From 92325d3a19bc995920c9eeae9935133d179adace Mon Sep 17 00:00:00 2001
From: Thomas Hintz <t@thintz.com>
Date: Wed, 13 Aug 2025 06:55:11 -0700
Subject: [PATCH] Working lb with domain name and wg-easy.

---
 flatcar/app/Makefile            |  2 ++
 flatcar/app/docker-compose.yaml | 59 +++++++++++++++++++++++++++------
 flatcar/app/lb/Caddyfile        |  9 ++---
 3 files changed, 56 insertions(+), 14 deletions(-)
 create mode 100644 flatcar/app/Makefile

diff --git a/flatcar/app/Makefile b/flatcar/app/Makefile
new file mode 100644
index 0000000..66f67a7
--- /dev/null
+++ b/flatcar/app/Makefile
@@ -0,0 +1,2 @@
+run:
+	sudo docker-compose up
diff --git a/flatcar/app/docker-compose.yaml b/flatcar/app/docker-compose.yaml
index a4c2de2..f4ebaac 100644
--- a/flatcar/app/docker-compose.yaml
+++ b/flatcar/app/docker-compose.yaml
@@ -4,23 +4,62 @@ services:
     image: docker.io/caddy:2
     volumes:
       - /var/lb/caddy:/etc/caddy
+#      - ./lb/:/etc/caddy
+      - config:/config
+      - data:/data
     networks:
       - lb
     restart: unless-stopped
     ports:
       - "443:443"
       - "80:80"
-  thintz-com:
-    image: docker.io/caddy:2
-    volumes:
-      - /var/thintz-com/caddy:/etc/caddy
+  # thintz-com:
+  #   image: docker.io/caddy:2
+  #   volumes:
+  #     #- /var/thintz-com/caddy:/etc/caddy
+  #     - ./thintz-com/:/etc/caddy
+  #   networks:
+  #     - lb
+  #   restart: unless-stopped
+  # nginx:
+  #   image: nginx
+  #   restart: unless-stopped
+  #   networks:
+  #     - lb
+  wg-easy:
+    image: ghcr.io/wg-easy/wg-easy:15
+    environment:
+      - PORT=80
+    ports:
+      - "51820:51820/udp"
     networks:
-      - lb
-    restart: unless-stopped
-  nginx:
-    image: nginx
+      lb:
+      wg:
+        ipv4_address: 10.42.42.42
+#        ipv6_address: fdcc:ad94:bacf:61a3::2a
+    volumes:
+      - etc_wireguard:/etc/wireguard
+      - /lib/modules:/lib/modules:ro
     restart: unless-stopped
-    networks:
-      - lb
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.src_valid_mark=1
+      - net.ipv6.conf.all.disable_ipv6=0
+      - net.ipv6.conf.all.forwarding=1
+      - net.ipv6.conf.default.forwarding=1
 networks:
   lb:
+  wg:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.42.42.0/24
+        - subnet: fdcc:ad94:bacf:61a3::/64
+volumes:
+  config:
+  data:
+  etc_wireguard:
diff --git a/flatcar/app/lb/Caddyfile b/flatcar/app/lb/Caddyfile
index bc4ab2d..32ba70f 100644
--- a/flatcar/app/lb/Caddyfile
+++ b/flatcar/app/lb/Caddyfile
@@ -1,4 +1,5 @@
-localhost
-
-reverse_proxy http://nginx
-log
\ No newline at end of file
+nassella.thintz.com {
+  reverse_proxy http://wg-easy:80
+  # tls internal
+  log
+}
\ No newline at end of file