Introduce a wg-init container (Alpine) that runs before wg-easy and:
- loads ip6_tables and ip6table_nat kernel modules (silently skipped if
already built-in or unavailable), fixing startup on hosts that do not
auto-load these modules (e.g. Raspberry Pi)
- sets chmod 700 on wg-data/ so private keys are protected from the
moment the container writes them
wg-easy now depends on wg-init completing successfully, making the setup
portable across hardware without any manual host configuration.
Also pins the image tag from 15.2.2 to the minor tag (15) to receive
patch updates automatically while avoiding breaking changes across majors.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Rimuove le variabili d'ambiente obsolete (WG_HOST, PASSWORD_HASH,
WG_DEFAULT_DNS) ora gestite dalla web UI. Aggiunge INSECURE=true per
accesso HTTP locale. Pulisce i commenti superflui dal compose.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Aggiunge limiti di memoria, CPU e swap al container per prevenire crash
dell'host su SBC (la causa principale era log illimitati + OOM senza cgroup)
- Aggiunge rotazione log (max 30 MB totali) per evitare riempimento SD card
- Aggiunge health check con riavvio automatico in caso di blocco Node.js
- Monta /tmp come tmpfs per ridurre scritture sulla SD card
- Pinna l'immagine a 15.2.2 invece di latest
- Semplifica README: unico metodo per generare la password, guida passo-passo
- Aggiunge variabili opzionali WG_MEM_LIMIT / WG_MEMSWAP_LIMIT / WG_CPUS in .env.example
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
davide