Rewrite README for fork: strip LSIO branding, add IPv6 GUA docs

* Replace linuxserver.io header badges and boilerplate with a fork
  notice block pointing back to upstream for unrelated issues.
* Add "Changes from upstream" section summarising the single delta
  (IP6_SUBNET / IPv6 GUA support) and linking to the detailed section.
* Add full "IPv6 GUA Support" section with host-mode and bridge-mode
  setup instructions, complete docker-compose examples, and notes on
  ephemeral host routes and required router configuration.
* Add IP6_SUBNET to both the docker-compose and docker cli example
  blocks, the Parameters table, and the Server Mode regeneration-
  trigger variable list.
* Update image references throughout from lscr.io/linuxserver/wireguard
  to ohshitgorillas/wireguard; update git clone URL in "Building
  locally" to point at this fork.
* Remove linuxserver-specific sections: Docker Mods badge block,
  upstream image version check, Diun update-notification tip, and the
  generic "most of our images are static" preamble in Updating Info.
* Retain references to linuxserver docs/utilities that are still valid
  (read-only docs, qemu-static image, historical changelog entries).

https://claude.ai/code/session_01QdSdYNzFJjZVymw6NNbGP5

Author: claude

README.md

@@ -1,50 +1,24 @@
-<!-- DO NOT EDIT THIS FILE MANUALLY -->
-<!-- Please read https://github.com/linuxserver/docker-wireguard/blob/master/.github/CONTRIBUTING.md -->
-[![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)](https://linuxserver.io)
-
-[![Blog](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Blog)](https://blog.linuxserver.io "all the things you can do with our containers including How-To guides, opinions and much more!")
-[![Discord](https://img.shields.io/discord/354974912613449730.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Discord&logo=discord)](https://linuxserver.io/discord "realtime support / chat with the community and the team.")
-[![Discourse](https://img.shields.io/discourse/https/discourse.linuxserver.io/topics.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=discourse)](https://discourse.linuxserver.io "post on our community forum.")
-[![GitHub](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub&logo=github)](https://github.com/linuxserver "view the source for all of our repositories.")
-[![Open Collective](https://img.shields.io/opencollective/all/linuxserver.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Supporters&logo=open%20collective)](https://opencollective.com/linuxserver "please consider helping us by either donating or contributing to our budget")
-
-The [LinuxServer.io](https://linuxserver.io) team brings you another container release featuring:
-
-* regular and timely application updates
-* easy user mappings (PGID, PUID)
-* custom base image with s6 overlay
-* weekly base OS updates with common layers across the entire LinuxServer.io ecosystem to minimise space usage, down time and bandwidth
-* regular security updates
-
-Find us at:
-
-* [Blog](https://blog.linuxserver.io) - all the things you can do with our containers including How-To guides, opinions and much more!
-* [Discord](https://linuxserver.io/discord) - realtime support / chat with the community and the team.
-* [Discourse](https://discourse.linuxserver.io) - post on our community forum.
-* [GitHub](https://github.com/linuxserver) - view the source for all of our repositories.
-* [Open Collective](https://opencollective.com/linuxserver) - please consider helping us by either donating or contributing to our budget
-
-# [linuxserver/wireguard](https://github.com/linuxserver/docker-wireguard)
-
-[![Scarf.io pulls](https://scarf.sh/installs-badge/linuxserver-ci/linuxserver%2Fwireguard?color=94398d&label-color=555555&logo-color=ffffff&style=for-the-badge&package-type=docker)](https://scarf.sh)
-[![GitHub Stars](https://img.shields.io/github/stars/linuxserver/docker-wireguard.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-wireguard)
-[![GitHub Release](https://img.shields.io/github/release/linuxserver/docker-wireguard.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-wireguard/releases)
-[![GitHub Package Repository](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub%20Package&logo=github)](https://github.com/linuxserver/docker-wireguard/packages)
-[![GitLab Container Registry](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitLab%20Registry&logo=gitlab)](https://gitlab.com/linuxserver.io/docker-wireguard/container_registry)
-[![Quay.io](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Quay.io)](https://quay.io/repository/linuxserver.io/wireguard)
-[![Docker Pulls](https://img.shields.io/docker/pulls/linuxserver/wireguard.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=pulls&logo=docker)](https://hub.docker.com/r/linuxserver/wireguard)
-[![Docker Stars](https://img.shields.io/docker/stars/linuxserver/wireguard.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=stars&logo=docker)](https://hub.docker.com/r/linuxserver/wireguard)
-[![Jenkins Build](https://img.shields.io/jenkins/build?labelColor=555555&logoColor=ffffff&style=for-the-badge&jobUrl=https%3A%2F%2Fci.linuxserver.io%2Fjob%2FDocker-Pipeline-Builders%2Fjob%2Fdocker-wireguard%2Fjob%2Fmaster%2F&logo=jenkins)](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-wireguard/job/master/)
+# docker-wireguard
+
+> **Fork notice:** This is a community fork of [linuxserver/docker-wireguard](https://github.com/linuxserver/docker-wireguard).
+> It is **not** an official LinuxServer.io image. Issues specific to this fork (IPv6 GUA support) should be
+> filed here. General WireGuard container issues should be reported [upstream](https://github.com/linuxserver/docker-wireguard/issues).
 
