From 9dfa4d28c84f2cb9bf6ffe313dcddba40a8a0757 Mon Sep 17 00:00:00 2001
From: simon <simon@rieger.app>
Date: Sat, 10 Feb 2024 23:34:03 +0000
Subject: [PATCH] docs: create
 guides/wireguard-pihole/wireguard-mit-pihole-einrichten

---
 .../wireguard-mit-pihole-einrichten.md        | 161 ++++++++++++++++++
 1 file changed, 161 insertions(+)
 create mode 100644 guides/wireguard-pihole/wireguard-mit-pihole-einrichten.md

diff --git a/guides/wireguard-pihole/wireguard-mit-pihole-einrichten.md b/guides/wireguard-pihole/wireguard-mit-pihole-einrichten.md
new file mode 100644
index 0000000..6554140
--- /dev/null
+++ b/guides/wireguard-pihole/wireguard-mit-pihole-einrichten.md
@@ -0,0 +1,161 @@
+---
+title: Anleitung zur Erstellung eines Docker-Containers für wg-easy-extended und Pihole
+description: 
+published: true
+date: 2024-02-10T23:33:59.348Z
+tags: 
+editor: markdown
+dateCreated: 2024-02-10T23:33:59.348Z
+---
+
+# Anleitung zur Erstellung eines Docker-Containers für wg-easy-extended
+
+## Schritt 1: Docker Compose-Datei erstellen
+
+Erstellen Sie eine Datei mit dem Namen `docker-compose.yml` und fügen Sie den folgenden Inhalt ein:
+
+```yaml
+version: "3"
+
+# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
+services:
+  pihole:
+    container_name: pihole
+    #image: pihole/pihole:latest
+    image: cbcrowe/pihole-unbound:latest
+    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
+    ports:
+      - "127.0.0.1:53:53/tcp"
+      - "127.0.0.1:53:53/udp"
+      #- "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
+      #- "127.0.0.1:8084:80/tcp"
+    environment:
+      ServerIP: 10.8.1.3
+      TZ: 'Europe/Berlin'
+      WEBPASSWORD: '${PASSWORT}'
+      REV_SERVER: 'false'
+      DNS1: 127.0.0.1#5335 # Hardcoded to our Unbound server
+      DNS2: 127.0.0.1#5335 # Hardcoded to our Unbound server
+      DNSSEC: 'true' # Enable DNSSEC
+      VIRTUAL_HOST: pihole.${WEBSEITE}
+      VIRTUAL_PORT: 80
+      LETSENCRYPT_HOST: pihole.${WEBSEITE}
+      LETSENCRYPT_EMAIL: admin@${WEBSEITE}
+
+    # Volumes store your data between container upgrades
+    volumes:
+      - './etc-pihole:/etc/pihole'
+      - './etc-dnsmasq.d:/etc/dnsmasq.d'
+    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
+    cap_add:
+      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
+    restart: always
+
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
+      - flame.type=application
+      - flame.name=Pi-hole
+      - flame.url=https://pihole.${WEBSEITE}/admin/
+      - flame.icon=dns
+
+    networks:
+      proxy:
+      edge-tier:      
+      dns:
+        ipv4_address: 172.28.0.2
+      wg-easy:
+        ipv4_address: 10.8.1.3
+
+  wg-easy-extended:
+    container_name: wg-easy-extended
+    environment:
+      WG_HOST: brothertec.eu
+      PASSWORD: ${PASSWORT}
+      #- WG_DEFAULT_DNS=1.1.1.1
+      WG_DEFAULT_DNS: 10.8.1.3
+      WG_DEFAULT_ADDRESS: 10.8.0.x
+      # - WG_MTU=1420
+      WG_PERSISTENT_KEEPALIVE: 25
+      WG_ALLOWED_IPS: 10.8.0.0/24,10.8.1.3
+      WG_POST_UP: >
+          iptables-legacy -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE;
+          iptables-legacy -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE;
+          iptables-legacy -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth2 -j MASQUERADE;
+          iptables-legacy -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth3 -j MASQUERADE;
+          iptables-legacy -A INPUT -p udp -m udp --dport 51820 -j ACCEPT;
+          iptables-legacy -A FORWARD -i wg0 -j ACCEPT;
+          iptables-legacy -A FORWARD -o wg0 -j ACCEPT;
+      # - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
+      # - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
+      # - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
+      # - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt
+
+      VIRTUAL_HOST: vpn.${WEBSEITE}
+      VIRTUAL_PORT: 51821
+      LETSENCRYPT_HOST: vpn.${WEBSEITE}
+      LETSENCRYPT_EMAIL: admin@${WEBSEITE}
+    volumes:
+        - ./wg-easy:/etc/wireguard
+    ports:
+        - 51820:51820/udp
+        #- 51821:51821/tcp
+        #- 9586:9586/tcp
+    cap_add:
+        - NET_ADMIN
+        - SYS_MODULE
+    sysctls:
+        - net.ipv4.conf.all.src_valid_mark=1
+        - net.ipv4.ip_forward=1
+    restart: unless-stopped
+    image: ghcr.io/tolkonepiu/wg-easy-extended
+
+    networks:
+      proxy:
+      edge-tier:
+      dns:
+        ipv4_address: 172.28.0.3
+      wg-easy:
+        ipv4_address: 10.8.1.2
+
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
+      - flame.type=application
+      - flame.name=Wireguard
+      - flame.url=https://vpn.${WEBSEITE}
+      - flame.icon=vpn
+
+networks:
+  proxy:
+    name: nginx-proxy
+    external: true
+  edge-tier:
+    name: edge
+    external: true
+  dns:
+    name: dns
+    external: true
+  wg-easy:
+    ipam:
+      config:
+        - subnet: 10.8.1.0/24
+
+
+```
+
+## Schritt 2: Erstellen des DNS Netzwerkes
+
+~~~
+docker network create --driver=bridge --subnet=172.28.0.0/16 dns
+~~~
+
+## Schritt 3: Docker-Container starten
+
+Navigieren Sie im Terminal zum Verzeichnis, in dem sich die `docker-compose.yml`-Datei befindet, und führen Sie den folgenden Befehl aus, um den Docker-Container zu starten:
+
+```bash
+docker-compose up -d
+```
+
+Der Parameter `-d` startet den Container im Hintergrund.
+
+Nachdem der Container gestartet wurde, ist Ihr wg-easy-extended-Dienst einsatzbereit.
\ No newline at end of file