Add jupiter wireguard server

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>

packages/docker/traefik/default.nix

@@ -1,11 +1,22 @@
 { pkgs, ... }:
+let
+  # FIXME: https://github.com/traefik/traefik/issues/4881
+  traefik = pkgs.traefik.overrideAttrs (oldAttrs: {
+    patches = oldAttrs.patches or [ ] ++ [
+      (builtins.fetchurl {
+        url = "https://github.com/traefik/traefik/commit/e877a94b2a759b93fc886cba53f5fa9bc1e973ed.patch";
+        sha256 = "sha256:178s4m2jnvr081slvgv48b6g4sispfwj2k7mfwskcyry1g2nbfvb";
+      })
+    ];
+  });
+in
 pkgs.dockerTools.buildImage {
   name = "traefik";
   fromImage = import ../base { inherit pkgs; };
 
   copyToRoot = pkgs.buildEnv {
     name = "root";
-    paths = with pkgs; [ traefik ];
+    paths = [ traefik ];
     pathsToLink = [ "/bin" ];
   };
 

packages/docker/wireguard-ui/default.nix

@@ -0,0 +1,49 @@
+{ pkgs, ... }:
+let
+  wireguard-ui = pkgs.wireguard-ui.overrideAttrs (oldAttrs: {
+    src = pkgs.applyPatches {
+      src = oldAttrs.src;
+      patches = [
+        # - Always write config on run
+        # - Activate with systemd sockets
+        # - Remove telegram
+        # - Automatically run wg-quick
+        ./customization.patch
+      ];
+    };
+
+    vendorHash = "sha256-ic9EUJLvU9mPmqU1mhjZozc6bQQqoR7XkhIKx1vuekA=";
+  });
+in
+pkgs.dockerTools.buildImage {
+  name = "wireguard-ui";
+  fromImage = import ../base { inherit pkgs; };
+
+  copyToRoot = pkgs.buildEnv {
+    name = "root";
+    paths =
+      [ wireguard-ui ]
+      ++ (with pkgs; [
+        wireguard-tools
+        iptables
+        ipset
+      ]);
+    pathsToLink = [ "/bin" ];
+  };
+
+  runAsRoot = ''
+    mkdir -p /etc/wireguard
+  '';
+
+  config = {
+    Entrypoint = [ "wireguard-ui" ];
+    ExposedPorts = {
+      "5000/tcp" = { };
+      "51820/udp" = { };
+    };
+    Volumes = {
+      "/var/lib/wireguard-ui/db/clients" = { };
+    };
+    WorkingDir = "/var/lib/wireguard-ui";
+  };
+}