43 lines
1.2 KiB
Django/Jinja
43 lines
1.2 KiB
Django/Jinja
version: '3.7'
|
|
|
|
networks:
|
|
traefik:
|
|
external: true
|
|
|
|
volumes:
|
|
wireguard__etc_wireguard:
|
|
external: true
|
|
|
|
services:
|
|
wireguard:
|
|
container_name: wireguard
|
|
image: weejewel/wg-easy:{{ wireguard_version | default("latest") }}
|
|
restart: unless-stopped
|
|
ports:
|
|
- "{{ wireguard_port | default("51820") }}:51820/udp"
|
|
volumes:
|
|
- 'wireguard__etc_wireguard:/etc/wireguard'
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- SYS_MODULE
|
|
sysctls:
|
|
- net.ipv4.conf.all.src_valid_mark=1
|
|
- net.ipv4.ip_forward=1
|
|
environment:
|
|
- WG_HOST={{ wireguard_domain }}
|
|
- PASSWORD={{ wireguard_password }}
|
|
labels:
|
|
traefik.enable: true
|
|
traefik.docker.network: traefik
|
|
traefik.http.routers.wireguard.rule: Host(`{{ wireguard_domain }}`)
|
|
traefik.http.routers.wireguard.tls: true
|
|
traefik.http.routers.wireguard.tls.certresolver: letsencrypt
|
|
traefik.http.routers.wireguard.entrypoints: websecure
|
|
{% if traefik_ipwhitelist is defined %}
|
|
traefik.http.routers.wireguard.middlewares: "clientips@docker"
|
|
{% endif %}
|
|
traefik.http.services.wireguard.loadbalancer.server.port: 51821
|
|
com.centurylinklabs.watchtower.enable: {{ wireguard_watchtower_enable | default('true') }}
|
|
networks:
|
|
- traefik
|