services:
  wireguard:
    image: linuxserver/wireguard
    cap_add:
      - NET_ADMIN
      - NET_RAW
      - SYS_MODULE
    sysctls:
      net.ipv4.conf.all.src_valid_mark: "1"
    volumes:
      - ./wireguard:/config
    ports:
      - "80:80"
      - "443:443"
      - "5432:5432"
      - "2222:2222"
      - "51820:51820/udp"
    restart: unless-stopped

  nginx:
    image: nginx:alpine
    network_mode: "service:wireguard"
    depends_on:
      - wireguard
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./nginx/conf.d:/etc/nginx/conf.d:ro
      - ./nginx/stream.d:/etc/nginx/stream.d:ro
      - ./ssl:/etc/nginx/certs:ro
      - ./html:/usr/share/nginx/html:ro
    restart: unless-stopped