This is wonderful! I wish I could upvote this 10 times. This clearly took a huge amount of work to write and also to verify (which they clearly did!), and I hope OP knows how much I recognize and appreciate that!
This is exactly what I wish we got more from blog posts. It covers all the things for a real world complex yet simplified (as much as possible without negating the value of the tutorial by skipping important steps) and does some really cool things like run GUI apps in containers by passing in Wayland display socket (and a serious GUI app - an RDP client connecting to a remote machine over the wg tunnel, and a browser (Firefox) with audio!), access the host SSH agent, set up a real-world wireguard tunnel that does IP forwarding, etc.
OP, I hadn't heard of Custodibus before, but it sounds useful and I love that there's a GPL community version. I'll be testing it out and you may have also won yourself a customer, gatewayed from this blog post :-)
First, obligatory: Bingo:) (All the cool new tech in one title)
But super cool; there's something really appealing about creating what I would call thin clients in containers - this should even make it easy to have, say, multiple browsers open, each on a different network.
I do the same X + Wayland + PulseAudio socket mounted inside a (Podman, not Docker) container thing for sandboxing GUI programs like Steam, so that they do not have access to any host resources (especially the filesystem, which Steam has a reputation for not handling well :) ) unless I specifically allow it.
freedomben ·2 hours ago
This is exactly what I wish we got more from blog posts. It covers all the things for a real world complex yet simplified (as much as possible without negating the value of the tutorial by skipping important steps) and does some really cool things like run GUI apps in containers by passing in Wayland display socket (and a serious GUI app - an RDP client connecting to a remote machine over the wg tunnel, and a browser (Firefox) with audio!), access the host SSH agent, set up a real-world wireguard tunnel that does IP forwarding, etc.
OP, I hadn't heard of Custodibus before, but it sounds useful and I love that there's a GPL community version. I'll be testing it out and you may have also won yourself a customer, gatewayed from this blog post :-)
yjftsjthsd-h ·3 hours ago
But super cool; there's something really appealing about creating what I would call thin clients in containers - this should even make it easy to have, say, multiple browsers open, each on a different network.
Arnavion ·2 hours ago
Show replies
candiddevmike ·2 hours ago
Show replies