networks: DOCKER_NETWORK_DATA: #LIBREPORTAL|DOCKER_NETWORK_TAG|DOCKER_NETWORK_DATA external: true services: wireguard-service: #LIBREPORTAL|SERVICE_TAG_1|wireguard-service container_name: wireguard-service image: ghcr.io/wg-easy/wg-easy:latest restart: unless-stopped hostname: wireguard environment: - PASSWORD_HASH=WIREGUARD_PASSWORD_DATA #LIBREPORTAL|WIREGUARD_PASSWORD_TAG|WIREGUARD_PASSWORD_DATA - WG_HOST=PUBLIC_IP_DATA #LIBREPORTAL|PUBLIC_IP_TAG|PUBLIC_IP_DATA - WG_DEFAULT_ADDRESS=WIREGUARD_SUBNET_DATA #LIBREPORTAL|WIREGUARD_SUBNET_TAG|WIREGUARD_SUBNET_DATA - WG_MTU=NETWORK_MTU_DATA #LIBREPORTAL|NETWORK_MTU_TAG|NETWORK_MTU_DATA - WG_ALLOWED_IPS=0.0.0.0/0,::/0 - WG_POST_UP=iptables -w -t nat -A POSTROUTING -o eth0 -j MASQUERADE; iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu - WG_POST_DOWN=iptables -w -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ; iptables -t mangle -D FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu volumes: - SOCKET_DATA #LIBREPORTAL|SOCKET_TAG|SOCKET_DATA - ./wireguard-data:/etc/wireguard # GLUETUN_OFF_BEGIN ports: - "PORTS_DATA_1" #LIBREPORTAL|PORTS_TAG_1|PORTS_DATA_1 - "PORTS_DATA_2" #LIBREPORTAL|PORTS_TAG_2|PORTS_DATA_2 # GLUETUN_OFF_END labels: libreportal.category: "CATEGORY_DATA" #LIBREPORTAL|CATEGORY_TAG|CATEGORY_DATA libreportal.title: "TITLE_DATA" #LIBREPORTAL|TITLE_TAG|TITLE_DATA cap_add: - NET_ADMIN - SYS_MODULE sysctls: - net.ipv4.ip_forward=1 - net.ipv4.conf.all.src_valid_mark=1 # GLUETUN_OFF_BEGIN networks: DOCKER_NETWORK_DATA: #LIBREPORTAL|DOCKER_NETWORK_TAG|DOCKER_NETWORK_DATA ipv4_address: IP_DATA_1 #LIBREPORTAL|IP_TAG_1|IP_DATA_1 # GLUETUN_OFF_END # GLUETUN_ON_BEGIN # network_mode: "container:gluetun-service" # GLUETUN_ON_END # >>> libreportal-monitoring >>> #wireguard-exporter: # container_name: wireguard-exporter # image: mindflavor/prometheus-wireguard-exporter:latest # restart: unless-stopped # cap_add: # - NET_ADMIN # network_mode: "service:wireguard-service" # depends_on: # - wireguard-service # command: ["--port", "PORT_INTERNAL_DATA_3"] #LIBREPORTAL|PORT_INTERNAL_TAG_3|PORT_INTERNAL_DATA_3 # <<< libreportal-monitoring <<<