 [WireGuard®](https://www.wireguard.com/) is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.
 
 [![wireguard](https://www.wireguard.com/img/wireguard.svg)](https://www.wireguard.com/)
 
-## Supported Architectures
+## Changes from upstream
+
+This fork adds one feature on top of the upstream linuxserver image:
 
-We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://distribution.github.io/distribution/spec/manifest-v2-2/#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/).
+* **IPv6 GUA (Global Unicast Address) support** — set the `IP6_SUBNET` environment variable to give the WireGuard tunnel a dual-stack (IPv4 + IPv6) configuration. The server gets `::1/128`; peers are assigned sequential `/128` addresses (`::2`, `::3`, …). The feature is entirely opt-in: omitting `IP6_SUBNET` produces behaviour identical to upstream. See the [IPv6 GUA Support](#ipv6-gua-global-unicast-address-support) section below for full setup instructions.
 
-Simply pulling `lscr.io/linuxserver/wireguard:latest` should retrieve the correct image for your arch, but you can also pull specific arch images via tags.
+Everything else — base image, s6 init, CoreDNS, key management, QR code generation — is unchanged from upstream.
+
+## Supported Architectures
+
+This fork is not published to a container registry. Build the image locally using the instructions in [Building locally](#building-locally). The upstream linuxserver image supports multi-platform builds via Docker manifest; the same applies here.
 
 The architectures supported by this image are:
 
@@ -67,7 +41,7 @@ Some hosts may not load the iptables kernel modules by default. In order for the
 
 If the environment variable `PEERS` is set to a number or a list of strings separated by comma, the container will run in server mode and the necessary server and peer/client confs will be generated. The peer/client config qr codes will be output in the docker log if `LOG_CONFS` is set to `true`. They will also be saved in text and png format under `/config/peerX` in case `PEERS` is a variable and an integer or `/config/peer_X` in case a list of names was provided instead of an integer.
 
-Variables `SERVERURL`, `SERVERPORT`, `INTERNAL_SUBNET`, `PEERDNS`, `INTERFACE`, `ALLOWEDIPS` and `PERSISTENTKEEPALIVE_PEERS` are optional variables used for server mode. Any changes to these environment variables will trigger regeneration of server and peer confs. Peer/client confs will be recreated with existing private/public keys. Delete the peer folders for the keys to be recreated along with the confs.
+Variables `SERVERURL`, `SERVERPORT`, `INTERNAL_SUBNET`, `PEERDNS`, `INTERFACE`, `ALLOWEDIPS`, `PERSISTENTKEEPALIVE_PEERS` and `IP6_SUBNET` are optional variables used for server mode. Any changes to these environment variables will trigger regeneration of server and peer confs. Peer/client confs will be recreated with existing private/public keys. Delete the peer folders for the keys to be recreated along with the confs.
 
 To add more peers/clients later on, you increment the `PEERS` environment variable or add more elements to the list and recreate the container.
 
@@ -83,6 +57,95 @@ Do not set the `PEERS` environment variable. Drop your client conf(s) into the c
 
 If you get IPv6 related errors in the log and connection cannot be established, edit the `AllowedIPs` line in your peer/client wg0.conf to include only `0.0.0.0/0` and not `::/0`; and restart the container.
 
