basics

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "wireguard-go"]
+	path = wireguard-go
+	url = https://git.zx2c4.com/wireguard-go

Dockerfile

@@ -0,0 +1,28 @@
+FROM golang AS build
+
+COPY wireguard-go /go/src/wireguard
+
+WORKDIR /go/src/wireguard
+
+RUN echo "package main" > ./donotuseon_linux.go && go get
+
+RUN go build
+
+FROM frolvlad/alpine-glibc
+
+RUN echo http://nl.alpinelinux.org/alpine/edge/testing >> /etc/apk/repositories && apk --no-cache add wireguard-tools
+
+ENV WG_I_PREFER_BUGGY_USERSPACE_TO_POLISHED_KMOD=1
+
+COPY --from=build /go/bin/wireguard /usr/bin/wireguard-go
+
+COPY init.sh /init.sh
+
+RUN chmod +x /init.sh
+
+VOLUME /etc/wireguard/
+
+EXPOSE 51820/udp
+
+ENTRYPOINT /init.sh
+

init.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+umask 077
+set -e
+
+WG_IF=${WG_INTERFACE:-wg0}
+PHY_IF=${WG_HOST_INTERFACE:-eth0}
+ADDRESS=${WG_ADDRESS:-192.168.2.1/24}
+
+if [ ! -f "/etc/wireguard/$WG_IF.conf" ]; then
+ mkdir -p /etc/wireguard/keys
+ wg genkey | tee /etc/wireguard/keys/$WG_IF | wg pubkey > /etc/wireguard/keys/$WG_IF.pub
+ 
+ echo "[Interface]" > /etc/wireguard/$WG_IF.conf
+ echo "PrivateKey = $(cat /etc/wireguard/keys/$WG_IF)" >> /etc/wireguard/$WG_IF.conf
+ echo "Address = $ADDRESS" >> /etc/wireguard/$WG_IF.conf
+ echo "ListenPort = 51820" >> /etc/wireguard/$WG_IF.conf
+ echo "PostUp = iptables -A FORWARD -i $WG_IF -j ACCEPT; iptables -t nat -A POSTROUTING -o $PHY_IF -j MASQUERADE" >> /etc/wireguard/$WG_IF.conf
+ echo "PostDown = iptables -D FORWARD -i $WG_IF -j ACCEPT; iptables -t nat -D POSTROUTING -o $PHY_IF -j MASQUERADE" >> /etc/wireguard/$WG_IF.conf
+ echo "SaveConfig = true" >> /etc/wireguard/$WG_IF.conf
+ 
+ echo "Generated Config for $WG_IF, Publickey: $(cat /etc/wireguard/keys/$WG_IF.pub)"
+fi
+
+/usr/bin/wireguard-go -f $WG_IF

wireguard-go

@@ -0,0 +1 @@
+Subproject commit f49da8b7ad99b479b9221426eec865cd5ee09a30