services:
  wg-easy:
    image: ghcr.io/wg-easy/wg-easy:latest
    container_name: wg-easy
    environment:
      - PASSWORD_HASH=$$2a$$12$$OJUgCywoc/JuPvTO4hOzi.6toYnROQWdqYxnYCf5FSw2WSeygQF9K
      - WG_HOST=wireguard.davydovcloud.com
      - WG_DEVICE=${WG_DEVICE}
      - WG_ALLOWED_IPS=${WG_ALLOWED_IPS}
      - WG_DEFAULT_DNS=${WG_DEFAULT_DNS}
      - WG_DEFAULT_ADDRESS=${WG_DEFAULT_ADDRESS}
      - WG_PERSISTENT_KEEPALIVE=25
      - UI_TRAFFIC_STATS=true
      - PEERDNS=auto
    volumes:
      - ${CONFIG_PATH}:/etc/wireguard
      - /lib/modules:/lib/modules:ro
    ports:
      - "${SVC_PORT_1}:51820/udp"
      - "${SVC_PORT_2}:51821/tcp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1