feat: install Wireguard

Secondary VPN in addition to ZeroTier/Tailscale

apps/wireguard/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+name: wireguard
+version: 0.0.0
+dependencies:
+  - name: app-template
+    version: 3.1.0
+    repository: https://bjw-s.github.io/helm-charts

apps/wireguard/values.yaml

@@ -0,0 +1,32 @@
+app-template:
+  controllers:
+    wireguard:
+      containers:
+        app:
+          image:
+            repository: lscr.io/linuxserver/wireguard
+            tag: latest
+          env:
+            LOG_CONFS: false
+            PEERS: |
+              KDDesktop
+              KDLaptop
+              KDPhone
+          securityContext:
+            capabilities:
+              add:
+                - NET_ADMIN
+  service:
+    wireguard:
+      controller: wireguard
+      type: LoadBalancer
+      ports:
+        http:
+          port: 51820
+          protocol: UDP
+  persistence:
+    data:
+      accessMode: ReadWriteOnce
+      size: 10Mi
+      globalMounts:
+        - path: /config

docs/installation/production/external-resources.md

@@ -79,7 +79,7 @@ To avoid vendor lock-in, each external provider must have an equivalent alternat
     - [Alternate DNS setup](../../how-to-guides/alternate-dns-setup.md)
 - Cloudflare Tunnel:
     - Use port forwarding if it's available
-    - Create a small VPS in the cloud and utilize Wireguard and HAProxy to route traffic via it
+    - Create a small VPS in the cloud and utilize Wireguard to route traffic via it
     - Access everything via VPN
     - See also [awesome tunneling](https://github.com/anderspitman/awesome-tunneling)
 - ZeroTier virtual network: