version: "3.7"

services:
  wireguard:
    container_name: wireguard
    image: lscr.io/linuxserver/wireguard:latest
    volumes:
    - /mnt/Main/containers/wireguard/config:/config
    - /lib/modules:/lib/modules
    ports:
    - 51820:51820/udp
    environment:
    - TZ=Europe/Paris
    - SERVERURL=vpn.bhasher.com
    - SERVERPORT=51820
    - PEERS=5
    - PEERDNS=auto
    - INTERNAL_SUBNET=10.13.13.0
    - ALLOWEDIPS=0.0.0.0/0
    cap_add:
    - NET_ADMIN
    - SYS_MODULE
    sysctls:
    - net.ipv4.conf.all.src_valid_mark=1
    restart: always

  syncthing:
    container_name: syncthing
    image: syncthing/syncthing:latest
    hostname: TrueNAS
    environment:
    - PUID=33
    - PGID=33
    ports:
    - 8384:8384
    volumes:
    - /mnt/Main/containers/syncthing:/var/syncthing:rw
    - /mnt/Main/redondant/brieuc/SyncDocuments:/mnt/SyncDocuments:rw
    - /mnt/Main/redondant/brieuc/Pictures:/mnt/pictures:rw
    labels:
    - "traefik.enable=true"
    - "traefik.http.routers.syncthing.rule=Host(`syncthing.bhasher.com`)"
    - "traefik.http.routers.syncthing.entrypoints=internalsecure"
    - "traefik.http.services.syncthing.loadbalancer.server.port=8384"
    - "traefik.http.routers.syncthing.tls=true"
    - "traefik.http.routers.syncthing.tls.certresolver=http"
    ports:
    - 22000:22000/tcp # TCP file transfers
    - 22000:22000/udp # QUIC file transfers
    - 21027:21027/udp # Receive local discovery broadcasts
    restart: unless-stopped
    networks:
    - external

networks:
  external:
    external: true