+## IPv6 GUA (Global Unicast Address) Support
+
+WireGuard supports optional dual-stack (IPv4+IPv6) tunnel configuration via the `IP6_SUBNET` environment variable. When set, both the server and all peers receive an IPv6 GUA address in addition to their IPv4 address. IPv6 is disabled by default; existing IPv4-only configurations continue to work without modification.
+
+`SYS_MODULE` capability **must** be added to `cap_add` when using IPv6. A static IPv6 route must also be configured on your router pointing `IP6_SUBNET` to your host — this is required for both host and bridge modes. Without the router route, IPv6 traffic will not reach your WireGuard peers.
+
+### Host Mode
+
+Enable IPv6 forwarding on the host by adding the following sysctls to your docker-compose:
+
+```yaml
+sysctls:
+  - net.ipv4.conf.all.src_valid_mark=1
+  - net.ipv6.conf.all.disable_ipv6=0
+  - net.ipv6.conf.all.forwarding=1
+```
+
+Configure a static IPv6 route on your router pointing `IP6_SUBNET` to the host device IP.
+
+Example (host mode):
+
+```yaml
+services:
+  wireguard:
+    image: ohshitgorillas/wireguard:latest
+    container_name: wireguard
+    network_mode: host
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    volumes:
+      - /path/to/wireguard/config:/config
+      - /lib/modules:/lib/modules
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1
+      - net.ipv6.conf.all.disable_ipv6=0
+      - net.ipv6.conf.all.forwarding=1
+    environment:
+      - PEERS=3
+      - SERVERURL=wireguard.domain.com
+      - IP6_SUBNET=2001:db8:b00b:420::
+      - PEERDNS=8.8.8.8,2001:4860:4860::8888
+    restart: unless-stopped
+```
+
+### Bridge Mode
+
+Create an external Docker network with IPv6 support:
+
+```bash
+docker network create --ipv6 --subnet 2001:db8:1::/64 wireguard_net
+```
+
+Add a static IPv6 route on the host pointing `IP6_SUBNET` to the Docker network gateway. **Note:** host routes added via `ip route` are ephemeral — you must make them persistent via your system's network configuration or they will be lost on reboot.
+
+```bash
+sudo ip -6 route add 2001:db8:b00b:420::/64 via <docker_network_gateway>
+```
+
+Configure a static IPv6 route on your router pointing `IP6_SUBNET` to the host device IP.
+
+Example (bridge mode):
+
+```yaml
+services:
+  wireguard:
+    image: ohshitgorillas/wireguard:latest
+    container_name: wireguard
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    ports:
+      - 51820:51820/udp
+    volumes:
+      - /path/to/wireguard/config:/config
+      - /lib/modules:/lib/modules
+    networks:
+      wireguard_net:
+    environment:
+      - PEERS=3
+      - SERVERURL=wireguard.domain.com
+      - IP6_SUBNET=2001:db8:b00b:420::
+      - PEERDNS=8.8.8.8,2001:4860:4860::8888
+    restart: unless-stopped
+networks:
+  wireguard_net:
+    external: true
+```
+
 ## Road warriors, roaming and returning home
 
 If you plan to use Wireguard both remotely and locally, say on your mobile phone, you will need to consider routing. Most firewalls will not route ports forwarded on your WAN interface correctly to the LAN out of the box. This means that when you return home, even though you can see the Wireguard server, the return packets will probably get lost.
@@ -141,7 +204,7 @@ To help you get started creating a container from this image you can either use
 ---
 services:
   wireguard:
-    image: lscr.io/linuxserver/wireguard:latest
+    image: ohshitgorillas/wireguard:latest
     container_name: wireguard
     cap_add:
       - NET_ADMIN
@@ -155,6 +218,7 @@ services:
       - PEERS=1 #optional
       - PEERDNS=auto #optional
       - INTERNAL_SUBNET=10.13.13.0 #optional
+      - IP6_SUBNET= #optional - e.g. 2001:db8:b00b:420::
       - ALLOWEDIPS=0.0.0.0/0 #optional
       - PERSISTENTKEEPALIVE_PEERS= #optional
       - LOG_CONFS=true #optional
@@ -183,6 +247,7 @@ docker run -d \
   -e PEERS=1 `#optional` \
   -e PEERDNS=auto `#optional` \
   -e INTERNAL_SUBNET=10.13.13.0 `#optional` \
+  -e IP6_SUBNET= `#optional - e.g. 2001:db8:b00b:420::` \
   -e ALLOWEDIPS=0.0.0.0/0 `#optional` \
   -e PERSISTENTKEEPALIVE_PEERS= `#optional` \
   -e LOG_CONFS=true `#optional` \
@@ -191,7 +256,7 @@ docker run -d \
   -v /lib/modules:/lib/modules `#optional` \
   --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
   --restart unless-stopped \
-  lscr.io/linuxserver/wireguard:latest
+  ohshitgorillas/wireguard:latest
 ```
 
 ## Parameters
@@ -209,6 +274,7 @@ Containers are configured using parameters passed at runtime (such as those abov
 | `-e PEERS=1` | Number of peers to create confs for. Required for server mode. Can also be a list of names: `myPC,myPhone,myTablet` (alphanumeric only) |
 | `-e PEERDNS=auto` | DNS server set in peer/client configs (can be set as `8.8.8.8`). Used in server mode. Defaults to `auto`, which uses wireguard docker host's DNS via included CoreDNS forward. |
 | `-e INTERNAL_SUBNET=10.13.13.0` | Internal subnet for the wireguard and server and peers (only change if it clashes). Used in server mode. |
+| `-e IP6_SUBNET=` | IPv6 subnet for dual-stack tunnel configuration (e.g. `2001:db8:b00b:420::`). Must end with `:`. Accepts optional CIDR prefix /64–/112. Server gets `::1/128`, peers get sequential `::2/128`, `::3/128`, etc. Requires `SYS_MODULE` cap and a static IPv6 route on your router. See [IPv6 GUA Support](#ipv6-gua-global-unicast-address-support). |
 | `-e ALLOWEDIPS=0.0.0.0/0` | The IPs/Ranges that the peers will be able to reach using the VPN connection. If not specified the default value is: '0.0.0.0/0, ::0/0' This will cause ALL traffic to route through the VPN, if you want split tunneling, set this to only the IPs you would like to use the tunnel AND the ip of the server's WG ip, such as 10.13.13.1. |
 | `-e PERSISTENTKEEPALIVE_PEERS=` | Set to `all` or a list of comma separated peers (ie. `1,4,laptop`) for the wireguard server to send keepalive packets to listed peers every 25 seconds. Useful if server is accessed via domain name and has dynamic IP. Used only in server mode. |
 | `-e LOG_CONFS=true` | Generated QR codes will be displayed in the docker log. Set to `false` to skip log output. |
@@ -258,12 +324,6 @@ Example output:
 uid=1000(your_user) gid=1000(your_user) groups=1000(your_user)
 ```
 
