FROM rockylinux/rockylinux:10

RUN dnf install -y epel-release && \
    dnf install -y \
        wireguard-tools \
        iptables \
        iproute \
        curl \
        procps-ng \
        && dnf clean all

# Copy WireGuard config (exported from Mullvad website)
COPY wg0.conf /etc/wireguard/wg0.conf
RUN chmod 600 /etc/wireguard/wg0.conf

# Kill switch: only allow traffic through the VPN tunnel
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

ENTRYPOINT ["/entrypoint.sh"]