services:
  wg-easy:
    image: ghcr.io/wg-easy/wg-easy
    container_name: wg-easy         
    environment:                    # Environment variables to configure the instance.
      - LANG=en                     # Language settings.
      - WG_HOST=                    # Public IP or domain name where WG-Easy is accessible.
      - PASSWORD=                   # Password for accessing the WG-Easy web interface.
      - PORT=51821                  # Port for the web interface.
    # - WG_PORT=51820               # WireGuard port for VPN traffic.
      - WG_DEFAULT_ADDRESS=10.10.0.x
      - WG_DEFAULT_DNS=192.168.X.X, 1.1.1.1
      - WG_MTU=1420
    # - WG_CONFIG_PORT=92820
      - WG_ALLOWED_IPS=0.0.0.0/0, ::/0
    volumes:
      - /srv/docker/wg-easy:/etc/wireguard   # Volume mapping for WireGuard configuration files.
    ports:
      - "51820:51820/udp"           # UDP port used by WireGuard.
      - "51821:51821/tcp"           # TCP port for accessing the web interface.
    cap_add:                        # Capabilities required for managing networking features.
      - NET_ADMIN
      - SYS_MODULE
    sysctls:                        # Kernel parameters that need to be set for WireGuard.
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv4.ip_forward=1
    restart: unless-stopped