refactor: 🎨 Moved ./etc to /etc/wagon, mounted wireguard config, and implemented docker-compose.override.yml
parent
4946813d92
commit
8051740889
|
@ -1,3 +1,2 @@
|
|||
etc/config
|
||||
etc/servers
|
||||
docker-compose.yml
|
||||
etc.sample/
|
||||
docker-compose.override.yml.sample
|
||||
|
|
17
INSTALL.md
17
INSTALL.md
|
@ -454,27 +454,26 @@ You might be thinking, this would all be easier as a script. A script that could
|
|||
|
||||
## 4. Wagon
|
||||
|
||||
I keep services in `/srv` so I would do:
|
||||
I keep binaries and scripts in `/usr/local/bin` so I would do:
|
||||
|
||||
```sh
|
||||
cd /srv
|
||||
cd /usr/local/bin
|
||||
git clone https://gitea.gf4.pw/gf4/wagon.git
|
||||
cd wagon
|
||||
```
|
||||
|
||||
### 4.1. Configuration
|
||||
|
||||
Copy the sample environment file and docker-compose file:
|
||||
Copy the sample config docker-compose file:
|
||||
|
||||
```sh
|
||||
cp etc/config.sample etc/config
|
||||
cp etc/servers.sample etc/servers
|
||||
cp docker-compose.yml.sample docker-compose.yml
|
||||
cp -r etc.sample /etc/wagon
|
||||
cp docker-compose.override.yml.sample docker-compose.override.yml
|
||||
```
|
||||
|
||||
Configure the `docker-compose.yml` file however you like, or don't use it at all. The other two files are tab-separated text files. Lines starting with a hash (`#`) are ignored as comments
|
||||
Configure the `docker-compose.override.yml` file however you like. Here you can set container IP addresses that a proxy can reference later.
|
||||
|
||||
The `etc/servers` file is a list of servers on the `/16` network. For now, just set our single server with the correct variables.
|
||||
The `/etc/wagon/servers` file is a list of servers on the `/16` network. For now, just set our single server with the correct variables.
|
||||
|
||||
```tsv
|
||||
# host ipv4 ipv6 pubkey wg-endpoint admin-endpoint secret
|
||||
|
@ -483,7 +482,7 @@ The `etc/servers` file is a list of servers on the `/16` network. For now, just
|
|||
|
||||
We're just gonna leave `XXXX` as a placeholder for ipv6 since we aren't using it. But do set the pubkey to hn's wireguard public key from above. Set admin-endpoint to whatever you want right now; this is actually used for server-to-server communication, not administration. Same thing for secret: leave it as `XXXXXX` or generate something random; in any case it isn't used unless your network has multiple servers.
|
||||
|
||||
Now edit the `etc/config` file
|
||||
Now edit `/etc/wagon/config`
|
||||
|
||||
```sh
|
||||
TLD='mynet'
|
||||
|
|
|
@ -0,0 +1,51 @@
|
|||
networks:
|
||||
wagon:
|
||||
name: wagon
|
||||
ipam:
|
||||
config:
|
||||
- subnet: "172.19.0.0/24"
|
||||
services:
|
||||
|
||||
dashboard-backend:
|
||||
build:
|
||||
args:
|
||||
PORT: 4442
|
||||
container_name: wagon-dashboard-backend
|
||||
volumes:
|
||||
- '/etc/wagon:/etc/wagon:ro'
|
||||
- '/etc/wireguard/${TLD}.conf:/etc/wireguard/${TLD}.conf'
|
||||
- '/var/log/wagon.log:/var/log/apache2/error.log'
|
||||
- '/etc/ssl/private/${TLD}:/etc/ssl/private/${TLD}'
|
||||
|
||||
# dashboard-frontend:
|
||||
# container_name: wagon-dashboard-frontend
|
||||
# networks:
|
||||
# wagon:
|
||||
# ipv4_address: 172.19.0.2
|
||||
|
||||
admin-backend:
|
||||
build:
|
||||
args:
|
||||
PORT: 4441
|
||||
container_name: wagon-admin-backend
|
||||
volumes:
|
||||
- '/etc/wagon:/etc/wagon:ro'
|
||||
- '/etc/wireguard/${TLD}.conf:/etc/wireguard/${TLD}.conf'
|
||||
- '/var/log/wagon.log:/var/log/apache2/error.log'
|
||||
- '/etc/ssl/private/${TLD}:/etc/ssl/private/${TLD}'
|
||||
|
||||
# admin-frontend:
|
||||
# container_name: wagon-admin-frontend
|
||||
