version: "3.8"

services:
  wireguard:
    build:
      context: .
      dockerfile: Dockerfile
    image: wg-easy-iptables-nft:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - WG_HOST=vpn.lazyworkhorse.net
      - PASSWORD=${WG_PASSWORD}
      - WG_PORT=51820
      - WG_DEFAULT_ADDRESS=10.8.0.x
      - WG_DEFAULT_DNS=1.1.1.1,8.8.8.8
      - WG_ALLOWED_IPS=0.0.0.0/0, ::/0
      - WG_PERSISTENT_KEEPALIVE=25
      - UI_TRAFFIC_STATS=true
      - UI_CHART_TYPE=0
    ports:
      - "51820:51820/udp"
      - "51821:51821/tcp"
    volumes:
      - /mnt/HoardingCow_docker_data/WireGuard:/etc/wireguard:rw
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv4.ip_forward=1
    restart: unless-stopped
    networks:
      - vpn_net

networks:
  vpn_net:
    external: true
    name: vpn_net