version: '3'

services:
  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Paris
      - SERVERURL=vpn.mrdev023.fr
      - SERVERPORT={{ server.vpn.port }}
      - ALLOWEDIPS={{ server.vpn.subnet }}
      - PEERDNS=8.8.8.8
      - PEERS={{ server.vpn.peers }}
      - LOG_CONFS=false
    volumes:
      - {{ server.work_dir }}/wireguard/base:/config
      - /lib/modules:/lib/modules
    ports:
      - {{ server.vpn.port }}:{{ server.vpn.port }}/udp
    networks:
      vpn:
        ipv4_address: {{ server.vpn.ip }}
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped

networks:
  vpn:
    external: true