#wireguard container

can anyone see whats wrong with this wireguard docker-compose.yml file? ```yml
version: "2.1"
services:
wireguard:
image: lscr.io/linuxserver/wireguard:latest
container_name: wireguard
cap_add:
- NET_ADMIN
#- SYS_MODULE #optional
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
- SERVERURL=pi5vpn.duckdns.org
#- SERVERPORT=51820 #optional
- PEERS=3 #optional
#- PEERDNS= #optional
#- INTERNAL_SUBNET=10.13.13.0 #optional
#- ALLOWEDIPS=0.0.0.0/0 #optional
#- PERSISTENTKEEPALIVE_PEERS= #optional
- LOG_CONFS=true #optional
volumes:
- /root/dockerdata/wg:/config
#- /lib/modules:/lib/modules #optional
ports:
- 51820:51820/udp
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: always
networks:
- mainnet
networks:
mainnet:
external: true

i can succesfully connect but it doesnt give me internet access

and im using duckdns. this is the docker-compose file for that ```yml
  dynamic-dns:
    container_name: dynamic-dns
    image: joweisberg/dynamic-dns:latest
    restart: unless-stopped
    environment:
      - TZ=Europe/London
      - USER=not tellin
      - PASSWORD=not tellin
      - SERVICE=duckdns
      - HOSTNAME="pi5vpn.duckdns.org"
      - DETECTIP=1
      - INTERVAL=10
``` this is on my raspberry pi 5 running raspberry pi os.

My first quesiton is... Why are you trying to even run wireguard in a docker container at all in the first place?

so i can have more controll over it

That's.... not how containers... work...

oh? go ahead explain i may not be getting something.

also i do just want to learn more docker

so thats one reason

Consistency? Yes. Automation? Yes. Stability? No, Saves Space? No.

i thought space was wrong

but stability is the main thing for me. is it not more stable?

You're basically trying to run something as root in a container that requires root, and literally gaining nothing but more pain.

No.

trying to run something as root that requires root? is my brain not functioning?

thats correct right?

You could literally have Wireguard up and running in mere minutes with a simple basic tutorial, https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-debian-11

okay i might follow that

just one question

so why do people use docker? specifically for wireguard really

ive seen so many use it and your just saying its useless and just creating more work?

Why do people use docker? I'm still trying to figure that out myself. I've got my own docker swarm cluster setup, and while it's kinda nice, it's also kinda more of a pain in the ass in more ways than if I just didn't do it at all. Worse yet is kubernetes, like working on a black hole. Over engineered nonsense that is so painful and tedious to maintain that it's barely benefitial at all.

But, I do use Docker-Compose and Docker Swarm and learning Nomad because it allows for a cluster orchestration that's pretty powerful and allows for a bit more automated deployment, maintenance, rollback, upgrade, and high availability.

okay that makes sense

But the question why would people use it for Wireguard? No fucking clue. It's pretty stupid. 🙂

im going to get a second opinion on it but thank you

Wireguard WITHIN a Docker cluster to bridge networks together amongst physical systems as a CNI, I can understand.

i just find it weird ive seen no one else complain and its so popular and you just randomly fight the wind

Wireguard as a VPN to gain internet->internal access. Nonsense.

wdym? wireguard is very useful

Read the specific wording of that statement.

used pivpn all the time but now i was gonna upgrade to docker

yup your right

should i just go back to pivpn?

That's a personal decision only you can choose to make.

okay fair enough

I think the use of docker for anything that still requires root access to run, is not an ideal use of Docker, at all. And pretty much everything from lsio... Runs as root, they still haven't learned to make things properly use docker's user username:groupname methods.

And wireguard, in general, just requires root in order to setup a tunnel properly anyway.

well i do run it as root

You're not getting the point. It's of no "security" benefit.

hmm. also i must point out the security isnt the main benefit for me

my pi 5 is also a nas so i use wireguard to access the files from anywhere

Heh, then maybe you should consider an alternative approach, like Nextcloud or something. :p

sftp sg tho

sg tho? Translation?>

sorry

so good

though

...

Okay. We're done.

Good luck!

what because i used a abbreviation?? sorry..

Click profile you'll understand quickly.

Anyway, good luck, I gave you my opinions and thoughts and experience.

Others might chime in as well, but me, I'm done with this. 🙂

that isnt sctspk tho

It is.

Goodbye.