---


services:
  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE #optional
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Samara
      - SERVERURL=88.80.32.24 #optional
      - SERVERPORT=35100 #optional
      - PEERS=20 #optional
      - PEERDNS=11.1.1.1 #optional
      - INTERNAL_SUBNET=11.1.1.0 #optional
      - ALLOWEDIPS=0.0.0.0/0 #optional
      - PERSISTENTKEEPALIVE_PEERS=30 #optional
      - LOG_CONFS=true #optional
      - USE_COREDNS=false
    volumes:
      - /app/wg_bind/config:/config
    networks:
      net:
        ipv4_address: 11.200.0.1
    ports:
      - 53:53/udp
      - 53:53/tcp
      - 35100:35100/udp
    deploy:
      resources:
        limits:
          memory: 200M
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped
  bind:
    image: internetsystemsconsortium/bind9:9.18
    container_name: bind
    environment:
       - TZ=Europe/Samara
    volumes:
     - bind_conf:/etc/bind
#     - /app/wg_bind/bind_conf:/etc/bind
     - bind_log:/var/log/bind
#     - /app/wg_bind/bind_log:/var/log/bind
    network_mode: service:wireguard
    restart: unless-stopped
    depends_on:
      - wireguard
    deploy:
      resources:
        limits:
          memory: 300M


networks:
  net:
    name: overlay_net
    driver: bridge
    ipam:
      config:
        - subnet: 11.200.0.0/24
          ip_range: 11.200.0.128/25
          gateway: 11.200.0.254

volumes:
  bind_conf:
  bind_log: