services:
  wg-easy:
    image: ghcr.io/wg-easy/wg-easy
    container_name: wg-easy
    environment:
      - WG_HOST=${HOST}
      - WG_DEFAULT_DNS=192.168.0.1, fritz.box
      - WG_ALLOWED_IPS=10.8.0.0/24, 192.168.0.0/24
      - PASSWORD_HASH=${HASH}
    volumes:
      - ./wg-easy:/etc/wireguard
    ports:
      - "51820:51820/udp"
      - "51821:51821/tcp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1