From 0d556a6df150355a3806546bd1c8f72fe73b449f Mon Sep 17 00:00:00 2001
From: Khue Doan <mail@khuedoan.com>
Date: Thu, 18 Apr 2024 18:09:59 +0700
Subject: [PATCH] feat: install Wireguard

Secondary VPN in addition to ZeroTier/Tailscale
---
 apps/wireguard/Chart.yaml                     |  7 ++++
 apps/wireguard/values.yaml                    | 32 +++++++++++++++++++
 .../production/external-resources.md          |  2 +-
 3 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 apps/wireguard/Chart.yaml
 create mode 100644 apps/wireguard/values.yaml

diff --git a/apps/wireguard/Chart.yaml b/apps/wireguard/Chart.yaml
new file mode 100644
index 00000000..d0fc6739
--- /dev/null
+++ b/apps/wireguard/Chart.yaml
@@ -0,0 +1,7 @@
+apiVersion: v2
+name: wireguard
+version: 0.0.0
+dependencies:
+  - name: app-template
+    version: 3.1.0
+    repository: https://bjw-s.github.io/helm-charts
diff --git a/apps/wireguard/values.yaml b/apps/wireguard/values.yaml
new file mode 100644
index 00000000..476c7329
--- /dev/null
+++ b/apps/wireguard/values.yaml
@@ -0,0 +1,32 @@
+app-template:
+  controllers:
+    wireguard:
+      containers:
+        app:
+          image:
+            repository: lscr.io/linuxserver/wireguard
+            tag: latest
+          env:
+            LOG_CONFS: false
+            PEERS: |
+              KDDesktop
+              KDLaptop
+              KDPhone
+          securityContext:
+            capabilities:
+              add:
+                - NET_ADMIN
+  service:
+    wireguard:
+      controller: wireguard
+      type: LoadBalancer
+      ports:
+        http:
+          port: 51820
+          protocol: UDP
+  persistence:
+    data:
+      accessMode: ReadWriteOnce
+      size: 10Mi
+      globalMounts:
+        - path: /config
diff --git a/docs/installation/production/external-resources.md b/docs/installation/production/external-resources.md
index 9c3e237e..d1bd374c 100644
--- a/docs/installation/production/external-resources.md
+++ b/docs/installation/production/external-resources.md
@@ -79,7 +79,7 @@ To avoid vendor lock-in, each external provider must have an equivalent alternat
     - [Alternate DNS setup](../../how-to-guides/alternate-dns-setup.md)
 - Cloudflare Tunnel:
     - Use port forwarding if it's available
-    - Create a small VPS in the cloud and utilize Wireguard and HAProxy to route traffic via it
+    - Create a small VPS in the cloud and utilize Wireguard to route traffic via it
     - Access everything via VPN
     - See also [awesome tunneling](https://github.com/anderspitman/awesome-tunneling)
 - ZeroTier virtual network: