From 4fba8d2ff42c0fe8532cd01f15c552ade55ce074 Mon Sep 17 00:00:00 2001
From: venus <git@riverrooks.art>
Date: Tue, 31 Mar 2026 02:37:27 -0500
Subject: [PATCH] changed proxy to traefik and adding wg-easy vpn

---
 blog                       |  1 +
 compose.yml                |  4 +--
 gitea/docker-compose.yml   |  6 ++--
 wg-easy/docker-compose.yml | 56 ++++++++++++++++++++++++++++++++++++++
 4 files changed, 62 insertions(+), 5 deletions(-)
 create mode 160000 blog
 create mode 100644 wg-easy/docker-compose.yml

diff --git a/blog b/blog
new file mode 160000
index 0000000..8efe0b7
--- /dev/null
+++ b/blog
@@ -0,0 +1 @@
+Subproject commit 8efe0b7836eb3d3958ee6aa94eb1a8f6de07bcda
diff --git a/compose.yml b/compose.yml
index 51d1c59..094279c 100644
--- a/compose.yml
+++ b/compose.yml
@@ -14,8 +14,8 @@ services:
       - "./letsencrypt:/letsencrypt"
       - "./traefik.yml:/etc/traefik/traefik.yml:ro"
     networks:
-      - proxy
+      - traefik
 
 networks:
-  proxy:
+  traefik:
     external: true
diff --git a/gitea/docker-compose.yml b/gitea/docker-compose.yml
index b7c87bf..ee338c1 100644
--- a/gitea/docker-compose.yml
+++ b/gitea/docker-compose.yml
@@ -2,7 +2,7 @@ networks:
 
   gitea:
     external: false
-  proxy:
+  traefik:
     external: true
 
 services:
@@ -15,7 +15,7 @@ services:
     restart: always
     networks:
       - gitea
-      - proxy
+      - traefik
     volumes:
       - ./data/:/data
       - /etc/timezone:/etc/timezone:ro
@@ -30,4 +30,4 @@ services:
         # Explicitly tell Traefik to send the web traffic to internal port 3000
         - "traefik.http.services.gitea.loadbalancer.server.port=3000"
         # Tell Traefik to exclusively use the 'proxy' network to route traffic
-        - "traefik.docker.network=proxy"
+        - "traefik.docker.network=traefik"
diff --git a/wg-easy/docker-compose.yml b/wg-easy/docker-compose.yml
new file mode 100644
index 0000000..dbaf255
--- /dev/null
+++ b/wg-easy/docker-compose.yml
@@ -0,0 +1,56 @@
+volumes:
+  etc_wireguard:
+
+services:
+  wg-easy:
+    #environment:
+    #  Optional:
+    #  - PORT=51821
+    #  - HOST=0.0.0.0
+    #  - INSECURE=false
+
+    image: ghcr.io/wg-easy/wg-easy:15
+    container_name: wg-easy
+    networks:
+      wg:
+        ipv4_address: 10.42.42.42
+        ipv6_address: fdcc:ad94:bacf:61a3::2a
+    volumes:
+      - etc_wireguard:/etc/wireguard
+      - /lib/modules:/lib/modules:ro
+    ports:
+      - "51820:51820/udp"
+      - "51821:51821/tcp"
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+      # - NET_RAW # ⚠️ Uncomment if using Podman
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.src_valid_mark=1
+      - net.ipv6.conf.all.disable_ipv6=0
+      - net.ipv6.conf.all.forwarding=1
+      - net.ipv6.conf.default.forwarding=1
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.wg-easy.rule=Host(`wg.riverrooks.dev`)"
+      - "traefik.http.routers.wg-easy.entrypoints=websecure"
+      - "traefik.http.routers.wg-easy.service=wg-easy"
+      - "traefik.http.services.wg-easy.loadbalancer.server.port=51821"
+      - "traefik.docker.network=traefik"
+    networks:
+      traefik: {}
+
+networks:
+  wg:
+    driver: bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.42.42.0/24
+        - subnet: fdcc:ad94:bacf:61a3::/64
+
+  traefik:
+    external: true