version: "2.1"
services:
  wireguard:
    image: linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE #optional
    environment:
      - PUID=1001
      - PGID=1001
      - TZ=America/New_York
      # - SERVERURL=wireguard.domain.com #optional
      # - SERVERPORT=51820 #optional
      - PEERS=1 #optional
      - PEERDNS=auto #optional
      # - INTERNAL_SUBNET=10.13.13.0 #optional
      # - ALLOWEDIPS=0.0.0.0/0 #optional
      # - PERSISTENTKEEPALIVE_PEERS= #optional
      - LOG_CONFS=true #optional
    volumes:
      - ./config:/config
      - /lib/modules:/lib/modules #optional
    # ports:
    #   - 51820:51820/udp
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.wireguard.entrypoints=websecure"
      - "traefik.http.routers.wireguard.rule=Host(`wireguard.meftimes.com`)"
      - "traefik.http.routers.wireguard.middlewares=authelia@docker"
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped