first commit

2026-05-22 09:23:27 +00:00 · 2026-05-22 09:23:27 +00:00 · 283d5fef29
commit 283d5fef29
5 changed files with 152 additions and 0 deletions
--- a/telemt/docker-compose.yaml
+++ b/telemt/docker-compose.yaml
@ -0,0 +1,29 @@
 services:
  telemt:
    image: ghcr.io/telemt/telemt:latest
    container_name: telemt
    restart: unless-stopped
    environment:
      RUST_LOG: "info"
    volumes:
      - ./telemt-config/telemt.toml:/app/config.toml:ro
    ports:
      - "11.101.0.254:9443:9443/tcp"
      - "11.101.0.254:9090:9090/tcp"
      - "11.101.0.254:9091:9091/tcp"
    cap_drop: [ALL]
    cap_add:  [NET_BIND_SERVICE]
    read_only: true
    ulimits:
      nofile:
        soft: 65536
        hard: 65536
    tmpfs:
      - /tmp:rw,nosuid,nodev,noexec,size=16m
    networks:
      overlay_net:
 networks:
  overlay_net:
    external: true
--- a/telemt/telemt-config/telemt.toml
+++ b/telemt/telemt-config/telemt.toml
@ -0,0 +1,46 @@
 show_link = "*"
 [general]
 prefer_ipv6 = false
 fast_mode = true
 use_middle_proxy = false
 [general.links]
 public_host = "moamo.duckdns.org" # Домен для генератора ссылок в API
 public_port = 443
 show = "*"
 [general.modes]
 classic = false 
 secure = false 
 tls = true 
 [server]
 port = 9443
 listen_addr_ipv4 = "0.0.0.0"
 listen_addr_ipv6 = "::"
 [server.api]
 enabled = true
 listen = "0.0.0.0:9091" # API доступен только из локалки
 read_only = true # Без функции записи
 whitelist = []
 [censorship]
 tls_domain = "moamo.duckdns.org"   # домен для SNI (пример! см. ниже)
 mask = true # Включает проксирование реального сайта
 mask_port = 443
 fake_cert_len = 2048
 [access.users]
 pycm1k_PC = "1f07e0ef009c1093ab00a319df2e034f"
 pycm1k_mob = "e6e245ae24803a238fd590aff8c10011"
 Guzel = "f6d3be367f53d4a4143761a84283d8dc"
 user4 = "2f750614c7f86c2f9a55ea97800b0901"
 user5 = "0d16957b75ea8e18c993d6541ccce203"
 [[upstreams]]
 type = "direct"
 enabled = true
 weight = 10
--- a/wg-easy/config/wg-easy.db
+++ b/wg-easy/config/wg-easy.db
--- a/wg-easy/config/wg0.conf
+++ b/wg-easy/config/wg0.conf
@ -0,0 +1,39 @@
 # Note: Do not edit this file directly.
 # Your changes will be overwritten!
 # Server
 [Interface]
 PrivateKey = EHMSZLuis/jEpPsG/TDYZQKQ54NC9bVdsfrvsuvYPUA=
 Address = 11.2.2.1/24, fdcc:ad94:bacf:61a4::cafe:1/112
 ListenPort = 30351
 MTU = 1420
 PreUp = 
 PostUp = iptables -t nat -A POSTROUTING -s 11.2.2.0/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 30351 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -s fdcc:ad94:bacf:61a4::cafe:0/112 -o eth0 -j MASQUERADE; ip6tables -A INPUT -p udp -m udp --dport 30351 -j ACCEPT; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -A FORWARD -o wg0 -j ACCEPT;
 PreDown = 
 PostDown = iptables -t nat -D POSTROUTING -s 11.2.2.0/24 -o eth0 -j MASQUERADE; iptables -D INPUT -p udp -m udp --dport 30351 -j ACCEPT; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -s fdcc:ad94:bacf:61a4::cafe:0/112 -o eth0 -j MASQUERADE; ip6tables -D INPUT -p udp -m udp --dport 30351 -j ACCEPT; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -D FORWARD -o wg0 -j ACCEPT;
 # Client: pycm1k_mob (2)
 [Peer]
 PublicKey = MWg1eoLgk33nISm+wdNq0VqDgcjwm0Ca67fVMmXJ5B4=
 PresharedKey = 7mHaccI99dTOTadsE16JtDYBiALe7OEEColhjwD3UVc=
 AllowedIPs = 11.2.2.2/32, fdcc:ad94:bacf:61a4::cafe:2/128
 # Client: Guz_mob (3)
 [Peer]
 PublicKey = TH82PnmFEvhll2+Q7khacquBcjFp4hDez5xJOIGqfgE=
 PresharedKey = rUO4yWosBVw6NLaOVwl3KmBmI5NiN4oYrFgj2xeslvk=
 AllowedIPs = 11.2.2.3/32, fdcc:ad94:bacf:61a4::cafe:3/128
 # Client: RT (4)
 [Peer]
 PublicKey = vj5BUw8SSLSZzIgMVQ3yz1yBKUO2ALb13iQWRJoKHSs=
 PresharedKey = 7bupfK6uW4KGIQ3/MnRkliQwfNSM32sHPzgaSEDio3o=
 AllowedIPs = 11.2.2.4/32, fdcc:ad94:bacf:61a4::cafe:4/128, 192.168.30.0/24, 11.2.2.4/32
 # Client: vm_mts (5)
 [Peer]
 PublicKey = ggg+wnwD4roCBRePtXeTSqtu16PPKb7w8RWyY8aOIRg=
 PresharedKey = i6ATEWiKSIHTBi+8ecxk9BLuA0G4W955roZCeVdP3v4=
 AllowedIPs = 11.2.2.5/32, fdcc:ad94:bacf:61a4::cafe:5/128, 11.200.0.0/24, 11.1.1.0/24
--- a/wg-easy/docker-compose.yaml
+++ b/wg-easy/docker-compose.yaml
@ -0,0 +1,38 @@
 volumes:
  etc_wireguard:
 services:
  wg-easy:
    environment:
    #  Optional:
 #      - PORT=30351
    #  - HOST=0.0.0.0
      - INSECURE=true
    image: ghcr.io/wg-easy/wg-easy:15.3.0
    container_name: wg-easy
    networks:
       overlay_net:
        ipv4_address: 11.101.0.1
    volumes:
      - ./config:/etc/wireguard
      - /lib/modules:/lib/modules:ro
    ports:
      - "30351:30351/udp"
      - "30777:51821/tcp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
      # - NET_RAW # ⚠️ Uncomment if using Podman
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv6.conf.all.forwarding=1
      - net.ipv6.conf.default.forwarding=1
 networks:
  overlay_net:
    external: true