services: wireguard: image: linuxserver/wireguard container_name: wireguard restart: unless-stopped cap_add: - NET_ADMIN - SYS_MODULE environment: - PUID=1000 - PGID=1000 - TZ=Europe/Berlin - SERVERURL=vpn.example.com #optional - SERVERPORT=51820 #optional - PEERS=1 #optional - PEERDNS=auto #optional - INTERNAL_SUBNET=10.13.13.0 #optional - ALLOWEDIPS=0.0.0.0/0 #optional volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/wireguard/config:/config - /usr/src:/usr/src # location of kernel headers - /lib/modules:/lib/modules ports: - 51820:51820/udp # wireguard vpn expose: - 51820 sysctls: - net.ipv4.conf.all.src_valid_mark=1