refactor: 🎨 Moved ./etc to /etc/wagon, mounted wireguard config, and implemented docker-compose.override.yml

.gitignore

@@ -1,3 +1,2 @@
-etc/config
-etc/servers
-docker-compose.yml
+etc.sample/
+docker-compose.override.yml.sample

INSTALL.md

@@ -454,27 +454,26 @@ You might be thinking, this would all be easier as a script. A script that could
 
 ## 4. Wagon
 
-I keep services in `/srv` so I would do: 
+I keep binaries and scripts in `/usr/local/bin` so I would do: 
 
 ```sh
-cd /srv
+cd /usr/local/bin
 git clone https://gitea.gf4.pw/gf4/wagon.git
 cd wagon
 ```
 
 ### 4.1. Configuration
 
-Copy the sample environment file and docker-compose file: 
+Copy the sample config docker-compose file: 
 
 ```sh
-cp etc/config.sample etc/config
-cp etc/servers.sample etc/servers
-cp docker-compose.yml.sample docker-compose.yml
+cp -r etc.sample /etc/wagon
+cp docker-compose.override.yml.sample docker-compose.override.yml
 ```
 
-Configure the `docker-compose.yml` file however you like, or don't use it at all. The other two files are tab-separated text files. Lines starting with a hash (`#`) are ignored as comments
+Configure the `docker-compose.override.yml` file however you like.  Here you can set container IP addresses that a proxy can reference later.  
 
-The `etc/servers` file is a list of servers on the `/16` network. For now, just set our single server with the correct variables. 
+The `/etc/wagon/servers` file is a list of servers on the `/16` network. For now, just set our single server with the correct variables. 
 
 ```tsv
 #	host	ipv4     	ipv6	pubkey	wg-endpoint  	admin-endpoint              	secret
@@ -483,7 +482,7 @@ The `etc/servers` file is a list of servers on the `/16` network. For now, just
 
 We're just gonna leave `XXXX` as a placeholder for ipv6 since we aren't using it. But do set the pubkey to hn's wireguard public key from above. Set admin-endpoint to whatever you want right now; this is actually used for server-to-server communication, not administration. Same thing for secret: leave it as `XXXXXX` or generate something random; in any case it isn't used unless your network has multiple servers.
 
-Now edit the `etc/config` file
+Now edit `/etc/wagon/config`
 
 ```sh
 TLD='mynet'

docker-compose.override.yml

@@ -0,0 +1,51 @@
+networks:
+  wagon:
+    name: wagon
+    ipam:
+      config:
+        - subnet: "172.19.0.0/24"
+services:
+
+  dashboard-backend:
+    build:
+      args:
+        PORT: 4442
+    container_name: wagon-dashboard-backend
+    volumes:
+      - '/etc/wagon:/etc/wagon:ro'
+      - '/etc/wireguard/${TLD}.conf:/etc/wireguard/${TLD}.conf'
+      - '/var/log/wagon.log:/var/log/apache2/error.log'
+      - '/etc/ssl/private/${TLD}:/etc/ssl/private/${TLD}'
+
+#  dashboard-frontend:
+#    container_name: wagon-dashboard-frontend
+#    networks:
+#      wagon:
+#        ipv4_address: 172.19.0.2
+
+  admin-backend:
+    build:
+      args:
+        PORT: 4441
+    container_name: wagon-admin-backend
+    volumes:
+      - '/etc/wagon:/etc/wagon:ro'
+      - '/etc/wireguard/${TLD}.conf:/etc/wireguard/${TLD}.conf'
+      - '/var/log/wagon.log:/var/log/apache2/error.log'
+      - '/etc/ssl/private/${TLD}:/etc/ssl/private/${TLD}'
+
+#  admin-frontend:
+#    container_name: wagon-admin-frontend
+#    networks:
+#      wagon:
+#        ipv4_address: 172.19.0.3
+
+#  fed-backend:
+#    build:
+#      args:
+#        PORT: 4443
+#    container_name: wagon-fed-backend
+#    volumes:
+#      - '/etc/wireguard/${TLD}.conf:/etc/wireguard/${TLD}.conf'
+#      - '/var/log/wagon.log:/var/log/apache2/error.log'
+#      - '/etc/wagon:/etc/wagon:ro'