-## Docker Mods
-
-[![Docker Mods](https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=wireguard&query=%24.mods%5B%27wireguard%27%5D.mod_count&url=https%3A%2F%2Fraw.githubusercontent.com%2Flinuxserver%2Fdocker-mods%2Fmaster%2Fmod-list.yml)](https://mods.linuxserver.io/?mod=wireguard "view available mods for this container.") [![Docker Universal Mods](https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=universal&query=%24.mods%5B%27universal%27%5D.mod_count&url=https%3A%2F%2Fraw.githubusercontent.com%2Flinuxserver%2Fdocker-mods%2Fmaster%2Fmod-list.yml)](https://mods.linuxserver.io/?mod=universal "view available universal mods.")
-
-We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to enable additional functionality within the containers. The list of Mods available for this image (if any) as well as universal mods that can be applied to any one of our images can be accessed via the dynamic badges above.
-
 ## Support Info
 
 * Shell access whilst the container is running:
@@ -284,17 +344,9 @@ We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to
     docker inspect -f '{{ index .Config.Labels "build_version" }}' wireguard
     ```
 
-* Image version number:
-
-    ```bash
-    docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/wireguard:latest
-    ```
-
 ## Updating Info
 
-Most of our images are static, versioned, and require an image update and container recreation to update the app inside. With some exceptions (noted in the relevant readme.md), we do not recommend or support updating apps inside the container. Please consult the [Application Setup](#application-setup) section above to see if it is recommended for the image.
-
-Below are the instructions for updating containers:
+Rebuild the image and recreate the container to pick up changes:
 
 ### Via Docker Compose
 
@@ -332,11 +384,7 @@ Below are the instructions for updating containers:
 
 ### Via Docker Run
 
-* Update the image:
-
-    ```bash
-    docker pull lscr.io/linuxserver/wireguard:latest
-    ```
+* Rebuild the image (see [Building locally](#building-locally)).
 
 * Stop the running container:
 
@@ -357,22 +405,17 @@ Below are the instructions for updating containers:
     docker image prune
     ```
 
-### Image Update Notifications - Diun (Docker Image Update Notifier)
-
->[!TIP]
->We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported.
-
 ## Building locally
 
-If you want to make local modifications to these images for development purposes or just to customize the logic:
+Clone this fork and build:
 
 ```bash
-git clone https://github.com/linuxserver/docker-wireguard.git
+git clone https://github.com/ohshitgorillas/docker-wireguard.git
 cd docker-wireguard
 docker build \
   --no-cache \
   --pull \
-  -t lscr.io/linuxserver/wireguard:latest .
+  -t ohshitgorillas/wireguard:latest .
 ```
 
 The ARM variants can be built on x86_64 hardware and vice versa using `lscr.io/linuxserver/qemu-static`