services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    restart: always
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=${PUID}
      - PGIDq=${PGID}
      - TZ=${TZ}
      - VPNSP=custom
      - VPN_TYPE=wireguard
      # For Wireguard
      - VPN_ENDPOINT_IP=${WIREGUARD_ENDPOINT}
      - VPN_ENDPOINT_PORT=${WIREGUARD_PORT}
      - WIREGUARD_PUBLIC_KEY=${WIREGUARD_PUBLIC_KEY}
      - WIREGUARD_PRIVATE_KEY=${WIREGUARD_PRIVATE_KEY}
      - WIREGUARD_ADDRESS=${WIREGUARD_ADDRESS}
    #labels:
      # Control Panel
      # - "traefik.enable=true"
      # - "traefik.http.routers.gluetun.rule=Host(`gluetun.${TRAEFIK_DOMAIN}`)"
      # - "traefik.http.routers.gluetun.middlewares=common-auth@file"
      # - "traefik.http.routers.gluetun.service=gluetun"
      # - "traefik.http.services.gluetun.loadbalancer.server.port=8000"
      # Traefik rules for VPN-enabled services (which have ot be accessed through gluetun) are defined in the samples/ directory
      # and are applied automatically in the update-all.sh script.

volumes:
  configgluetun:
    driver: local-persist
    driver_opts:
      mountpoint: $HOST_CONFIG_PATH/gluetun