From 4b3c8a2424073dedb5c92e60be2352ed047c822b Mon Sep 17 00:00:00 2001
From: Theis <theis.gaedigk@icloud.com>
Date: Tue, 20 Jan 2026 20:17:53 +0100
Subject: [PATCH] edited compose file

---
 dnsmasq.conf            | 15 ++++++++++++
 docker-compose.prod.yml | 52 +++++++++++++++++++++++++++--------------
 2 files changed, 49 insertions(+), 18 deletions(-)
 create mode 100644 dnsmasq.conf

diff --git a/dnsmasq.conf b/dnsmasq.conf
new file mode 100644
index 0000000..62e9b7a
--- /dev/null
+++ b/dnsmasq.conf
@@ -0,0 +1,15 @@
+# DNS-Server für ca-lose VPN-Clients
+# Upstream DNS für externe Anfragen
+server=1.1.1.1
+server=8.8.8.8
+
+# Kein DHCP, nur DNS
+no-dhcp-interface=
+
+# Logging
+log-queries
+
+# Interne Hostnamen
+address=/lose-verkaufen/172.25.0.3
+address=/ca-lose-frontend/172.25.0.3
+address=/ca-lose-backend/172.25.0.4
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 6ebb52b..9198157 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -4,7 +4,8 @@ services:
     hostname: lose-verkaufen
     build: ./frontend
     networks:
-      - ca-lose-internal
+      ca-lose-internal:
+        ipv4_address: 172.25.0.3
     restart: unless-stopped
 
   backend:
@@ -19,7 +20,8 @@ services:
     depends_on:
       - database
     networks:
-      - ca-lose-internal
+      ca-lose-internal:
+        ipv4_address: 172.25.0.4
     restart: unless-stopped
 
   database:
@@ -36,31 +38,45 @@ services:
     networks:
       - ca-lose-internal
 
-  wireguard:
-    container_name: ca-lose-wireguard
-    image: ghcr.io/wg-easy/wg-easy
-    environment:
-      - WG_HOST=${WG_HOST}
-      - WG_DEFAULT_ADDRESS=10.10.0.x
-      - WG_DEFAULT_DNS=1.1.1.1
-      - WG_ALLOWED_IPS=172.25.0.0/24
-      - WG_PORT=51830
-      - PASSWORD_HASH=$$2a$$12$$7kW2zTBqU4D0qFNnmVHybOBpxFnP2JeN8BUQjOnBc0F.Y/xMw5R5y
+  dns:
+    container_name: ca-lose-dns
+    image: jpillora/dnsmasq
+    restart: unless-stopped
     volumes:
-      - ./wireguard-data:/etc/wireguard
-    ports:
-      - "51830:51820/udp" # WireGuard extern erreichbar auf Port 51830
-      - "127.0.0.1:51821:51821/tcp" # Web-UI nur lokal erreichbar
+      - ./dnsmasq.conf:/etc/dnsmasq.conf:ro
+    networks:
+      ca-lose-internal:
+        ipv4_address: 172.25.0.2
+
+  wireguard:
+    image: lscr.io/linuxserver/wireguard:latest
+    container_name: ca-lose-wireguard
     cap_add:
       - NET_ADMIN
       - SYS_MODULE
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+      - SERVERURL=dus3.the1s.de
+      - SERVERPORT=51830
+      - PEERS=2
+      - PEERDNS=172.25.0.2
+      - INTERNAL_SUBNET=10.13.13.0
+      - ALLOWEDIPS=172.25.0.0/24
+      - PERSISTENTKEEPALIVE_PEERS=25
+      - LOG_CONFS=true
+    volumes:
+      - ./wireguard-config:/config
+      - /lib/modules:/lib/modules
+    ports:
+      - 51830:51830/udp
     sysctls:
-      - net.ipv4.ip_forward=1
       - net.ipv4.conf.all.src_valid_mark=1
+    restart: unless-stopped
     networks:
       - ca-lose-internal
       - proxynet
-    restart: unless-stopped
 
 volumes:
   ca-lose_mysql: