version: "3.7"
services:
  wg-easy:
    container_name: wg-easy
    image: weejewel/wg-easy:7
    restart: unless-stopped
    volumes:
      - ${APP_DATA_DIR}/data:/etc/wireguard
      - /lib/modules:/lib/modules
    ports:
      - 51822:51820/udp
      - ${APP_PORT}:51821/tcp
    environment:
      WG_HOST: "${WIREGUARD_HOST}"
      PASSWORD: "${WIREGUARD_PASSWORD}"
      WG_ALLOWED_IPS: 0.0.0.0/0,::/0
      WG_PORT: 51822
      WG_DEFAULT_DNS: "${WIREGUARD_DNS:-8.8.8.8}"
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    dns:
      - "${WIREGUARD_DNS:-8.8.8.8}"
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv4.ip_forward=1
    networks:
      - tipi_main_network
    # labels:
    #   traefik.enable: true
    #   traefik.http.routers.wireguard.rule: Host(`wireguard.tipi.home`)
    #   traefik.http.routers.wireguard.service: wireguard
    #   traefik.http.routers.wireguard.tls: true
    #   traefik.http.routers.wireguard.entrypoints: websecure
    #   traefik.http.services.wireguard.loadbalancer.server.port: 51821