davide
9016605f0d
- wg-init: isolate with network_mode:none, drop repo mount, use explicit PUID/PGID env vars instead of stat trick - wg-easy: add read_only filesystem, /run tmpfs, no-new-privileges - .env.example: simplify and document PUID/PGID Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
20 lines
570 B
Bash
20 lines
570 B
Bash
# Fuso orario IANA — obbligatorio
|
|
TZ=Europe/Rome
|
|
|
|
# UID/GID dell'utente host proprietario di wg-data/ (trova con: id -u && id -g)
|
|
# PUID=1000
|
|
# PGID=1000
|
|
|
|
# Porte esposte sull'host (opzionali, default mostrati)
|
|
# WG_PORT=51820
|
|
# WG_UI_PORT=51821
|
|
|
|
# Limiti risorse container (opzionali — adatta alla RAM disponibile)
|
|
# 512 MB → WG_MEM_LIMIT=96m
|
|
# 1 GB → WG_MEM_LIMIT=128m
|
|
# 2 GB+ → WG_MEM_LIMIT=256m ← default
|
|
# Tenere WG_MEMSWAP_LIMIT = WG_MEM_LIMIT per disabilitare lo swap del container.
|
|
# WG_MEM_LIMIT=256m
|
|
# WG_MEMSWAP_LIMIT=256m
|
|
# WG_CPUS=1.0
|