From eea6db3ceba56424e57b2b32f2c2e7268dd88e45 Mon Sep 17 00:00:00 2001
From: Thierry Pouplier <tpouplier@tdnde.com>
Date: Tue, 5 May 2026 01:21:17 +0000
Subject: [PATCH] feat: add WireGuard VPN stack (wg-easy, named wireguard)

---
 vpn/compose.yml | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/vpn/compose.yml b/vpn/compose.yml
index a064443..ceb4f35 100644
--- a/vpn/compose.yml
+++ b/vpn/compose.yml
@@ -2,19 +2,26 @@ version: "3.8"
 
 services:
   wireguard:
-    image: ghcr.io/linuxserver/wireguard:latest
+    image: weejewel/wg-easy:latest
     container_name: wireguard
     cap_add:
       - NET_ADMIN
       - SYS_MODULE
     environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=America/Montreal
+      - WG_HOST=vpn.lazyworkhorse.net
+      - PASSWORD=${WG_PASSWORD}
+      - WG_PORT=51820
+      - WG_DEFAULT_ADDRESS=10.8.0.x
+      - WG_DEFAULT_DNS=1.1.1.1,8.8.8.8
+      - WG_ALLOWED_IPS=0.0.0.0/0, ::/0
+      - WG_PERSISTENT_KEEPALIVE=25
+      - UI_TRAFFIC_STATS=true
+      - UI_CHART_TYPE=0
     ports:
       - "51820:51820/udp"
+      - "51821:51821/tcp"
     volumes:
-      - /mnt/HoardingCow_docker_data/WireGuard:/config:rw
+      - /mnt/HoardingCow_docker_data/WireGuard:/etc/wireguard:rw
     sysctls:
       - net.ipv4.conf.all.src_valid_mark=1
       - net.ipv4.ip_forward=1