docker part 1

Docker/podman-compose.yml

@@ -0,0 +1,37 @@
+services:
+  vpn:
+    build: .
+    container_name: vpn-wireguard
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.src_valid_mark=1
+    volumes:
+      - ./wg0.conf:/etc/wireguard/wg0.conf:ro
+      - /lib/modules:/lib/modules:ro
+    ports:
+      # Expose app's port 8000 to the local network through the VPN container
+      - "8000:8000"
+    environment:
+      - HEALTH_CHECK_INTERVAL=10
+      - HEALTH_CHECK_HOST=1.1.1.1
+      - LOCAL_PORTS=8000
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "ping", "-c", "1", "-W", "5", "1.1.1.1"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+  app:
+    image: python:3.12-alpine
+    container_name: vpn-app
+    # Share the VPN container's network — all outgoing traffic goes through WireGuard
+    network_mode: "service:vpn"
+    depends_on:
+      vpn:
+        condition: service_healthy
+    # Example: simple HTTP server on port 8000. Replace with your actual app.
+    command: ["python3", "-m", "http.server", "8000"]