services:
  wg-easy:
    image: ghcr.io/wg-easy/wg-easy:15.2.2
    container_name: wg-easy
    restart: unless-stopped

    mem_limit: "${WG_MEM_LIMIT:-256m}"
    memswap_limit: "${WG_MEMSWAP_LIMIT:-256m}"
    cpus: "${WG_CPUS:-1.0}"

    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"

    healthcheck:
      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:51821/"]
      interval: 60s
      timeout: 10s
      retries: 3
      start_period: 30s

    environment:
      TZ: "${TZ}"
      INSECURE: "true"

    volumes:
      - ./wg-data:/etc/wireguard

    tmpfs:
      - /tmp:size=32m,mode=1777

    ports:
      - "${WG_PORT:-51820}:51820/udp"
      - "${WG_UI_PORT:-51821}:51821/tcp"

    cap_add:
      - NET_ADMIN
      - SYS_MODULE

    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv6.conf.all.forwarding=1