# networks:
|
||||
# wagon:
|
||||
# ipv4_address: 172.19.0.3
|
||||
|
||||
# fed-backend:
|
||||
# build:
|
||||
# args:
|
||||
# PORT: 4443
|
||||
# container_name: wagon-fed-backend
|
||||
# volumes:
|
||||
# - '/etc/wireguard/${TLD}.conf:/etc/wireguard/${TLD}.conf'
|
||||
# - '/var/log/wagon.log:/var/log/apache2/error.log'
|
||||
# - '/etc/wagon:/etc/wagon:ro'
|
|
@ -1,10 +1,4 @@
|
|||
version: '3'
|
||||
networks:
|
||||
wagon:
|
||||
name: wagon
|
||||
ipam:
|
||||
config:
|
||||
- subnet: "172.19.0.0/24"
|
||||
services:
|
||||
|
||||
dashboard-backend:
|
||||
|
@ -17,19 +11,18 @@ services:
|
|||
cap_add:
|
||||
- NET_ADMIN
|
||||
network_mode: host
|
||||
env_file: /etc/wagon/config
|
||||
volumes:
|
||||
- '/etc/ssl/private:/etc/ssl/private'
|
||||
- './etc:/etc/wagon:ro'
|
||||
- '/etc/wagon:/etc/wagon:ro'
|
||||
- '/etc/wireguard/${TLD}.conf:/etc/wireguard/${TLD}.conf'
|
||||
- '/var/log/wagon.log:/var/log/apache2/error.log'
|
||||
- '/etc/ssl/private/${TLD}:/etc/ssl/private/${TLD}'
|
||||
|
||||
# dashboard-frontend:
|
||||
# build:
|
||||
# context: front
|
||||
# dockerfile: dashboard.Dockerfile
|
||||
# container_name: wagon-dashboard-frontend
|
||||
# networks:
|
||||
# wagon:
|
||||
# ipv4_address: 172.19.0.2
|
||||
|
||||
admin-backend:
|
||||
build:
|
||||
|
@ -37,23 +30,22 @@ services:
|
|||
dockerfile: admin.Dockerfile
|
||||
args:
|
||||
PORT: 4441
|
||||
container_name: wagon-admin-backend
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
network_mode: host
|
||||
container_name: wagon-admin-backend
|
||||
env_file: /etc/wagon/config
|
||||
volumes:
|
||||
- '/etc/wagon:/etc/wagon:ro'
|
||||
- '/etc/wireguard/${TLD}.conf:/etc/wireguard/${TLD}.conf'
|
||||
- '/var/log/wagon.log:/var/log/apache2/error.log'
|
||||
- '/etc/ssl/private:/etc/ssl/private'
|
||||
- './etc:/etc/wagon:ro'
|
||||
- '/etc/ssl/private/${TLD}:/etc/ssl/private/${TLD}'
|
||||
|
||||
# admin-frontend:
|
||||
# build:
|
||||
# context: front
|
||||
# dockerfile: admin.Dockerfile
|
||||
# container_name: wagon-admin-frontend
|
||||
# networks:
|
||||
# wagon:
|
||||
# ipv4_address: 172.19.0.3
|
||||
|
||||
# fed-backend:
|
||||
# build:
|
||||
|
@ -66,5 +58,6 @@ services:
|
|||
# network_mode: host
|
||||
# container_name: wagon-fed-backend
|
||||
# volumes:
|
||||
# - '/etc/wireguard/${TLD}.conf:/etc/wireguard/${TLD}.conf'
|
||||
# - '/var/log/wagon.log:/var/log/apache2/error.log'
|
||||
# - './etc:/etc/wagon:ro'
|
||||
# - '/etc/wagon:/etc/wagon:ro'
|
|
@ -1,15 +0,0 @@
|
|||
TLD='tld'
|
||||
LOCAL_SERVER='myhost1'
|
||||
IPV4_NET='10.3.0.0/16'
|
||||
IPV6_NET='fd69:1337:0:420:f4:f3::/96'
|
||||
IPV4_HUB=10.3.0.1
|
||||
IPV6_HUB=fd69:1337:0:420:f4:f3:0:1
|
||||
SSL_CONFIG_DIR="/etc/ssl/private/${TLD}"
|
||||
SSL_CA_CERT="${SSL_CONFIG_DIR}/_ca.crt"
|
||||
SSL_CA_KEY="${SSL_CONFIG_DIR}/_ca.key"
|
||||
SSL_ORG='My Org'
|
||||
SSL_DAYS='3650'
|
||||
SSL_CA_PASS='XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
|
||||
DNS_KEY='hmac-sha512:wagon:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxw=='
|
||||
DNS_MASTER='10.3.0.1'
|
||||
DNS_TTL='86400'
|
|
@ -1,3 +0,0 @@
|
|||
# host ipv4 ipv6 pubkey wg-endpoint admin-endpoint secret
|
||||
myhost1 10.3.0.1 fd69:1337:0:420:f4:f3:0:1 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX= 123.123.123.123:51820 https://wagon-admin.myhost2.tld XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||
myhost2 10.3.0.2 fd69:1337:0:420:f4:f3:0:2 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX= 234.234.234.234:51820 https://wagon-admin.myhost2.tld XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
Loading…
Reference in New Issue