version: '3.8'

services:
  wireguard-client:
    build: .
    container_name: wireguard-client
    privileged: true
    cap_add:
      - NET_ADMIN
    environment:
      WG_ADDRESS: "10.0.0.2/24"
      WG_SERVER_PUBLIC_KEY: "YOUR_REAL_PUBLIC_KEY_HERE"
      WG_SERVER_ENDPOINT: "YOUR.SERVER.IP.HERE:51820"
      WG_ALLOWED_IPS: "0.0.0.0/0"
      WG_KEEPALIVE: "25"
      WG_IFACE: "enp0s3"
    volumes:
      - wg-keys:/etc/wireguard/keys
    network_mode: host
    restart: unless-stopped

volumes:
  wg-keys: