version: '2.2'

networks:
  proxy:
    external: true

services:
  proxy:
    container_name: proxy
    restart: always
    image: nginxproxy/nginx-proxy:latest
    privileged: true
    ports:
      - 80:80
      - 443:443
    volumes:
      - /srv/.webcerts:/etc/nginx/certs:rw
      - /srv/proxy/other/vhost.d:/etc/nginx/vhost.d
      - /srv/proxy/data/html:/usr/share/nginx/html
      - /srv/proxy/config/nginx.conf:/etc/nginx/nginx.conf
      - /var/run/docker.sock:/tmp/docker.sock
    labels:
      - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true
    networks:
      proxy:

  letsencrypt:
    container_name: letsencrypt
    restart: always
    image: nginxproxy/acme-companion
    depends_on:
      - proxy
    volumes:
      - /srv/.webcerts:/etc/nginx/certs:rw
      - /srv/proxy/config/conf.d:/etc/nginx/conf.d
      - /srv/proxy/other/vhost.d:/etc/nginx/vhost.d
      - /srv/proxy/data/html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - DEFAULT_EMAIL=webmaster@faulty.nl
      - DEFAULT_HOST=home.famslof.nl
      #- NGINX_DOCKER_GEN_CONTAINER=proxy
    networks:
      proxy:

  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Amsterdam
      - SERVERURL=neo.faulty.nl
      - SERVERPORT=51820
      - PEERS=1
      - PEERDNS=auto
      - INTERNAL_SUBNET=10.13.13.0
      - ALLOWEDIPS=0.0.0.0/0
      - LOG_CONFS=true
    volumes:
      - /srv/wireguard/config:/config
      - /lib/modules:/lib/modules
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped