From 095d1475d1e4a54f4de9904f3e3bb4befeb8f757 Mon Sep 17 00:00:00 2001
From: kev <vimagick@gmail.com>
Date: Wed, 3 Feb 2021 17:05:06 +0800
Subject: [PATCH] update wireguard

---
 README.md                    |  1 +
 wireguard/Dockerfile         | 13 ---------
 wireguard/README.md          | 51 ++++++++++++++++--------------------
 wireguard/data/wg0.conf      | 10 -------
 wireguard/docker-compose.yml | 38 ++++++++++++++++++---------
 5 files changed, 49 insertions(+), 64 deletions(-)
 delete mode 100644 wireguard/Dockerfile
 delete mode 100644 wireguard/data/wg0.conf

diff --git a/README.md b/README.md
index d365597..b8f995e 100644
--- a/README.md
+++ b/README.md
@@ -392,6 +392,7 @@ A collection of delicious docker recipes.
 - [x] wekanteam/wekan
 - [x] requarks/wiki
 - [x] yourls
+- [x] ghcr.io/linuxserver/wireguard
 - [x] zookeeper
 - [x] elkozmon/zoonavigator
 
diff --git a/wireguard/Dockerfile b/wireguard/Dockerfile
deleted file mode 100644
index 20b35df..0000000
--- a/wireguard/Dockerfile
+++ /dev/null
@@ -1,13 +0,0 @@
-#
-# Dockerfile for wireguard-arm
-#
-
-FROM arm32v7/alpine
-
-MAINTAINER EasyPi Software Foundation
-
-RUN apk add --no-cache coreutils iptables wireguard-tools
-
-EXPOSE 51820/udp
-
-CMD ["wg", "--help"]
diff --git a/wireguard/README.md b/wireguard/README.md
index 40de01d..5797199 100644
--- a/wireguard/README.md
+++ b/wireguard/README.md
@@ -1,39 +1,32 @@
 wireguard
 =========
 
-## Install Kernel Module
+[WireGuard®][1] is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN.
+
+
+## Up and Running
 
 ```bash
+$ echo 'deb http://deb.debian.org/debian buster-backports main contrib non-free' > /etc/apt/sources.list.d/buster-backports.list
 $ apt update
-$ apt install -y dirmngr raspberrypi-kernel-headers
-$ echo 'deb http://deb.debian.org/debian/ unstable main' > /etc/apt/sources.list.d/unstable-wireguard.list
-$ printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' > /etc/apt/preferences.d/limit-unstable
-$ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC
-$ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138
-$ apt update
-$ apt install -y wireguard-dkms
-$ modprobe wireguard
-$ lsmod | grep wireguard
+$ apt install wireguard
+$ docker-compose up -d
+$ docker-compose logs -f wireguard
+$ tree -d
+└── data
+    ├── coredns
+    ├── peer1
+    ├── peer2
+    ├── peer3
+    ├── server
+    └── templates
 ```
 
-## Generate Keys
+## GUI Clients
 
-```bash
-$ umask 077
-$ wg genkey | tee privatekey | wg pubkey > publickey
-```
+- Android: https://f-droid.org/en/packages/com.wireguard.android/
+- iOS: https://itunes.apple.com/us/app/wireguard/id1441195209
+- MacOS: https://itunes.apple.com/us/app/wireguard/id1451685025
+- Windows: https://download.wireguard.com/windows-client/
 
-## Create Config
-
-```ini
-[Interface]
-Address = 192.168.32.1/24
-ListenPort = 51820
-PrivateKey = SMDPkZPE6R9VyqT3ucxE5v//GnIzzruYC0MPD5efr3w=
-PostUp = iptables -t nat -A POSTROUTING -s 192.168.32.0/24 -j MASQUERADE; iptables -t filter -A FORWARD -j ACCEPT
-PreDown = iptables -t nat -D POSTROUTING -s 192.168.32.0/24 -j MASQUERADE; iptables -t filter -D FORWARD -j ACCEPT
-
-# [Peer]
-# PublicKey = VMK48tEcTLBwzxS+2gx3MH4IRlE7upTKPkYIE/xa7S0=
-# AllowedIPs = 192.168.32.2/32
-```
+[1]: https://www.wireguard.com/
diff --git a/wireguard/data/wg0.conf b/wireguard/data/wg0.conf
deleted file mode 100644
index a7d2d0c..0000000
--- a/wireguard/data/wg0.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-[Interface]
-Address = 192.168.32.1/24
-ListenPort = 51820
-PrivateKey = kNX2ozKebAlSd8P7mbRnm5RPT1/1l9DF05Nes9yjJ3o=
-PostUp = iptables -t nat -A POSTROUTING -s 192.168.32.0/24 -j MASQUERADE; iptables -t filter -A FORWARD -j ACCEPT
-PreDown = iptables -t nat -D POSTROUTING -s 192.168.32.0/24 -j MASQUERADE; iptables -t filter -D FORWARD -j ACCEPT
-
-[Peer]
-PublicKey = vrNjkdY8PT7AFcWr87uhrwuPPDgzNh1KA9zkyRiQSRM=
-AllowedIPs = 192.168.32.2/32
diff --git a/wireguard/docker-compose.yml b/wireguard/docker-compose.yml
index 6dc84f6..c6991c9 100644
--- a/wireguard/docker-compose.yml
+++ b/wireguard/docker-compose.yml
@@ -1,12 +1,26 @@
-wireguard:
-  image: easypi/wireguard-arm
-  command: ["sh", "-c", "wg-quick up wg0 && sleep infinity"]
-  ports:
-    - "51820:51820/udp"
-  volumes:
-    - ./data:/etc/wireguard
-    - /lib/modules:/lib/modules
-  cap_add:
-    - NET_ADMIN
-    - SYS_MODULE
-  restart: unless-stopped
+version: "3.8"
+services:
+  wireguard:
+    image: ghcr.io/linuxserver/wireguard
+    container_name: wireguard
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=UTC
+      - SERVERURL=easypi.duckdns.org
+      - SERVERPORT=51820
+      - PEERS=3
+      - PEERDNS=auto
+      - INTERNAL_SUBNET=10.18.18.0
+      - ALLOWEDIPS=0.0.0.0/0
+    volumes:
+      - ./data:/config
+      - /lib/modules:/lib/modules
+    ports:
+      - 51820:51820/udp
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1
+    restart: unless-stopped