version: "3"
services:
  wg-easy:
    image: weejewel/wg-easy
    container_name: wireguard_wg-easy
    restart: unless-stopped
    env_file:
      - .secret
    ports:
      - 53820:51820/udp
    environment:
      - WG_HOST=vpn.jafner.net
      - PASSWORD=${PASSWORD}
    networks:
      - web
    volumes:
      - ${DOCKER_DATA}/wg-easy:/etc/wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv4.ip_forward=1
    labels:
      - traefik.http.routers.wg-easy.rule=Host(`vpn.jafner.net`)
      - traefik.http.routers.wg-easy.tls.certresolver=lets-encrypt
      - traefik.http.services.wg-easy.loadbalancer.server.port=51821

networks:
  web:
    external: true