version: "3"

services:
  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1026
      - PGID=100
      - TZ=Europe/Bratislava
    volumes:
      - /volume1/docker/wireguard:/config
    ports:
      - "5000:5000"
      - "51820:51820/udp"
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: always

  wireguard-ui:
    image: ngoduykhanh/wireguard-ui:latest
    container_name: wireguard-ui
    depends_on:
      - wireguard
    cap_add:
      - NET_ADMIN
    network_mode: service:wireguard
    environment:
      - TZ=Europe/Bratislava
      - EMAIL_FROM_ADDRESS=YOUR@EMAIL.COM
      - EMAIL_FROM_NAME=WireGuard
      - SMTP_PORT=587
      - SMTP_USERNAME=YOUR@EMAIL.COM
      - SMTP_PASSWORD=EMAIL_PASSWORD
      - SMTP_ENCRYPTION=STARTTLS
      - SMTP_HOSTNAME=smtp.mail.com
      - SMTP_AUTH_TYPE=LOGIN
      - SESSION_SECRET=ANY_LONG_STRING
      - WGUI_USERNAME=admin
      - WGUI_PASSWORD=admin
      - WGUI_MANAGE_START=true
      - WGUI_MANAGE_RESTART=true
      - 'WGUI_SERVER_POST_UP_SCRIPT=iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE'
      - 'WGUI_SERVER_POST_DOWN_SCRIPT=iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE'
      - WGUI_SERVER_LISTEN_PORT=51820
      - 'WGUI_DEFAULT_CLIENT_ALLOWED_IPS=0.0.0.0/0,::/0'
      - WGUI_ENDPOINT_ADDRESS=IP or DNS name
      - WGUI_MTU=none
      - WGUI_PERSISTENT_KEEPALIVE=none
      - WGUI_SERVER_INTERFACE_ADDRESSES=10.0.110.0/24
      - WGUI_DNS=1.1.1.1
      - WGUI_LOG_LEVEL=INFO
    logging:
      driver: json-file
      options:
        max-size: 50m
    volumes:
      - /volume1/docker/wireguard/ui:/app/db
      - /volume1/docker/wireguard:/etc/wireguard
    restart: always