services:
  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    restart: unless-stopped
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Paris
      - SERVERURL=vpn.mrdev023.fr
      - SERVERPORT={{ server.vpn.port }}
      - ALLOWEDIPS={{ server.vpn.subnet }}
      - PEERDNS={{ server.vpn.dns_ip }}
      - PEERS={{ server.vpn.peers }}
      - LOG_CONFS=false
    volumes:
      - {{ server.work_dir }}/wireguard/base:/config
      - /lib/modules:/lib/modules
    ports:
      - {{ server.vpn.port }}:51820/udp
    networks:
      vpn:
        ipv4_address: {{ server.vpn.ip }}
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1

  adguardhome:
    image: adguard/adguardhome:latest
    restart: unless-stopped
    container_name: adguardhome
    volumes:
      - {{ server.work_dir }}/adguardhome/work:/opt/adguardhome/work
      - {{ server.work_dir }}/adguardhome/conf:/opt/adguardhome/conf
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.adguardhome-secure.entrypoints=https"
      - "traefik.http.routers.adguardhome-secure.rule=Host(`dns.{{ server.domain }}`)"
      - "traefik.http.routers.adguardhome-secure.tls=true"
      - "traefik.http.routers.adguardhome-secure.tls.certresolver=sslResolver"
      - "traefik.http.routers.adguardhome-secure.middlewares=private-network@file"
      - "traefik.http.services.adguardhome.loadbalancer.server.port=80"
      - "traefik.docker.network=proxy"
    networks:
      proxy: {}
      vpn:
        ipv4_address: {{ server.vpn.dns_ip }}
    logging:
      driver: loki
      options:
        loki-url: "https://lokidoki:vEGH5Z5siWgcDkNknvCVzPCyqhHSBJCBjeBRZJvxUP8SdgfxJ6AqCGutCWugGsx5@loki.mrdev023.fr/loki/api/v1/push"
        mode: non-blocking

networks:
  proxy:
    external: true
  vpn:
    external: true