search

portainer / templates

App Templates used by Portainer
http://portainer.io
341 stars 458 forks source link

Adding wireguard template #172

Open codefuturist opened 1 year ago

codefuturist commented 1 year ago

I would like to have a WireGuard template implemented and would also put in the work to create one. But before I invest my time, what does the community think about this? Is there a certain demand? Is it even feasible with the special NET_MODULES required to run WireGuard?

deviantony commented 1 year ago

@Kithrian it would be nice to have I think, do you have links to the wireguard container deployment documentation? I can tell you whether the template system of Portainer would support it.

codefuturist commented 1 year ago

@deviantony Thank you for your response. The exact container is lscr.io/linuxserver/wireguard:latest and the official docker run command according to their documentation is: 

docker run -d \
  --name=wireguard \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Europe/London \
  -e SERVERURL=wireguard.domain.com `#optional` \
  -e SERVERPORT=51820 `#optional` \
  -e PEERS=1 `#optional` \
  -e PEERDNS=auto `#optional` \
  -e INTERNAL_SUBNET=10.13.13.0 `#optional` \
  -e ALLOWEDIPS=0.0.0.0/0 `#optional` \
  -e PERSISTENTKEEPALIVE_PEERS= `#optional` \
  -e LOG_CONFS=true `#optional` \
  -p 51820:51820/udp \
  -v /path/to/appdata/config:/config \
  -v /lib/modules:/lib/modules `#optional` \
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
  --restart unless-stopped \
  linuxserver/wireguard

For those, who don't know this container: It does generate all encryption keys on the first run of the container and is really easy to use. Compared to the standard WireGuard package in Linux, where you have to generate all the keys manually, which is not really beginner-friendly. Also I think, it would be a nice addition, for those, who want a simple solution to remotely manage their Portainer instance. Of course, you could just expose the Portainer port, but this is in my eyes a huge security risk. As far as I read, it does not even run with Kubernetes and no templates seem to exist there, so the only way to run it in a user-friendly environment is to run the container in Portainer. Even runs on ARM/Raspberry Pi! Compared to other VPN solutions like OpenVPN and IKEv2 is WireGuard by far the easiest to use and provides modern encryption.

It is also my first time contributing to open source and I appreciate really any help I can get, so no hard feelings!