update docker compose and readme

docker-compose.yaml

@@ -31,25 +31,56 @@ services:
     environment:
       - PUID=1000
       - PGID=1000
-      - TZ=Etc/UTC
-      - SERVERURL=vpn-hinterwaldner.duckdns.org
+      - TZ=Europe/Vienna
+      - SERVERURL=vpn.pstruebi.xyz
       - SERVERPORT=51821 #optional
-      - PEERS=raspi #optional
+      - PEERS=11 #optional
       - PEERDNS=auto #optional
+      - PERSISTENTKEEPALIVE_PEERS=all
+      - ALLOWEDIPS=0.0.0.0/0 #optional
       #- INTERNAL_SUBNET=10.13.13.0 #optional
-      #- ALLOWEDIPS=0.0.0.0/0 #optional
-      #- PERSISTENTKEEPALIVE_PEERS= #optional
       #- LOG_CONFS=true #optional
     volumes:
-      - wireguard:/config
+      - ./wg_conf:/config
+      #- wireguard:/config
       #- /lib/modules:/lib/modules #optional
     ports:
       - 51821:51820/udp
+      - "7999:7999" #auracast-translator
     sysctls:
       - net.ipv4.conf.all.src_valid_mark=1
     networks:
       - default
 
+
+# needs time for first boot since xtts model is downloaded
+  auracast-translator: 
+    container_name: auracast-translator
+    build:
+      context: ../auracast-translator
+      dockerfile: Dockerfile
+      ssh: 
+        - default=~/.ssh/id_ed25519 #lappi
+    restart: unless-stopped
+    depends_on: 
+      - wireguard
+    network_mode: service:wireguard # not sure if this is the best way
+    #ports:
+    #  - "7999:7999" #auracast-translator
+    #networks:
+    #  - default
+    environment:
+      - LOG_LEVEL=INFO
+      - PYTHONUNBUFFERED=1
+
+    deploy: # for tts on gpu
+      resources:
+        reservations:
+          devices:
+            - driver: nvidia
+              count: 1
+              capabilities: [gpu]
+
   webui:
     container_name: webui
     build:
@@ -63,33 +94,10 @@ services:
     environment:
       - PYTHONUNBUFFERED=1
       # Change this URL if the translator service is running on a different host
-      - TRANSLATOR_API_BASE_URL=http://auracast-translator:7999
+      - TRANSLATOR_API_BASE_URL=http://wireguard:7999 # http://auracast-translator:7999
     networks:
       - default
 
-# needs time for first boot since xtts model is downloaded
-  auracast-translator: 
-    build:
-      context: ../auracast-translator
-      dockerfile: Dockerfile
-      ssh: 
-        - default=~/.ssh/id_ed25519 #lappi
-    restart: unless-stopped
-    ports:
-      - "7999:7999"
-    environment:
-      - LOG_LEVEL=INFO
-      - PYTHONUNBUFFERED=1
-    networks:
-      - default
-
-    deploy: # for tts on gpu
-      resources:
-        reservations:
-          devices:
-            - driver: nvidia
-              count: 1
-              capabilities: [gpu]
 
 volumes:
   ollama:

readme.md

@@ -4,5 +4,5 @@ For building with dockerfiles, clone this repo to a directory together with aura
 # read logs interactively from a docker container
 - docker start -ai <container_name>
 
-# exec cmds inside container
+# exec cmds inside container (container must be running)
 docker exec -it ollama /bin/bash

wg_conf/.donoteditthisfile

@@ -0,0 +1,7 @@
+ORIG_SERVERURL="vpn.pstruebi.xyz"
+ORIG_SERVERPORT="51821"
+ORIG_PEERDNS="10.13.13.1"
+ORIG_PEERS="11"
+ORIG_INTERFACE="10.13.13"
+ORIG_ALLOWEDIPS="0.0.0.0/0"
+ORIG_PERSISTENTKEEPALIVE_PEERS="all"

wg_conf/coredns/Corefile

@@ -0,0 +1,6 @@
+. {
+    loop
+    errors
+    health
+    forward . /etc/resolv.conf
+}

wg_conf/peer1/peer1.conf

@@ -0,0 +1,11 @@
+[Interface]
+Address = 10.13.13.3
+PrivateKey = YKelFuRCzGg1S6zncYgohBtvoPZ01dRpzInMd0+nbnw=
+ListenPort = 51820
+DNS = 10.13.13.1
+
+[Peer]
+PublicKey = DnLs1PO3sPt61YY6BWOIuh4F8+DU0zHegG8QnpVqxU0=
+PresharedKey = A/jH9Hv+VtWTk0kU07nisAkqaei9q+ugjfAfFpKUvn0=
+Endpoint = vpn.pstruebi.xyz:51821
+AllowedIPs = 0.0.0.0/0

wg_conf/peer1/presharedkey-peer1

@@ -0,0 +1 @@
+A/jH9Hv+VtWTk0kU07nisAkqaei9q+ugjfAfFpKUvn0=

wg_conf/peer1/privatekey-peer1

@@ -0,0 +1 @@
+YKelFuRCzGg1S6zncYgohBtvoPZ01dRpzInMd0+nbnw=

wg_conf/peer1/publickey-peer1

@@ -0,0 +1 @@
+4ePaNQTPpigvu46WYvO+3hH2RiOrW0usIMxGfnX4yGk=

wg_conf/peer10/peer10.conf

@@ -0,0 +1,11 @@
+[Interface]
+Address = 10.13.13.12
+PrivateKey = MP/WxZ2hlArmYUIN7NXNCzMnFkHUfuBdgcac4rjz/UU=
+ListenPort = 51820
+DNS = 10.13.13.1
+
+[Peer]
+PublicKey = DnLs1PO3sPt61YY6BWOIuh4F8+DU0zHegG8QnpVqxU0=
+PresharedKey = ok8VDnspHV/16GT77OweftXiXKOJSnLa5Hd2tiwnEbE=
+Endpoint = vpn.pstruebi.xyz:51821
+AllowedIPs = 0.0.0.0/0

wg_conf/peer10/presharedkey-peer10

@@ -0,0 +1 @@
+ok8VDnspHV/16GT77OweftXiXKOJSnLa5Hd2tiwnEbE=

wg_conf/peer10/privatekey-peer10

@@ -0,0 +1 @@
+MP/WxZ2hlArmYUIN7NXNCzMnFkHUfuBdgcac4rjz/UU=

wg_conf/peer10/publickey-peer10

@@ -0,0 +1 @@
+o5CbMXv3wdaGWUFHhKME+YsVMpFUcxTJX9qs8c/3yVY=

wg_conf/peer11/peer11.conf

@@ -0,0 +1,11 @@
+[Interface]
+Address = 10.13.13.2
+PrivateKey = IGEphE9T9lhlEwcYLy8rRivpNS2j9okhNHasX5EFXkM=
+ListenPort = 51820
+DNS = 10.13.13.1
+
+[Peer]
+PublicKey = DnLs1PO3sPt61YY6BWOIuh4F8+DU0zHegG8QnpVqxU0=
+PresharedKey = CXAx7b7fjcIfhKYi2YxD4aM2F0FKRm2hEBVdFLa3tx4=
+Endpoint = vpn.pstruebi.xyz:51821
+AllowedIPs = 0.0.0.0/0

