server: add wg server

2020-02-24 10:07:39 +01:00 · 2020-02-24 10:07:39 +01:00 · 54cb0ac087
parent a2821d3b2e
commit 54cb0ac087
1 changed files with 14 additions and 0 deletions
--- a/server.yml
+++ b/server.yml
@ -182,6 +182,12 @@ services:
     - /etc/ssl/certs:/etc/ssl/certs:ro
     - /usr/share/ca-certificates:/usr/share/ca-certificates:ro

+  - name: wg
+    image: nemunaire/wg-manager:ffeb1c11a389f9d39c19c0eb26c47c982a7b8639-dirty
+    command: ["/bin/wg-manager", "-bind=172.17.0.15:81" ]
+    capabilities:
+     - all
+
  - name: ns
    image: nemunaire/unbound:ed3ccbb5340aefd48c53a97743fdc6edc7011103-amd64
    net: /run/netns/dmz-ns
@ -397,6 +403,7 @@ files:
              local-zone: "adlin.nemunai.re" typetransparent
              local-data: "adlin.nemunai.re TXT \"8dde678132d6c558fc6adaeb9f1d53bf6ec7b876308cf98c48604caa9138523c1ce58b672c87c7e7d9b7248b81804d3940dbf20bf263eeb683244f7c1143712d\""
              local-data: "auth.adlin.nemunai.re A 172.23.255.2"
+              local-data: "wg.adlin.nemunai.re A 172.17.0.15"
      remote-control:
             control-enable: no
      forward-zone:
@ -650,6 +657,13 @@ files:
      server 51.15.180.229
    mode: "0440"

+  - path: etc/wireguard/wg0.conf
+    contents: |
+      [Interface]
+      PrivateKey = SCGCKDuTm4PMOw+LXdK/2s8mxnv145QHOohKRq3vc2A=
+      ListenPort = 12912
+      Address = 172.23.191.254/18
+    mode: "0644"

  - path: srv/tftp
    directory: true