jeffemmett
/
clip-forge
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add WireGuard tunnel for YouTube downloads through residential IP 

YouTube blocks datacenter IPs. This adds a WireGuard client sidecar
to route worker traffic through a home residential IP tunnel.
- wireguard/ has the WG server config (runs on WSL2 at home)
- Worker uses network_mode: service:wireguard for tunnel routing
- wg-client/ and cookies.txt added to .gitignore (contain secrets)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jeff Emmett 2026-02-09 19:58:39 +00:00
parent 0e4eec4f12
commit 19468aeac8
3 changed files with 48 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -7,3 +7,6 @@ dist/
data/ data/
*.egg-info/ *.egg-info/
.DS_Store .DS_Store
cookies.txt
wg-client/
wireguard/config/

23
docker-compose.yml
View File

@ -51,12 +51,31 @@ services:
- default - default
- traefik-public - traefik-public
wireguard:
image: lscr.io/linuxserver/wireguard:latest
container_name: clipforge-wg
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
volumes:
- ./wg-client:/config
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
extra_hosts:
- "host.docker.internal:host-gateway"
restart: unless-stopped
worker: worker:
build: build:
context: ./backend context: ./backend
dockerfile: Dockerfile dockerfile: Dockerfile
restart: unless-stopped restart: unless-stopped
command: ["arq", "app.worker.WorkerSettings"] command: ["arq", "app.worker.WorkerSettings"]
network_mode: "service:wireguard"
env_file: .env env_file: .env
environment: environment:
- DATABASE_URL=${DATABASE_URL:-postgresql+asyncpg://clipforge:changeme_clipforge_2025@postgres:5432/clipforge} - DATABASE_URL=${DATABASE_URL:-postgresql+asyncpg://clipforge:changeme_clipforge_2025@postgres:5432/clipforge}
@ -66,12 +85,12 @@ services:
- media_data:/data - media_data:/data
- ./cookies.txt:/app/cookies.txt - ./cookies.txt:/app/cookies.txt
depends_on: depends_on:
wireguard:
condition: service_started
postgres: postgres:
condition: service_healthy condition: service_healthy
redis: redis:
condition: service_healthy condition: service_healthy
extra_hosts:
- "host.docker.internal:host-gateway"
frontend: frontend:
build: build:

24
wireguard/docker-compose.yml Normal file
View File

@ -0,0 +1,24 @@
services:
wireguard:
image: lscr.io/linuxserver/wireguard:latest
container_name: wg-server
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1000
- PGID=1000
- TZ=America/Toronto
- SERVERURL=auto
- SERVERPORT=51820
- PEERS=netcup
- PEERDNS=1.1.1.1
- ALLOWEDIPS=0.0.0.0/0
volumes:
- ./config:/config
ports:
- 51820:51820/udp
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
restart: unless-stopped