From 7a78f72d518a252904fc662550490a1ba8878ab5 Mon Sep 17 00:00:00 2001
From: Veneficium <85629831+veneficium42@users.noreply.github.com>
Date: Mon, 30 Dec 2024 23:35:21 +0100
Subject: [PATCH] containers: add wg-easy container

---
 containers/wg-easy.nix | 46 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 containers/wg-easy.nix

diff --git a/containers/wg-easy.nix b/containers/wg-easy.nix
new file mode 100644
index 0000000..91013af
--- /dev/null
+++ b/containers/wg-easy.nix
@@ -0,0 +1,46 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  options.settings.containers.wg-easy = {
+    enable = lib.mkEnableOption "enable wg-easy arion container";
+    host-public-addr = lib.mkOption {
+      description = "The public address of the host system";
+      type = lib.types.str;
+    };
+  };
+
+  config = lib.mkIf config.settings.containers.wg-easy.enable {
+    virtualisation.arion.projects.wg-easy = {
+      settings = {
+        project.name = "wg-easy";
+        services.wg-easy = {
+          service.useHostStore = true;
+          service.image = "ghcr.io/wg-easy/wg-easy:latest";
+          service.ports = [
+            "51820:51820/udp"
+            "51821:51821/tcp"
+          ];
+          service.volumes = [
+            "/config/wg-easy:/etc/wireguard"
+          ];
+          service.capabilities = {
+            NET_ADMIN = true;
+            NET_RAW = true;
+            SYS_MODULE = true;
+          };
+          service.sysctls = {
+            net.ipv4.ip_forward = 1;
+            net.ipv4.conf.all.src_valid_mark = 1;
+          };
+          service.environment = {
+            WG_HOST = config.settings.containers.wg-easy.host-public-addr;
+          };
+        };
+      };
+    };
+  };
+}