#volumes:
 # etc_wireguard:

services:
  wg-easy:
    environment:
    #  Optional:
      - PORT=51821
    #  - HOST=0.0.0.0
      - INSECURE=true
      - INIT_PORT= 35101

    image: ghcr.io/wg-easy/wg-easy:15
    container_name: wg-easy
    networks:
      overlay_net:
        ipv4_address: 11.200.0.5
        #ipv6_address: fdcc:ad94:bacf:61a3::2a
    volumes:
      - /app/wg-easy/db:/etc/wireguard
#      - etc_wireguard:/etc/wireguard
      - /lib/modules:/lib/modules:ro
    ports:
      - "35101:35101/udp"
      - "51821:51821/tcp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
      # - NET_RAW # ⚠️ Uncomment if using Podman
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
  #    - net.ipv6.conf.all.disable_ipv6=0
 #     - net.ipv6.conf.all.forwarding=1
#      - net.ipv6.conf.default.forwarding=1


networks:
  overlay_net:
    external: true