version: '3.7' services: wireguard: image: lscr.io/linuxserver/wireguard:latest deploy: mode: replicated replicas: 1 restart_policy: condition: any delay: 30s placement: constraints: - node.labels.POWER == true volumes: - /mnt/nfs/wireguard:/config - /lib/modules:/lib/modules ports: - 51821:51820/udp environment: - TZ=Europe/Paris - SERVERURL=vpn.bhasher.com - SERVERPORT=51821 - PEERS=5 - PEERDNS=auto - INTERNAL_SUBNET=10.13.14.0 - ALLOWEDIPS=0.0.0.0/0 cap_add: - NET_ADMIN - SYS_MODULE sysctls: - net.ipv4.conf.all.src_valid_mark=1 depends_on: - system_keepalived - system_nfs