---
wireguard_id: "{{ inventory_hostname }}-wireguard"

wireguard_docker:
  services:
    - name: "{{ wireguard_id }}"
      image_name: "{{ wireguard_image_name }}"
      image_version: "{{ wireguard_version }}"
      environment:
        - "PUID: \"1000\""
        - "PGID: \"1000\""
        - "TZ: \"Etc/UTC\""
        - "PEERS: 0"
        - "INTERNAL_SUBNET: \"{{ wireguard_network }}\""
      volumes:
        - '"./config/templates/server.conf:/config/templates/server.conf:rw"'
      ports:
        - external: "{{ service_port_wireguard }}"
          internal: "{{ service_port_wireguard }}/udp"
      restart: "unless-stopped"
      cap_add:
        - "NET_ADMIN"
        - "SYS_MODULE"
      sysctls:
        - "\"net.ipv4.conf.all.src_valid_mark=1\""