From 293429a124f72e75e4f29620bb3fb9ec201d03d3 Mon Sep 17 00:00:00 2001
From: Thierry Pouplier <tpouplier@tdnde.com>
Date: Mon, 4 May 2026 22:46:50 +0000
Subject: [PATCH] feat: add WireGuard VPN stack with wg-easy

---
 vpn/compose.yml | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 vpn/compose.yml

diff --git a/vpn/compose.yml b/vpn/compose.yml
new file mode 100644
index 0000000..1511920
--- /dev/null
+++ b/vpn/compose.yml
@@ -0,0 +1,35 @@
+version: "3.8"
+
+services:
+  wg-easy:
+    image: weejewel/wg-easy:latest
+    container_name: wg-easy
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    environment:
+      - WG_HOST=vpn.lazyworkhorse.net
+      - PASSWORD=${WG_PASSWORD}
+      - WG_PORT=51820
+      - WG_DEFAULT_ADDRESS=10.8.0.x
+      - WG_DEFAULT_DNS=1.1.1.1,8.8.8.8
+      - WG_ALLOWED_IPS=0.0.0.0/0, ::/0
+      - WG_PERSISTENT_KEEPALIVE=25
+      - UI_TRAFFIC_STATS=true
+      - UI_CHART_TYPE=0
+    ports:
+      - "51820:51820/udp"
+      - "51821:51821/tcp"
+    volumes:
+      - /mnt/HoardingCow_docker_data/WireGuard:/etc/wireguard:rw
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1
+      - net.ipv4.ip_forward=1
+    restart: unless-stopped
+    networks:
+      - vpn_net
+
+networks:
+  vpn_net:
+    external: true
+    name: vpn_net