docker-compose.yml

@@ -1,10 +1,4 @@
 version: '3'
-networks:
-  wagon:
-    name: wagon
-    ipam:
-      config:
-        - subnet: "172.19.0.0/24"
 services:
 
   dashboard-backend:
@@ -17,19 +11,18 @@ services:
     cap_add:
       - NET_ADMIN
     network_mode: host
+    env_file: /etc/wagon/config
     volumes:
-      - '/etc/ssl/private:/etc/ssl/private'
-      - './etc:/etc/wagon:ro'
+      - '/etc/wagon:/etc/wagon:ro'
+      - '/etc/wireguard/${TLD}.conf:/etc/wireguard/${TLD}.conf'
       - '/var/log/wagon.log:/var/log/apache2/error.log'
+      - '/etc/ssl/private/${TLD}:/etc/ssl/private/${TLD}'
 
 #  dashboard-frontend:
 #    build:
 #      context: front
 #      dockerfile: dashboard.Dockerfile
 #    container_name: wagon-dashboard-frontend
-#    networks:
-#      wagon:
-#        ipv4_address: 172.19.0.2
 
   admin-backend:
     build:
@@ -37,23 +30,22 @@ services:
       dockerfile: admin.Dockerfile
       args:
         PORT: 4441
+    container_name: wagon-admin-backend
     cap_add:
       - NET_ADMIN
     network_mode: host
-    container_name: wagon-admin-backend
+    env_file: /etc/wagon/config
     volumes:
+      - '/etc/wagon:/etc/wagon:ro'
+      - '/etc/wireguard/${TLD}.conf:/etc/wireguard/${TLD}.conf'
       - '/var/log/wagon.log:/var/log/apache2/error.log'
-      - '/etc/ssl/private:/etc/ssl/private'
-      - './etc:/etc/wagon:ro'
+      - '/etc/ssl/private/${TLD}:/etc/ssl/private/${TLD}'
 
 #  admin-frontend:
 #    build:
 #      context: front
 #      dockerfile: admin.Dockerfile
 #    container_name: wagon-admin-frontend
-#    networks:
-#      wagon:
-#        ipv4_address: 172.19.0.3
 
 #  fed-backend:
 #    build:
@@ -66,5 +58,6 @@ services:
 #    network_mode: host
 #    container_name: wagon-fed-backend
 #    volumes:
+#      - '/etc/wireguard/${TLD}.conf:/etc/wireguard/${TLD}.conf'
 #      - '/var/log/wagon.log:/var/log/apache2/error.log'
-#      - './etc:/etc/wagon:ro'
+#      - '/etc/wagon:/etc/wagon:ro'

etc/config.sample

@@ -1,15 +0,0 @@
-TLD='tld'
-LOCAL_SERVER='myhost1'
-IPV4_NET='10.3.0.0/16'
-IPV6_NET='fd69:1337:0:420:f4:f3::/96'
-IPV4_HUB=10.3.0.1
-IPV6_HUB=fd69:1337:0:420:f4:f3:0:1
-SSL_CONFIG_DIR="/etc/ssl/private/${TLD}"
-SSL_CA_CERT="${SSL_CONFIG_DIR}/_ca.crt"
-SSL_CA_KEY="${SSL_CONFIG_DIR}/_ca.key"
-SSL_ORG='My Org'
-SSL_DAYS='3650'
-SSL_CA_PASS='XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
-DNS_KEY='hmac-sha512:wagon:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxw=='
-DNS_MASTER='10.3.0.1'
-DNS_TTL='86400'

etc/servers.sample

@@ -1,3 +0,0 @@
-# host	ipv4	ipv6	pubkey	wg-endpoint	admin-endpoint	secret
-myhost1	10.3.0.1	fd69:1337:0:420:f4:f3:0:1	XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=	123.123.123.123:51820	https://wagon-admin.myhost2.tld	XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-myhost2	10.3.0.2	fd69:1337:0:420:f4:f3:0:2	XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=	234.234.234.234:51820	https://wagon-admin.myhost2.tld	XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX