services:
  init:
    image: busybox:1.37.0
    user: root:root
    command: /init.sh
    restart: no
    network_mode: none
    volumes:
      - ./init.sh:/init.sh:ro
      # Used for resolving user and group names within the init script
      - /etc/passwd:/etc/passwd:ro
      - /etc/group:/etc/group:ro
      # Mount all named volumes so they can be initialised
      - config:/config:rw

  wireguard:
    image: linuxserver/wireguard:1.0.20250521
    restart: unless-stopped
    depends_on:
      init:
        condition: service_completed_successfully
        restart: true
    cap_add:
      - NET_ADMIN
      # - SYS_MODULE
    networks:
      - wireguard_network
    ports:
      - 51820:51820/udp
    environment:
      PUID: "2024"
      PGID: "2024"
      TZ: "Etc/UTC"
      SERVERURL: "wireguard.kappeh.org"
      SERVERPORT: "51820"
      PEERS: "tetra"
      PEERDNS: "auto"
      # INTERNAL_SUBNET: "10.0.0.0"
      # ALLOWEDIPS: "0.0.0.0/0"
      PERSISTENTKEEPALIVE_PEERS: "all"
      LOG_CONFS: "true"
    volumes:
      - config:/config
      # - /lib/modules:/lib/modules

networks:
  wireguard_network:
    driver: bridge

volumes:
  config: