Add an image/container for deploying WireGuard and install the flask app required for updating the configuration just like we did it in https://github.com/openwisp/ansible-wireguard-openwisp
We can use the linuxserver/wireguard as the base docker image for the WireGuard container.
We need to provide the same level of configurability as the ansible-wireguard-openwisp. Following environment variables should be added
WIREGUARD_VPN_DOMAINWIREGUARD_CONTROLLER_URLWIREGUARD_VPN_UUIDWIREGUARD_VPN_KEYWIREGUARD_FLASK_KEYWIREGUARD_FLASK_PORTWIREGUARD_FLASK_HOSTWIREGUARD_FLASK_ENDPOINTWIREGUARD_CURL_INSECURE
Provisioning of SSL certificate for the Flask application should be done in a similar way it is done for the dashboard and api containers. The container should create a self-signed certificate for development and pull certificates from Let's Encrypt for the production environment. It should be also possible for users to specify the SSL certificates.
We shall re-use the Flask app and WireGuard updater scripts from the ansible role. We shall configure the WSGI such that it is accessible from both the internal hostname and FQDN.
Managing multiple WireGuard interfaces
In this iteration, we can defer the management of multiple WireGuard interfaces. If a user needs more than one WireGuard interface on the server, they'll have to spin up a new container.
Automatically creating WireGuard VPN server object
In this iteration, we will not enable WireGuard by default. If a user wants to use WireGuard they will have to first create a VPN server object and then spin up a container with the right environment values.
Explain the steps in the documentation for spinning up multiple WireGuard container. Explicitly mention that user will need to set environment variables for individual container because some variables will create conflicts.
Add an image/container for deploying WireGuard and install the flask app required for updating the configuration just like we did it in https://github.com/openwisp/ansible-wireguard-openwisp
We can use the linuxserver/wireguard as the base docker image for the WireGuard container.
We need to provide the same level of configurability as the ansible-wireguard-openwisp. Following environment variables should be added
WIREGUARD_VPN_DOMAINWIREGUARD_CONTROLLER_URLWIREGUARD_VPN_UUIDWIREGUARD_VPN_KEYWIREGUARD_FLASK_KEYWIREGUARD_FLASK_PORTWIREGUARD_FLASK_HOSTWIREGUARD_FLASK_ENDPOINTWIREGUARD_CURL_INSECUREProvisioning of SSL certificate for the Flask application should be done in a similar way it is done for the
dashboardandapicontainers. The container should create a self-signed certificate for development and pull certificates from Let's Encrypt for the production environment. It should be also possible for users to specify the SSL certificates.We shall re-use the Flask app and WireGuard updater scripts from the ansible role. We shall configure the WSGI such that it is accessible from both the internal hostname and FQDN.
Managing multiple WireGuard interfaces
In this iteration, we can defer the management of multiple WireGuard interfaces. If a user needs more than one WireGuard interface on the server, they'll have to spin up a new container.
Automatically creating WireGuard VPN server object
In this iteration, we will not enable WireGuard by default. If a user wants to use WireGuard they will have to first create a VPN server object and then spin up a container with the right environment values.
Explain the steps in the documentation for spinning up multiple WireGuard container. Explicitly mention that user will need to set environment variables for individual container because some variables will create conflicts.