gortium/infra
1
1
Fork 0
Code Issues 13 Pull Requests 21 Actions Packages Projects 1 Releases Wiki Activity

feat: add WireGuard VPN stack #33

Merged
gortium merged 15 commits from feat/wireguard-vpn into master 2026-05-09 00:13:37 +00:00
Conversation 0 Commits 15 Files Changed 4 +86 -109

15 Commits

Author SHA1 Message Date
Hermes Agent
c53460c400 fix: remove dns option from wireguard config (not a valid nixos option) 2026-05-05 03:26:44 +00:00
Robert
ee96593e3d Merge branch 'feat/wireguard-vpn' of ssh://code.lazyworkhorse.net:2222/gortium/infra into feat/wireguard-vpn 2026-05-04 23:22:35 -04:00
Robert
030125ab01 Added wireguard pass 2026-05-04 23:21:36 -04:00
Robert
5935747902 Security fixes 2026-05-04 23:20:57 -04:00
Robert
9ae0f6ad62 Submodule update 2026-05-04 23:20:03 -04:00
Hermes Agent
5c481d664a fix: split tunnel on host VPN - only route 10.8.0.0/24 2026-05-05 02:41:29 +00:00
Hermes Agent
94a7c7195a fix: remove exposed keys from comments 2026-05-05 02:12:55 +00:00
Hermes Agent
cf279c4fb0 feat: add host-level WireGuard client via networking.wireguard 
- Add wg0 interface config with agenix-managed secrets
- Revert compose submodule to remove NET_ADMIN from Hermes
- WireGuard runs at host level, all containers inherit the tunnel
 2026-05-05 02:11:41 +00:00
Hermes Agent
b9289a149d chore: update compose submodule for Hermes NET_ADMIN + WireGuard Dockerfile 2026-05-05 01:48:24 +00:00
Hermes Agent
e0068260cb chore: move Hermes Dockerfile to compose repo, add WireGuard tools 
- Move Dockerfile.full from infra/docker/hermes to compose/ai/Dockerfile
- Add wireguard-tools and openresolv to Hermes image
- Remove stray docker/hermes directory from infra
 2026-05-05 01:43:42 +00:00
Hermes Agent
a42b2ff65d chore: update compose submodule to wireguard-vpn (fix ref) 2026-05-05 01:21:34 +00:00
Hermes Agent
92bcf1cc04 chore: update compose submodule to wireguard-vpn 2026-05-05 01:21:19 +00:00
Hermes Agent
7d0b72a513 chore: update compose submodule to linuxserver/wireguard 2026-05-05 01:18:13 +00:00
Hermes Agent
48245518a1 fix: load iptables kernel modules for WireGuard NAT 
wg-easy needs iptable_nat and iptable_filter to set up
masquerading for VPN traffic. These modules must be loaded
at boot for the container to access iptables.
 2026-05-05 01:17:14 +00:00
Hermes Agent
1673a56439 feat: add WireGuard VPN stack 
- Add vpn stack to services.dockerStacks
- Open UDP port 51820 for WireGuard protocol
- Update compose submodule to include vpn stack
 2026-05-04 22:49:06 +00:00