version: "3.7"
services:
  wg-easy:
    container_name: wg-easy
    image: weejewel/wg-easy:7
    restart: unless-stopped
    volumes:
      - ${APP_DATA_DIR}/data:/etc/wireguard
    ports:
      - 51820:51820/udp
      - ${APP_PORT}:51821/tcp
    environment:
      WG_HOST: "${WIREGUARD_HOST}"
      PASSWORD: "${WIREGUARD_PASSWORD}"
      WG_DEFAULT_DNS: "${WIREGUARD_DNS:-8.8.8.8}"
      WG_ALLOWED_IPS: 0.0.0.0/0, ::/0
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv4.ip_forward=1
    networks:
      - tipi_main_network
    labels:
      traefik.enable: ${APP_EXPOSED}
      traefik.http.routers.wg-easy.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.wg-easy.entrypoints: websecure
      traefik.http.routers.wg-easy.service: wg-easy
      traefik.http.routers.wg-easy.tls.certresolver: myresolver
      traefik.http.services.wg-easy.loadbalancer.server.port: 51821