From a4dd96bf5a7b0a92252cb896ebc69f7bed83c1d3 Mon Sep 17 00:00:00 2001
From: kev <vimagick@gmail.com>
Date: Wed, 10 Jul 2019 04:08:34 +0800
Subject: [PATCH] add wireguard

---
 README.md                    |  1 +
 wireguard/Dockerfile         | 13 ++++++++++++
 wireguard/README.md          | 39 ++++++++++++++++++++++++++++++++++++
 wireguard/data/wg0.conf      | 10 +++++++++
 wireguard/docker-compose.yml | 12 +++++++++++
 5 files changed, 75 insertions(+)
 create mode 100644 wireguard/Dockerfile
 create mode 100644 wireguard/README.md
 create mode 100644 wireguard/data/wg0.conf
 create mode 100644 wireguard/docker-compose.yml

diff --git a/README.md b/README.md
index 9d6dafe..da80bb7 100644
--- a/README.md
+++ b/README.md
@@ -240,6 +240,7 @@ A collection of delicious docker recipes.
 - [x] strongswan :+1:
 - [x] tinc :+1:
 - [x] tinc-arm :+1:
+- [x] wiregurad :beetle:
 - [x] xl2tpd
 
 ## DNS
diff --git a/wireguard/Dockerfile b/wireguard/Dockerfile
new file mode 100644
index 0000000..012d154
--- /dev/null
+++ b/wireguard/Dockerfile
@@ -0,0 +1,13 @@
+#
+# Dockerfile for wireguard-arm
+#
+
+FROM arm32v7/alpine:edge
+
+MAINTAINER EasyPi Software Foundation
+
+RUN apk add --no-cache coreutils iptables wireguard-tools
+
+EXPOSE 51820/udp
+
+CMD ["wg", "--help"]
diff --git a/wireguard/README.md b/wireguard/README.md
new file mode 100644
index 0000000..40de01d
--- /dev/null
+++ b/wireguard/README.md
@@ -0,0 +1,39 @@
+wireguard
+=========
+
+## Install Kernel Module
+
+```bash
+$ apt update
+$ apt install -y dirmngr raspberrypi-kernel-headers
+$ echo 'deb http://deb.debian.org/debian/ unstable main' > /etc/apt/sources.list.d/unstable-wireguard.list
+$ printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' > /etc/apt/preferences.d/limit-unstable
+$ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC
+$ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138
+$ apt update
+$ apt install -y wireguard-dkms
+$ modprobe wireguard
+$ lsmod | grep wireguard
+```
+
+## Generate Keys
+
+```bash
+$ umask 077
+$ wg genkey | tee privatekey | wg pubkey > publickey
+```
+
+## Create Config
+
+```ini
+[Interface]
+Address = 192.168.32.1/24
+ListenPort = 51820
+PrivateKey = SMDPkZPE6R9VyqT3ucxE5v//GnIzzruYC0MPD5efr3w=
+PostUp = iptables -t nat -A POSTROUTING -s 192.168.32.0/24 -j MASQUERADE; iptables -t filter -A FORWARD -j ACCEPT
+PreDown = iptables -t nat -D POSTROUTING -s 192.168.32.0/24 -j MASQUERADE; iptables -t filter -D FORWARD -j ACCEPT
+
+# [Peer]
+# PublicKey = VMK48tEcTLBwzxS+2gx3MH4IRlE7upTKPkYIE/xa7S0=
+# AllowedIPs = 192.168.32.2/32
+```
diff --git a/wireguard/data/wg0.conf b/wireguard/data/wg0.conf
new file mode 100644
index 0000000..a7d2d0c
--- /dev/null
+++ b/wireguard/data/wg0.conf
@@ -0,0 +1,10 @@
+[Interface]
+Address = 192.168.32.1/24
+ListenPort = 51820
+PrivateKey = kNX2ozKebAlSd8P7mbRnm5RPT1/1l9DF05Nes9yjJ3o=
+PostUp = iptables -t nat -A POSTROUTING -s 192.168.32.0/24 -j MASQUERADE; iptables -t filter -A FORWARD -j ACCEPT
+PreDown = iptables -t nat -D POSTROUTING -s 192.168.32.0/24 -j MASQUERADE; iptables -t filter -D FORWARD -j ACCEPT
+
+[Peer]
+PublicKey = vrNjkdY8PT7AFcWr87uhrwuPPDgzNh1KA9zkyRiQSRM=
+AllowedIPs = 192.168.32.2/32
diff --git a/wireguard/docker-compose.yml b/wireguard/docker-compose.yml
new file mode 100644
index 0000000..6dc84f6
--- /dev/null
+++ b/wireguard/docker-compose.yml
@@ -0,0 +1,12 @@
+wireguard:
+  image: easypi/wireguard-arm
+  command: ["sh", "-c", "wg-quick up wg0 && sleep infinity"]
+  ports:
+    - "51820:51820/udp"
+  volumes:
+    - ./data:/etc/wireguard
+    - /lib/modules:/lib/modules
+  cap_add:
+    - NET_ADMIN
+    - SYS_MODULE
+  restart: unless-stopped