version: '3.3'

services: 
  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=${TIMEZONE}
      - SERVERURL=auto
      - SERVERPORT=51821
      - PEERS=1 #optional
      - PEERDNS=auto #optional
      - INTERNAL_SUBNET=10.13.13.0 #optional
      - ALLOWEDIPS=0.0.0.0/0 #optional
      - PERSISTENTKEEPALIVE_PEERS=all #optional
      - LOG_CONFS=true #optional
    volumes:
      - ${HOME_DIR}/${CONTAINER_NAME}/config:/config
      - /lib/modules:/lib/modules #optional
    ports:
      - ${PORT_WIREGUARD}:51821/udp
    env_file:
      - path: ./wireguard.env
        required: true
      - path: ../global.env
        required: true
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped