Home

Awesome

docker-wireguard

A simple docker image containing everything necessary to run wireguard on your Linux box.

Why

Most of wireguard docker images build the module (or even install the wireguard package) at run time, inside docker entrypoint. This is not optimal, as restarting or recreating the container causes downtime. This implementation avoids doing so (when it can).

The wireguard PPA, package, and linux-headers are installed at build time. If the kernel version at build time and run time are the same, then the prebuilt module is installed using dkms install, which is almost instant. If the run time kernel differs from the one used to build the module, the entrypoint will install linux-headers and rebuild the module. If this happens, you can always just rebuild (docker-compose build --no-cache) the image to update the dependencies, and enjoy fast boot-up times again.

Also, because wireguard needs to install a kernel module on the host, proper clean-up is necessary. When the container is being shut down, the entrypoint should properly delete the network interface and uninstall the kernel module.

How

Caveats

Todo's:

Acknowledgements

Activeeos and their implementation

Stavros Korokithakis and his awesome write up

And of course, wireguard, for one awesome VPN