wg_conf/peer11/presharedkey-peer11

@@ -0,0 +1 @@
+CXAx7b7fjcIfhKYi2YxD4aM2F0FKRm2hEBVdFLa3tx4=

wg_conf/peer11/privatekey-peer11

@@ -0,0 +1 @@
+IGEphE9T9lhlEwcYLy8rRivpNS2j9okhNHasX5EFXkM=

wg_conf/peer11/publickey-peer11

@@ -0,0 +1 @@
+EPaSr2rG2/C+3rbYH8TdLr3/WM7eEpjfDqRoQu7KsWc=

wg_conf/peer2/peer2.conf

@@ -0,0 +1,11 @@
+[Interface]
+Address = 10.13.13.4
+PrivateKey = 6K4jlJAq0VHRsppwD1vtYJDjhel+ObXgcOQ2kDXNDUM=
+ListenPort = 51820
+DNS = 10.13.13.1
+
+[Peer]
+PublicKey = DnLs1PO3sPt61YY6BWOIuh4F8+DU0zHegG8QnpVqxU0=
+PresharedKey = SkeH/q6+yIEPQUO3cjNuIoOLL5nwlBvIYzpjO11RsQI=
+Endpoint = vpn.pstruebi.xyz:51821
+AllowedIPs = 0.0.0.0/0

wg_conf/peer2/presharedkey-peer2

@@ -0,0 +1 @@
+SkeH/q6+yIEPQUO3cjNuIoOLL5nwlBvIYzpjO11RsQI=

wg_conf/peer2/privatekey-peer2

@@ -0,0 +1 @@
+6K4jlJAq0VHRsppwD1vtYJDjhel+ObXgcOQ2kDXNDUM=

wg_conf/peer2/publickey-peer2

@@ -0,0 +1 @@
+ChZDaDlYLEcFEHD/UzDiyzZeB3lT/aufxI/BsKoJg1w=

wg_conf/peer3/peer3.conf

@@ -0,0 +1,11 @@
+[Interface]
+Address = 10.13.13.5
+PrivateKey = 8JmpSh+QDih/GAETMoAEPd3VW5Nza3Nviaa4GzND9l4=
+ListenPort = 51820
+DNS = 10.13.13.1
+
+[Peer]
+PublicKey = DnLs1PO3sPt61YY6BWOIuh4F8+DU0zHegG8QnpVqxU0=
+PresharedKey = uw2C+wswMIWM36rSX7BVteRY7l6RklxHmTw4hzphZPQ=
+Endpoint = vpn.pstruebi.xyz:51821
+AllowedIPs = 0.0.0.0/0

wg_conf/peer3/presharedkey-peer3

@@ -0,0 +1 @@
+uw2C+wswMIWM36rSX7BVteRY7l6RklxHmTw4hzphZPQ=

wg_conf/peer3/privatekey-peer3

@@ -0,0 +1 @@
+8JmpSh+QDih/GAETMoAEPd3VW5Nza3Nviaa4GzND9l4=

wg_conf/peer3/publickey-peer3

@@ -0,0 +1 @@
+cKezbL4TZABYDLB1YoruZic4CHg+I3WoPMRXOX7Y8HU=

wg_conf/peer4/peer4.conf

@@ -0,0 +1,11 @@
+[Interface]
+Address = 10.13.13.6
+PrivateKey = +LV5XDOaSNtMycpEkw8JBEVGQ0kpsafI0idQ2TKYxnM=
+ListenPort = 51820
+DNS = 10.13.13.1
+
+[Peer]
+PublicKey = DnLs1PO3sPt61YY6BWOIuh4F8+DU0zHegG8QnpVqxU0=
+PresharedKey = YG/lSzmb+7/NTXwSDMMikT48XN8+8Wxq8FHs0A/ABEc=
+Endpoint = vpn.pstruebi.xyz:51821
+AllowedIPs = 0.0.0.0/0

wg_conf/peer4/presharedkey-peer4

@@ -0,0 +1 @@
+YG/lSzmb+7/NTXwSDMMikT48XN8+8Wxq8FHs0A/ABEc=

wg_conf/peer4/privatekey-peer4

@@ -0,0 +1 @@
++LV5XDOaSNtMycpEkw8JBEVGQ0kpsafI0idQ2TKYxnM=

wg_conf/peer4/publickey-peer4

@@ -0,0 +1 @@
+SAOqRlhffcPO5whelgijyCFjHAr1hVFBSowVMoCxLls=

wg_conf/peer5/peer5.conf

@@ -0,0 +1,11 @@
+[Interface]
+Address = 10.13.13.7
+PrivateKey = SKhjIktHUq7ewDeHt9zpyGni89bDFU/PvNOT+vrb+00=
+ListenPort = 51820
+DNS = 10.13.13.1
+
+[Peer]
+PublicKey = DnLs1PO3sPt61YY6BWOIuh4F8+DU0zHegG8QnpVqxU0=
+PresharedKey = YJGbM4Nw2IHIMnhvoD5stFv7gJSZXMaQT/x2GGxa9N0=
+Endpoint = vpn.pstruebi.xyz:51821
+AllowedIPs = 0.0.0.0/0

