JoshStark · July 30, 2025 20:30
diff --git a/allow_lan.sh b/allow_lan.sh
 #!/bin/bash

 set -x

 DROUTE=$(ip route | grep default | awk '{print $3}')
 HOMENET=192.168.0.0/24
 DOCKERNET=172.20.0.0/16

 ip route add $HOMENET   via $DROUTE
 ip route add $DOCKERNET via $DROUTE

 iptables -I OUTPUT -d $HOMENET   -j ACCEPT
 iptables -I OUTPUT -d $DOCKERNET -j ACCEPT

 iptables -A OUTPUT ! -o $1 -m mark ! --mark $(wg show $1 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
diff --git a/docker-compose.yml b/docker-compose.yml
 services:
  wireguard_client:
    image: lscr.io/linuxserver/wireguard
    container_name: wireguard_client
    networks:
      - whatever_shared_network
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
    volumes:
      - /opt/appdata/wireguard:/config
      - /lib/modules:/lib/modules
    ports:
      - 8989:8989   # Sonarr
      - 9191:9191   # Sonarr4K
      - 7878:7878   # Radarr
      - 4201:6789   # NzbGet
      - 9696:9696   # Prowlarr
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv6.conf.all.disable_ipv6=1
      - net.ipv6.conf.default.disable_ipv6=1
    restart: unless-stopped
    
  prowlarr:
    image: lscr.io/linuxserver/prowlarr:nightly
    container_name: prowlarr
    network_mode: service:wireguard_client
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
    volumes:
      - /opt/appdata/prowlarr:/config
    restart: unless-stopped
    
 networks:
  whatever_shared_network:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 172.20.0.0/16
          gateway: 172.20.0.1
diff --git a/reset_lan.sh b/reset_lan.sh
 #!/bin/bash

 set -x

 HOMENET=192.168.0.0/24
 DOCKERNET=172.20.0.0/16

 ip route delete $HOMENET
 ip route delete $DOCKERNET

 iptables -D OUTPUT ! -o $1 -m mark ! --mark $(wg show $1 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT;

 iptables -D OUTPUT -d $HOMENET   -j ACCEPT
 iptables -D OUTPUT -d $DOCKERNET -j ACCEPT
diff --git a/wg0.conf b/wg0.conf
 [Interface]
 PrivateKey = <YOUR_DEVICE_PRIVATE_KEY>
 Address = <WHATEVER_ADDRESS_IS_PROVIDED_BY_VPN>
 DNS = 10.64.0.1
 PostUp = /config/scripts/allow_lan.sh "%i"
 PreDown = /config/scripts/reset_lan.sh "%i"

 [Peer]
 PublicKey = PLpO9ikFX1garSFaeUpo7XVSMrILrTB8D9ZwQt6Zgwk=
 AllowedIPs = 0.0.0.0/0
 Endpoint = 185.195.232.67:51820
	#!/bin/bash

	set -x

	DROUTE=$(ip route \| grep default \| awk '{print $3}')
	HOMENET=192.168.0.0/24
	DOCKERNET=172.20.0.0/16

	ip route add $HOMENET via $DROUTE
	ip route add $DOCKERNET via $DROUTE

	iptables -I OUTPUT -d $HOMENET -j ACCEPT
	iptables -I OUTPUT -d $DOCKERNET -j ACCEPT

	iptables -A OUTPUT ! -o $1 -m mark ! --mark $(wg show $1 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
	services:
	wireguard_client:
	image: lscr.io/linuxserver/wireguard
	container_name: wireguard_client
	networks:
	- whatever_shared_network
	cap_add:
	- NET_ADMIN
	- SYS_MODULE
	environment:
	- PUID=1000
	- PGID=1000
	- TZ=Europe/London
	volumes:
	- /opt/appdata/wireguard:/config
	- /lib/modules:/lib/modules
	ports:
	- 8989:8989 # Sonarr
	- 9191:9191 # Sonarr4K
	- 7878:7878 # Radarr
	- 4201:6789 # NzbGet
	- 9696:9696 # Prowlarr
	sysctls:
	- net.ipv4.conf.all.src_valid_mark=1
	- net.ipv6.conf.all.disable_ipv6=1
	- net.ipv6.conf.default.disable_ipv6=1
	restart: unless-stopped

	prowlarr:
	image: lscr.io/linuxserver/prowlarr:nightly
	container_name: prowlarr
	network_mode: service:wireguard_client
	environment:
	- PUID=1000
	- PGID=1000
	- TZ=Europe/London
	volumes:
	- /opt/appdata/prowlarr:/config
	restart: unless-stopped

	networks:
	whatever_shared_network:
	driver: bridge
	ipam:
	driver: default
	config:
	- subnet: 172.20.0.0/16
	gateway: 172.20.0.1
	[Interface]
	PrivateKey = <YOUR_DEVICE_PRIVATE_KEY>
	Address = <WHATEVER_ADDRESS_IS_PROVIDED_BY_VPN>
	DNS = 10.64.0.1
	PostUp = /config/scripts/allow_lan.sh "%i"
	PreDown = /config/scripts/reset_lan.sh "%i"

	[Peer]
	PublicKey = PLpO9ikFX1garSFaeUpo7XVSMrILrTB8D9ZwQt6Zgwk=
	AllowedIPs = 0.0.0.0/0
	Endpoint = 185.195.232.67:51820