services:

   wireguard: 
     image: linuxserver/wireguard
     container_name: wireguard
     restart: unless-stopped     
     cap_add: 
       - NET_ADMIN
       - SYS_MODULE
     environment: 
       - PUID=1000
       - PGID=1000
       - TZ=Europe/Berlin
       - SERVERURL=vpn.example.com #optional
       - SERVERPORT=51820 #optional
       - PEERS=1 #optional
       - PEERDNS=auto #optional
       - INTERNAL_SUBNET=10.13.13.0 #optional
       - ALLOWEDIPS=0.0.0.0/0 #optional
     volumes:
       - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/wireguard/config:/config
       - /usr/src:/usr/src # location of kernel headers
       - /lib/modules:/lib/modules
     ports:
       - 51820:51820/udp # wireguard vpn
     expose:
       - 51820
     sysctls:
       - net.ipv4.conf.all.src_valid_mark=1