wg_conf/peer5/presharedkey-peer5

@@ -0,0 +1 @@
+YJGbM4Nw2IHIMnhvoD5stFv7gJSZXMaQT/x2GGxa9N0=

wg_conf/peer5/privatekey-peer5

@@ -0,0 +1 @@
+SKhjIktHUq7ewDeHt9zpyGni89bDFU/PvNOT+vrb+00=

wg_conf/peer5/publickey-peer5

@@ -0,0 +1 @@
+34zCiskifTf82hYulc08qZ4FrAHezFI0+44AC0aEaiQ=

wg_conf/peer6/peer6.conf

@@ -0,0 +1,11 @@
+[Interface]
+Address = 10.13.13.8
+PrivateKey = uONGsuev3Dszk3ot/fxBkkF9sLwdjajEKRcFHO4BxFI=
+ListenPort = 51820
+DNS = 10.13.13.1
+
+[Peer]
+PublicKey = DnLs1PO3sPt61YY6BWOIuh4F8+DU0zHegG8QnpVqxU0=
+PresharedKey = 0g5t88Mn7mjg68/Oykrj1+6dVmPmReQlSxxbXsMbxe0=
+Endpoint = vpn.pstruebi.xyz:51821
+AllowedIPs = 0.0.0.0/0

wg_conf/peer6/presharedkey-peer6

@@ -0,0 +1 @@
+0g5t88Mn7mjg68/Oykrj1+6dVmPmReQlSxxbXsMbxe0=

wg_conf/peer6/privatekey-peer6

@@ -0,0 +1 @@
+uONGsuev3Dszk3ot/fxBkkF9sLwdjajEKRcFHO4BxFI=

wg_conf/peer6/publickey-peer6

@@ -0,0 +1 @@
+fZqQln25T2q2mq47lBjzevLpsRLIcr6UH+6byLHcfQ4=

wg_conf/peer7/peer7.conf

@@ -0,0 +1,11 @@
+[Interface]
+Address = 10.13.13.9
+PrivateKey = OF3usM+Jiumnjvf68PGslJaz6GUfC3GPoNv7g7tinWg=
+ListenPort = 51820
+DNS = 10.13.13.1
+
+[Peer]
+PublicKey = DnLs1PO3sPt61YY6BWOIuh4F8+DU0zHegG8QnpVqxU0=
+PresharedKey = SnY9RVlWN0KUboRLlzQNSiPYjCd7eDrLv6u9E9v/mmM=
+Endpoint = vpn.pstruebi.xyz:51821
+AllowedIPs = 0.0.0.0/0

wg_conf/peer7/presharedkey-peer7

@@ -0,0 +1 @@
+SnY9RVlWN0KUboRLlzQNSiPYjCd7eDrLv6u9E9v/mmM=

wg_conf/peer7/privatekey-peer7

@@ -0,0 +1 @@
+OF3usM+Jiumnjvf68PGslJaz6GUfC3GPoNv7g7tinWg=

wg_conf/peer7/publickey-peer7

@@ -0,0 +1 @@
+D7aQNstUDH9tU4wnZ911tyJI5qaTyMfFWiw3ocovJjE=

wg_conf/peer8/peer8.conf

@@ -0,0 +1,11 @@
+[Interface]
+Address = 10.13.13.10
+PrivateKey = GPbMO61lf2Hn+8saIibLxBMn5rNuz2QoV7vkMGoZXU4=
+ListenPort = 51820
+DNS = 10.13.13.1
+
+[Peer]
+PublicKey = DnLs1PO3sPt61YY6BWOIuh4F8+DU0zHegG8QnpVqxU0=
+PresharedKey = wXKfBFa/YVP7fDqS7HOQljxUzjUuX/oczo+cLRzhvNI=
+Endpoint = vpn.pstruebi.xyz:51821
+AllowedIPs = 0.0.0.0/0

wg_conf/peer8/presharedkey-peer8

@@ -0,0 +1 @@
+wXKfBFa/YVP7fDqS7HOQljxUzjUuX/oczo+cLRzhvNI=

wg_conf/peer8/privatekey-peer8

@@ -0,0 +1 @@
+GPbMO61lf2Hn+8saIibLxBMn5rNuz2QoV7vkMGoZXU4=

wg_conf/peer8/publickey-peer8

@@ -0,0 +1 @@
+WvFp70uc2P7wG7sY/70YEg66FrqZsi5DsdEkJn9SriI=

wg_conf/peer9/peer9.conf

@@ -0,0 +1,11 @@
+[Interface]
+Address = 10.13.13.11
+PrivateKey = cOI5FyaWu9P8/XqPnoCv+1z/hIXqBFEy6PbYL4HjTXw=
+ListenPort = 51820
+DNS = 10.13.13.1
+
+[Peer]
+PublicKey = DnLs1PO3sPt61YY6BWOIuh4F8+DU0zHegG8QnpVqxU0=
+PresharedKey = 9IM4Pfbyvgz0WLEKrSP/PbdEFKjw1hIHqsFj0R+d8hM=
+Endpoint = vpn.pstruebi.xyz:51821
+AllowedIPs = 0.0.0.0/0

wg_conf/peer9/presharedkey-peer9

@@ -0,0 +1 @@
+9IM4Pfbyvgz0WLEKrSP/PbdEFKjw1hIHqsFj0R+d8hM=

wg_conf/peer9/privatekey-peer9

@@ -0,0 +1 @@
+cOI5FyaWu9P8/XqPnoCv+1z/hIXqBFEy6PbYL4HjTXw=

wg_conf/peer9/publickey-peer9

@@ -0,0 +1 @@
+qZN3BiBHfmrNqkxrI8yYWv4kLpVvbpx+PCSnPkXjrA4=

wg_conf/server/privatekey-server

@@ -0,0 +1 @@
+aKKEMSaIl3Anxj+Nzm+On0cw3GEYyiViqNmuMnCP3no=

wg_conf/server/publickey-server

@@ -0,0 +1 @@
+DnLs1PO3sPt61YY6BWOIuh4F8+DU0zHegG8QnpVqxU0=

wg_conf/templates/peer.conf

@@ -0,0 +1,11 @@
+[Interface]
+Address = ${CLIENT_IP}
+PrivateKey = $(cat /config/${PEER_ID}/privatekey-${PEER_ID})
+ListenPort = 51820
+DNS = ${PEERDNS}
+
+[Peer]
+PublicKey = $(cat /config/server/publickey-server)
+PresharedKey = $(cat /config/${PEER_ID}/presharedkey-${PEER_ID})
+Endpoint = ${SERVERURL}:${SERVERPORT}
+AllowedIPs = ${ALLOWEDIPS}

wg_conf/templates/server.conf

@@ -0,0 +1,6 @@
+[Interface]
+Address = ${INTERFACE}.1
+ListenPort = 51820
+PrivateKey = $(cat /config/server/privatekey-server)
+PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE
+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth+ -j MASQUERADE

wg_conf/wg_confs/wg0.conf

@@ -0,0 +1,84 @@
+[Interface]
+Address = 10.13.13.1
+ListenPort = 51820
+PrivateKey = aKKEMSaIl3Anxj+Nzm+On0cw3GEYyiViqNmuMnCP3no=
+PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE
+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth+ -j MASQUERADE
+
+[Peer]
+# peer1
+PublicKey = 4ePaNQTPpigvu46WYvO+3hH2RiOrW0usIMxGfnX4yGk=
+PresharedKey = A/jH9Hv+VtWTk0kU07nisAkqaei9q+ugjfAfFpKUvn0=
+AllowedIPs = 10.13.13.3/32
+PersistentKeepalive = 25
+
+[Peer]
+# peer2
+PublicKey = ChZDaDlYLEcFEHD/UzDiyzZeB3lT/aufxI/BsKoJg1w=
+PresharedKey = SkeH/q6+yIEPQUO3cjNuIoOLL5nwlBvIYzpjO11RsQI=
+AllowedIPs = 10.13.13.4/32
+PersistentKeepalive = 25
+
+[Peer]
+# peer3
+PublicKey = cKezbL4TZABYDLB1YoruZic4CHg+I3WoPMRXOX7Y8HU=
+PresharedKey = uw2C+wswMIWM36rSX7BVteRY7l6RklxHmTw4hzphZPQ=
+AllowedIPs = 10.13.13.5/32
+PersistentKeepalive = 25
+
+[Peer]
+# peer4
+PublicKey = SAOqRlhffcPO5whelgijyCFjHAr1hVFBSowVMoCxLls=
+PresharedKey = YG/lSzmb+7/NTXwSDMMikT48XN8+8Wxq8FHs0A/ABEc=
+AllowedIPs = 10.13.13.6/32
+PersistentKeepalive = 25
+
+[Peer]
+# peer5
+PublicKey = 34zCiskifTf82hYulc08qZ4FrAHezFI0+44AC0aEaiQ=
+PresharedKey = YJGbM4Nw2IHIMnhvoD5stFv7gJSZXMaQT/x2GGxa9N0=
+AllowedIPs = 10.13.13.7/32
+PersistentKeepalive = 25
+
+[Peer]
+# peer6
+PublicKey = fZqQln25T2q2mq47lBjzevLpsRLIcr6UH+6byLHcfQ4=
+PresharedKey = 0g5t88Mn7mjg68/Oykrj1+6dVmPmReQlSxxbXsMbxe0=
+AllowedIPs = 10.13.13.8/32
+PersistentKeepalive = 25
+
+[Peer]
+# peer7
+PublicKey = D7aQNstUDH9tU4wnZ911tyJI5qaTyMfFWiw3ocovJjE=
+PresharedKey = SnY9RVlWN0KUboRLlzQNSiPYjCd7eDrLv6u9E9v/mmM=
+AllowedIPs = 10.13.13.9/32
+PersistentKeepalive = 25
+
+[Peer]
+# peer8
+PublicKey = WvFp70uc2P7wG7sY/70YEg66FrqZsi5DsdEkJn9SriI=
+PresharedKey = wXKfBFa/YVP7fDqS7HOQljxUzjUuX/oczo+cLRzhvNI=
+AllowedIPs = 10.13.13.10/32
+PersistentKeepalive = 25
+
+[Peer]
+# peer9
+PublicKey = qZN3BiBHfmrNqkxrI8yYWv4kLpVvbpx+PCSnPkXjrA4=
+PresharedKey = 9IM4Pfbyvgz0WLEKrSP/PbdEFKjw1hIHqsFj0R+d8hM=
+AllowedIPs = 10.13.13.11/32
+PersistentKeepalive = 25
+
+[Peer]
+# peer10
+PublicKey = o5CbMXv3wdaGWUFHhKME+YsVMpFUcxTJX9qs8c/3yVY=
+PresharedKey = ok8VDnspHV/16GT77OweftXiXKOJSnLa5Hd2tiwnEbE=
+AllowedIPs = 10.13.13.12/32
+PersistentKeepalive = 25
+
+[Peer]
+# peer11
+PublicKey = EPaSr2rG2/C+3rbYH8TdLr3/WM7eEpjfDqRoQu7KsWc=
+PresharedKey = CXAx7b7fjcIfhKYi2YxD4aM2F0FKRm2hEBVdFLa3tx4=
+AllowedIPs = 10.13.13.2/32
+PersistentKeepalive = 25
+