services:
  app:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard-gateway
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=${WIREGUARD_PUID}
      - PGID=${WIREGUARD_PGID}
      - TZ=${WIREGUARD_TZ}
      - SERVERURL=${WIREGUARD_SERVERURL}
      - SERVERPORT=51820
      - PEERS=${WIREGUARD_PEERS}
      - PEERDNS=${WIREGUARD_DNS}
      - INTERNAL_SUBNET=${WIREGUARD_SUBNET}
    volumes:
      - /home/${WIREGUARD_USERNAME}/wireguard-gateway/config:/config
      - /lib/modules:/lib/modules
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv4.ip_forward=1
    healthcheck:
      test: ["CMD-SHELL", "wg show wg0 || exit 1"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 15s
    deploy:
      resources:
        limits:
          memory: 512m
    restart: unless-stopped