From f2722e16fcb42e04868b9d3c140d6b567bb1b1ca Mon Sep 17 00:00:00 2001
From: edipretoro <edipretoro@gmail.com>
Date: Wed, 9 Oct 2024 15:43:54 +0200
Subject: [PATCH] Adding the orchestration file

---
 docker-compose.yml | 56 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 docker-compose.yml

diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..8728ad3
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,56 @@
+networks:
+  traefik:
+    external: true
+  wireguardvpn:
+services:
+  wireguardvpn:
+    environment:
+      - LANG=fr
+      - WG_HOST=vpn.edipretoro.be
+      - PASSWORD_HASH=$ENV{WIREGUARD_UI_PASSWORD}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      - "traefik.http.services.wg.loadbalancer.server.port=51821"
+      - "traefik.http.routers.wg.service=wg"
+      - "traefik.http.routers.wg.rule=Host(`vpn.edipretoro.be`)"
+      - "traefik.http.routers.wg.entrypoints=wireguardvpn"
+      - "traefik.http.routers.wg.tls.certresolver=ovhtls"
+
+      # Optional:
+      # - PORT=51821
+      # - WG_PORT=51820
+      # - WG_CONFIG_PORT=92820
+      # - WG_DEFAULT_ADDRESS=10.8.0.x
+      # - WG_DEFAULT_DNS=1.1.1.1
+      # - WG_MTU=1420
+      # - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24
+      # - WG_PERSISTENT_KEEPALIVE=25
+      # - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
+      # - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
+      # - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
+      # - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt
+      # - UI_TRAFFIC_STATS=true
+      # - UI_CHART_TYPE=0 # (0 Charts disabled, 1 # Line chart, 2 # Area chart, 3 # Bar chart)
+      # - WG_ENABLE_ONE_TIME_LINKS=true
+      # - UI_ENABLE_SORT_CLIENTS=true
+      # - WG_ENABLE_EXPIRES_TIME=true
+      # - ENABLE_PROMETHEUS_METRICS=false
+      # - PROMETHEUS_METRICS_PASSWORD=$$2a$$12$$vkvKpeEAHD78gasyawIod.1leBMKg8sBwKW.pQyNsq78bXV3INf2G # (needs double $$, hash of 'prometheus_password'; see "How_to_generate_an_bcrypt_hash.md" for generate the hash)
+
+    image: ghcr.io/wg-easy/wg-easy
+    container_name: wireguardvpn
+    networks:
+      - traefik
+    volumes:
+      - ./mnt/etc/wireguard:/etc/wireguard
+    ports:
+      - "51820:51820/udp"
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+      # - NET_RAW # ⚠️ Uncomment if using Podman
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.src_valid_mark=1