first commit

telemt/docker-compose.yaml

@@ -0,0 +1,29 @@
+services:
+  telemt:
+    image: ghcr.io/telemt/telemt:latest
+    container_name: telemt
+    restart: unless-stopped
+    environment:
+      RUST_LOG: "info"
+    volumes:
+      - ./telemt-config/telemt.toml:/app/config.toml:ro
+    ports:
+      - "11.101.0.254:9443:9443/tcp"
+      - "11.101.0.254:9090:9090/tcp"
+      - "11.101.0.254:9091:9091/tcp"
+    cap_drop: [ALL]
+    cap_add:  [NET_BIND_SERVICE]
+    read_only: true
+    ulimits:
+      nofile:
+        soft: 65536
+        hard: 65536
+    tmpfs:
+      - /tmp:rw,nosuid,nodev,noexec,size=16m
+
+    networks:
+      overlay_net:
+
+networks:
+  overlay_net:
+    external: true

telemt/telemt-config/telemt.toml

@@ -0,0 +1,46 @@
+show_link = "*"
+
+[general]
+prefer_ipv6 = false
+fast_mode = true
+use_middle_proxy = false
+
+[general.links]
+public_host = "moamo.duckdns.org" # Домен для генератора ссылок в API
+public_port = 443
+show = "*"
+
+[general.modes]
+classic = false 
+secure = false 
+tls = true 
+
+[server]
+port = 9443
+listen_addr_ipv4 = "0.0.0.0"
+listen_addr_ipv6 = "::"
+
+
+[server.api]
+enabled = true
+listen = "0.0.0.0:9091" # API доступен только из локалки
+read_only = true # Без функции записи
+whitelist = []
+
+[censorship]
+tls_domain = "moamo.duckdns.org"   # домен для SNI (пример! см. ниже)
+mask = true # Включает проксирование реального сайта
+mask_port = 443
+fake_cert_len = 2048
+
+[access.users]
+pycm1k_PC = "1f07e0ef009c1093ab00a319df2e034f"
+pycm1k_mob = "e6e245ae24803a238fd590aff8c10011"
+Guzel = "f6d3be367f53d4a4143761a84283d8dc"
+user4 = "2f750614c7f86c2f9a55ea97800b0901"
+user5 = "0d16957b75ea8e18c993d6541ccce203"
+
+[[upstreams]]
+type = "direct"
+enabled = true
+weight = 10

wg-easy/config/wg0.conf

@@ -0,0 +1,39 @@
+# Note: Do not edit this file directly.
+# Your changes will be overwritten!
+
+# Server
+[Interface]
+PrivateKey = EHMSZLuis/jEpPsG/TDYZQKQ54NC9bVdsfrvsuvYPUA=
+Address = 11.2.2.1/24, fdcc:ad94:bacf:61a4::cafe:1/112
+ListenPort = 30351
+MTU = 1420
+
+PreUp = 
+PostUp = iptables -t nat -A POSTROUTING -s 11.2.2.0/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 30351 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -s fdcc:ad94:bacf:61a4::cafe:0/112 -o eth0 -j MASQUERADE; ip6tables -A INPUT -p udp -m udp --dport 30351 -j ACCEPT; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -A FORWARD -o wg0 -j ACCEPT;
+PreDown = 
+PostDown = iptables -t nat -D POSTROUTING -s 11.2.2.0/24 -o eth0 -j MASQUERADE; iptables -D INPUT -p udp -m udp --dport 30351 -j ACCEPT; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -s fdcc:ad94:bacf:61a4::cafe:0/112 -o eth0 -j MASQUERADE; ip6tables -D INPUT -p udp -m udp --dport 30351 -j ACCEPT; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -D FORWARD -o wg0 -j ACCEPT;
+
+# Client: pycm1k_mob (2)
+[Peer]
+PublicKey = MWg1eoLgk33nISm+wdNq0VqDgcjwm0Ca67fVMmXJ5B4=
+PresharedKey = 7mHaccI99dTOTadsE16JtDYBiALe7OEEColhjwD3UVc=
+AllowedIPs = 11.2.2.2/32, fdcc:ad94:bacf:61a4::cafe:2/128
+
+# Client: Guz_mob (3)
+[Peer]
+PublicKey = TH82PnmFEvhll2+Q7khacquBcjFp4hDez5xJOIGqfgE=
+PresharedKey = rUO4yWosBVw6NLaOVwl3KmBmI5NiN4oYrFgj2xeslvk=
+AllowedIPs = 11.2.2.3/32, fdcc:ad94:bacf:61a4::cafe:3/128
+
+# Client: RT (4)
+[Peer]
+PublicKey = vj5BUw8SSLSZzIgMVQ3yz1yBKUO2ALb13iQWRJoKHSs=
+PresharedKey = 7bupfK6uW4KGIQ3/MnRkliQwfNSM32sHPzgaSEDio3o=
+AllowedIPs = 11.2.2.4/32, fdcc:ad94:bacf:61a4::cafe:4/128, 192.168.30.0/24, 11.2.2.4/32
+
+# Client: vm_mts (5)
+[Peer]
+PublicKey = ggg+wnwD4roCBRePtXeTSqtu16PPKb7w8RWyY8aOIRg=
+PresharedKey = i6ATEWiKSIHTBi+8ecxk9BLuA0G4W955roZCeVdP3v4=
+AllowedIPs = 11.2.2.5/32, fdcc:ad94:bacf:61a4::cafe:5/128, 11.200.0.0/24, 11.1.1.0/24
+

wg-easy/docker-compose.yaml

@@ -0,0 +1,38 @@
+volumes:
+  etc_wireguard:
+
+services:
+  wg-easy:
+    environment:
+    #  Optional:
+#      - PORT=30351
+    #  - HOST=0.0.0.0
+      - INSECURE=true
+
+    image: ghcr.io/wg-easy/wg-easy:15.3.0
+    container_name: wg-easy
+    networks:
+       overlay_net:
+        ipv4_address: 11.101.0.1
+    volumes:
+      - ./config:/etc/wireguard
+      - /lib/modules:/lib/modules:ro
+    ports:
+      - "30351:30351/udp"
+      - "30777:51821/tcp"
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+      # - NET_RAW # ⚠️ Uncomment if using Podman
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.src_valid_mark=1
+      - net.ipv6.conf.all.disable_ipv6=0
+      - net.ipv6.conf.all.forwarding=1
+      - net.ipv6.conf.default.forwarding=1
+
+
+networks:
+  overlay_net:
+    external: true