services:
  wg-easy:
    image: ghcr.io/wg-easy/wg-easy
    container_name: wg-easy
    environment:
      - WG_HOST=ellastore.unusualperson.com
      - PASSWORD_HASH=${PASSWORD_HASH}
      - WG_DEFAULT_DNS=192.168.2.106,1.1.1.1
      - WG_ALLOWED_IPS=10.8.0.0/24,192.168.2.0/24
    volumes:
      - ~/.wg-easy:/etc/wireguard
    ports:
      - "51820:51820/udp"
      - "51821:51821/tcp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
