services: wireguard: # TODO: make all privileges in this compose file as tight as possible image: lscr.io/linuxserver/wireguard:latest container_name: wireguard restart: unless-stopped cap_add: - NET_ADMIN - SYS_MODULE #optional environment: - PUID=1000 - PGID=1000 - TZ=Europe/Vienna # - SERVERURL=wireguard.domain.com #optional # - SERVERPORT=51820 #optional # - PEERS=1 #optional # - PEERDNS=auto #optional # - INTERNAL_SUBNET=10.13.13.0 #optional # - ALLOWEDIPS=0.0.0.0/0 #optional # - PERSISTENTKEEPALIVE_PEERS= #optional - LOG_CONFS=true #optional volumes: - ./wg_config:/config - /lib/modules:/lib/modules #optional ports: - 51820:51820/udp #- 51821:51821/udp # just a workaround if another wireguard client is already running - make sure to change in .conf file too #- 5000:5000 # make the multicaster also reachable from the host - TODO: this should be removed for production sysctls: - net.ipv4.conf.all.src_valid_mark=1 networks: - default multicaster: container_name: multicaster depends_on: - wireguard # TODO: make this more restricitive in the future privileged: true # Grants full access to all devices (for serial access) restart: unless-stopped network_mode: service:wireguard #ports: # - "5000:5000" build: dockerfile: Dockerfile ssh: #- default=~/.ssh/id_ed25519 #lappi - default=~/.ssh/id_rsa #raspi volumes: - "/dev/serial:/dev/serial" #devices: # - /dev/serial/by-id/usb-ZEPHYR_Zephyr_HCI_UART_sample_81BD14B8D71B5662-if00 environment: LOG_LEVEL: INFO #vpn only seems to initiate handshake after some outgoing connection is being made command: > bash -c "(while true; do ping -c 1 vpn.pstruebi.xyz || echo 'Ping failed'; sleep 60; done) & python ./auracast/multicast_server.py" #command: python ./auracast/multicast.py # continously streaming test app # place corresponding peer config for each peer in wg_confs # use docker compose up --build --remove-orphans