feat(config): read Wireguard config from secret

- defaults to `/run/secrets/wg0.conf`
- can be changed with variable `WIREGUARD_CONF_SECRETFILE`

internal/configuration/sources/secrets/reader.go

@@ -1,6 +1,7 @@
 package secrets
 
 import (
+	"fmt"
 	"os"
 
 	"github.com/qdm12/gluetun/internal/configuration/settings"
@@ -36,5 +37,10 @@ func (s *Source) Read() (settings settings.Settings, err error) {
 		return settings, err
 	}
 
+	settings.VPN.Wireguard, err = s.readWireguard()
+	if err != nil {
+		return settings, fmt.Errorf("reading Wireguard: %w", err)
+	}
+
 	return settings, nil
 }

internal/configuration/sources/secrets/wireguard.go

@@ -0,0 +1,21 @@
+package secrets
+
+import (
+	"fmt"
+
+	"github.com/qdm12/gluetun/internal/configuration/settings"
+	"github.com/qdm12/gluetun/internal/configuration/sources/files"
+)
+
+func (s *Source) readWireguard() (settings settings.Wireguard, err error) {
+	wireguardConf, err := s.readSecretFileAsStringPtr(
+		"WIREGUARD_CONF_SECRETFILE",
+		"/run/secrets/wg0.conf",
+	)
+	if err != nil {
+		return settings, fmt.Errorf("reading Wireguard conf secret file: %w", err)
+	} else if wireguardConf != nil {
+		return files.ParseWireguardConf([]byte(*wireguardConf))
+	}
+	return settings, nil
+}