Flipped WG topology to avoid WSL2 UDP port forwarding issues:
- Netcup is now WG server (has public IP, listens on UDP 51820)
- Home WSL2 is WG client (connects outbound, no port forwarding needed)
- Home client NAT masquerades worker traffic through residential IP
- AllowedIPs=0.0.0.0/0 routes all worker internet through tunnel
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
YouTube blocks datacenter IPs. This adds a WireGuard client sidecar
to route worker traffic through a home residential IP tunnel.
- wireguard/ has the WG server config (runs on WSL2 at home)
- Worker uses network_mode: service:wireguard for tunnel routing
- wg-client/ and cookies.txt added to .gitignore (contain secrets)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett