volumes:
  etc_wireguard:

services:
  amnezia-wg-easy:
    env_file:
      - .env
    image: amnezia-wg-easy
    build:
      context: .
    container_name: amnezia-wg-easy
    volumes:
      - etc_wireguard:/etc/wireguard
    ports:
      - "${WG_PORT}:${WG_PORT}/udp"
      - "${PORT}:${PORT}/tcp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
      # - NET_RAW # ⚠️ Uncomment if using Podman
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
    devices:
    - /dev/net/tun:/dev/net/tun