infrastructure/coreos-config/compose/02_wireguard/docker-compose.yaml

---
version: '3.9'
services:
  wireguard:
    image: linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    security_opt:
      - label:disable
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Berlin
    volumes:
      - ./wg0.conf:/config/wg0.conf:ro,z
      - /lib/modules:/lib/modules:ro
    labels:
      - "com.centurylinklabs.watchtower.scope=update"
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv6.conf.all.disable_ipv6=0
    restart: unless-stopped
...