Add jupiter wireguard server

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-06-26 09:16:24 +01:00
parent d617183438
commit 84a5ff6fd4
6 changed files with 1416 additions and 1 deletions
--- a/packages/default.nix
+++ b/packages/default.nix
@@ -35,6 +35,7 @@
  docker-sish = import ./docker/sish { inherit pkgs; };
  docker-traefik = import ./docker/traefik { inherit pkgs; };
  docker-whoami = import ./docker/whoami { inherit pkgs; };
+  docker-wireguard-ui = import ./docker/wireguard-ui { inherit pkgs; };
  docker-yq = import ./docker/yq { inherit pkgs; };

  linux-firmware-latest = import ./linux-firmware-latest { inherit pkgs; };
--- a/packages/docker/traefik/default.nix
+++ b/packages/docker/traefik/default.nix
@@ -1,11 +1,22 @@
 { pkgs, ... }:
+let
+  # FIXME: https://github.com/traefik/traefik/issues/4881
+  traefik = pkgs.traefik.overrideAttrs (oldAttrs: {
+    patches = oldAttrs.patches or [ ] ++ [
+      (builtins.fetchurl {
+        url = "https://github.com/traefik/traefik/commit/e877a94b2a759b93fc886cba53f5fa9bc1e973ed.patch";
+        sha256 = "sha256:178s4m2jnvr081slvgv48b6g4sispfwj2k7mfwskcyry1g2nbfvb";
+      })
+    ];
+  });
+in
 pkgs.dockerTools.buildImage {
  name = "traefik";
  fromImage = import ../base { inherit pkgs; };

  copyToRoot = pkgs.buildEnv {
    name = "root";
-    paths = with pkgs; [ traefik ];
+    paths = [ traefik ];
    pathsToLink = [ "/bin" ];
  };

--- a/packages/docker/wireguard-ui/customization.patch
+++ b/packages/docker/wireguard-ui/customization.patch
--- a/packages/docker/wireguard-ui/default.nix
+++ b/packages/docker/wireguard-ui/default.nix
@@ -0,0 +1,49 @@
+{ pkgs, ... }:
+let
+  wireguard-ui = pkgs.wireguard-ui.overrideAttrs (oldAttrs: {
+    src = pkgs.applyPatches {
+      src = oldAttrs.src;
+      patches = [
+        # - Always write config on run
+        # - Activate with systemd sockets
+        # - Remove telegram
+        # - Automatically run wg-quick
+        ./customization.patch
+      ];
+    };
+
+    vendorHash = "sha256-ic9EUJLvU9mPmqU1mhjZozc6bQQqoR7XkhIKx1vuekA=";
+  });
+in
+pkgs.dockerTools.buildImage {
+  name = "wireguard-ui";
+  fromImage = import ../base { inherit pkgs; };
+
+  copyToRoot = pkgs.buildEnv {
+    name = "root";
+    paths =
+      [ wireguard-ui ]
+      ++ (with pkgs; [
+        wireguard-tools
+        iptables
+        ipset
+      ]);
+    pathsToLink = [ "/bin" ];
+  };
+
+  runAsRoot = ''
+    mkdir -p /etc/wireguard
+  '';
+
+  config = {
+    Entrypoint = [ "wireguard-ui" ];
+    ExposedPorts = {
+      "5000/tcp" = { };
+      "51820/udp" = { };
+    };
+    Volumes = {
+      "/var/lib/wireguard-ui/db/clients" = { };
+    };
+    WorkingDir = "/var/lib/wireguard-ui";
+  };
+}