forked from cmulk/wireguard-docker
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
35 lines (26 loc) · 1.11 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
FROM debian:bookworm
# Add debian unstable repo for wireguard packages
RUN echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable-wireguard.list && \
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
# Install wireguard packges
RUN apt update && \
apt install -y --no-install-recommends ntp dnsutils whois curl vim wireguard-tools iptables openresolv net-tools procps iproute2 && \
apt clean
RUN echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections && \
echo "REPORT_ABSENT_SYMLINK=no" >> /etc/default/resolvconf && \
apt-get -y install resolvconf && apt-get -y install debconf-utils && \
apt clean
# Add main work dir to PATH
WORKDIR /scripts
ENV PATH="/scripts:${PATH}"
# Use iptables masquerade NAT rule
ENV IPTABLES_MASQ=1
# Copy scripts to containers
COPY install-module /scripts
COPY run /scripts
COPY genkeys /scripts
RUN chmod 755 /scripts/*
# Wirguard interface configs go in /etc/wireguard
VOLUME /etc/wireguard
# Normal behavior is just to run wireguard with existing configs
CMD ["run"]