Is it possible to use WireGuard in Docker as well?

[bikeymouse]

I'm trying to get this wg-gen web to connect to my Wireguard installation that also runs in Docker using the Linux-server Docker container..

However I'm having issues to get the API working, probably because it needs access to WireGuard inside the other container. Also I guess that if wg-gen web is updating the config it should be able trigger a restart of the WireGuard container or something, to have the config reloaded.

So I'm wondering if this even possible, or shouldn't I even try this? It would be great if we could have a single docker-compose template that would install Wireguard + WG Gen including the API in one go!

[vx3r]

The container u are using is already managing the peers config creation.
Also I guess that if wg-gen web is updating the config it should be able trigger a restart of the WireGuard container or something, to have the config reloaded. actually no, consider reading the whole readme please

It would be great if we could have a single docker-compose template that would install Wireguard + WG Gen including the API in one go!

What is the point of having WireGuard """inside""" the container ? Wireguard is a kernel module

[bikeymouse]

The container u are using is already managing the peers config creation.

Yes, but not via a web-interface and without any stats. That's why I was looking at wg-gen web to complement that.

[Also I guess that if wg-gen web is updating the config it should be able trigger a restart of the WireGuard container or something, to have the config reloaded. consider reading the whole readme please

I think using systemd is not going to work as it tries to restart the WireGuard service. But that would be tried on the host, while Wireguard is running as a Docker container, so I would assume that this does not work. Or is that not correct?

It would be great if we could have a single docker-compose template that would install Wireguard + WG Gen including the API in one go!

What is the point of having WireGuard """inside""" the container ? Wireguard is a kernel module

The point is that with a Docker-based installation I can get WireGuard + WG-Gen Web installed, updated or deleted on any host (with Docker) in 5 seconds without any manual steps or downloads.

[vx3r]

okay i see. Wg Gen Web is generating standard WireGuard config files, its up to you to manage how WireGuard will pick them up.

The point is that with a Docker-based installation I can get WireGuard + WG-Gen Web installed, updated or deleted on any host (with Docker) in 5 seconds without any manual steps or downloads.

i was asking specifically about WireGuard, not docker in general. WireGuard is a kernel module and containers share the same kernel. Its like running iptables scripts firewall inside the container.

[NemesisRE]

I had the same wish so I added it the linuxserver.io way (https://www.linuxserver.io/blog/2019-09-14-customizing-our-containers)

in /config/custom-cont-init.d/ I created two scripts
inotify:

#!/usr/bin/with-contenv bash

echo "****** Installing inotifytools ******"
apt update
apt install inotify-tools -y

wg-api

#!/usr/bin/with-contenv bash

echo "****** Installing wg-api ******"
apt update
apt install golang-1.13 -y

git clone https://github.com/jamescun/wg-api.git /wg-api
cd /wg-api
GO_ENABLED=0 GOOS=linux /usr/lib/go-1.13/bin/go build -o wg-api cmd/wg-api.go
cp wg-api /app/
cd /
rm -rf wg-api

and another two in the /config/custom-services.d/
inotify:

#!/usr/bin/with-contenv bash

while inotifywait -e modify -e create /config; do
  wg-quick down wg0
  wg-quick up wg0
done

wg-api:

#!/usr/bin/with-contenv bash

exec \
    /app/wg-api --device wg0 --listen 0.0.0.0:8080