openvpn
-    cap_add:
-      - MKNOD
-      - NET_ADMIN
-    devices:
-      - /dev/net/tun
-    ports:
-      - "192.168.100.58:943:943"
-      - "192.168.100.58:443:443"
-      - "192.168.100.58:1194:1194/udp"
-    volumes:
-      - /home/vm-user/remote-apps/openvpn:/openvpn
-    restart: unless-stopped

services/services.yaml

@@ -2,6 +2,10 @@ defaultServiceValues: &defaultServiceValues
   composeFile: "docker-compose.yml"
   envFile: ".env"
 
+vm-network-100-75: &vm-network-100-75
+  ip: "192.168.100.75"
+  user: vm-user
+
 vm-tools-100-65: &vm-tools-100-65
   ip: "192.168.100.65"
   user: vm-user
@@ -32,3 +36,11 @@ services:
     host:
       <<: *vm-tools-100-65
     <<: *defaultServiceValues
+
+  - name: "wireguard"
+    ports:
+      - 51820
+      - 5182
+    host:
+      <<: *vm-network-100-75
+    <<: *defaultServiceValues

services/wireguard/.env

@@ -0,0 +1 @@
+CONFIG_PATH="/home/vm-user/remote-apps/wireguard/etc"

services/wireguard/docker-compose.yml

@@ -0,0 +1,21 @@
+services:
+  wg-easy:
+    image: ghcr.io/wg-easy/wg-easy:latest
+    container_name: wg-easy
+    environment:
+      - PASSWORD_HASH=$$2a$$12$$OJUgCywoc/JuPvTO4hOzi.6toYnROQWdqYxnYCf5FSw2WSeygQF9K
+      - WG_HOST=wireguard.davydovcloud.com
+      - PEERDNS=auto
+    volumes:
+      - ${CONFIG_PATH}:/etc/wireguard
+      - /lib/modules:/lib/modules:ro
+    ports:
+      - "${SVC_PORT_1}:51820/udp"
+      - "${SVC_PORT_2}:51821/tcp"
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.src_valid_mark=1