63 lines
1.8 KiB
YAML
63 lines
1.8 KiB
YAML
---
|
|
# version: "3.2.3"
|
|
networks:
|
|
wg:
|
|
driver: bridge
|
|
default:
|
|
driver: bridge
|
|
volumes:
|
|
tscale_data:
|
|
driver: local
|
|
actual_data:
|
|
driver: local
|
|
services:
|
|
# @NOTE https://oneuptime.com/blog/post/2026-03-18-use-podman-containers-wireguard-vpn/view
|
|
wgclient:
|
|
image: lscr.io/linuxserver/wireguard:latest
|
|
container_name: wgclient
|
|
cap_add:
|
|
# - SYS_MODULE
|
|
- NET_ADMIN
|
|
restart: unless-stopped
|
|
volumes:
|
|
# - /lib/modules:/lib/modules:ro
|
|
- ~/.config/wireguard:/config/wg-confs:Z
|
|
networks:
|
|
- wg
|
|
ports:
|
|
- 51820:51820/udp
|
|
environment:
|
|
TZ: Etc/UTC
|
|
PUID: 1000
|
|
GUID: 1000
|
|
sysctls:
|
|
- net.ipv4.conf.all.src_valid_mark=1
|
|
- net.ipv6.conf.all.src_valid_mark=1
|
|
- net.ipv6.ip_forward=1data
|
|
- net.ipv4.ip_forward=1
|
|
|
|
# @NOTE https://tailscale.com/docs/features/containers/docker
|
|
# @NOTE https://tailscale.com/blog/docker-tailscale-guide
|
|
tailclient:
|
|
image: tailscale/tailscale:latest
|
|
container_name: tailclient
|
|
cap_add:
|
|
# - SYS_MODULE
|
|
- NET_ADMIN
|
|
restart: unless-stopped
|
|
volumes:
|
|
# - /lib/modules:/lib/modules:ro
|
|
- tscale_data:/var/lib/tailscale
|
|
- ~/.config/tailscale:/config
|
|
devices:
|
|
- /dev/net/tun:/dev/net/tun
|
|
hostname: nirvana
|
|
environment:
|
|
TS_AUTHKEY: ${TS_AUTHKEY:?Provide authentication key}?ephemeral=false
|
|
TS_SERVE_CONFIG: /config/${TS_SERVE_CONFIG_BASENAME:?Provide a basename for the Tailscale Serve configuration file}.json
|
|
TS_EXTRA_ARGS: "--advertise-tags=tag:container"
|
|
TS_STATE_DIR: "/var/lib/tailscale"
|
|
|
|
# @TODO make subsequent containers have 'network_mode' attrbute set to value 'service:wgclient'/'service:tailclient'
|
|
# OR make subsequent containers have 'networks' attribute set to list value with 'container:wgclient'/'contaner:tailclient' item
|