job "wireguard" {
  region      = "global"
  datacenters = ["dc1"]
  type        = "service"
  // constraint {
  //   attribute = "${attr.cpu.arch}"
  //   operator  = "regexp"
  //   value     = "arm"
  // }
  group "wireguard" {
    count = 1


    task "wireguard" {
      driver = "docker"

      config {
        image   = "lscr.io/linuxserver/wireguard"
        ports   = ["vpn"]
        volumes = [
          "/mnt/Public/config/wireguard:/config",
          "/lib/modules:/lib/modules"
          ]
        cap_add = ["NET_ADMIN","SYS_MODULE"]
        // network_mode = "host"

        // network_mode      = "container:gocast-${NOMAD_ALLOC_ID}"
        sysctl = {
          "net.ipv4.conf.all.src_valid_mark"="1"
        }

      }
      env {
        TZ                  = "EST5EDT"
        PUID                = 1000
        PGID                = 1000
        SERVERURL="wireguard.fbleagh.duckdns.org"
        SERVERPORT=51820 
        PEERS="StuPhone,SurfaceGo,Surface,SurfaceGo3" 
        PEERDNS="192.168.1.250,192.168.1.1,1.1.1.1"
        // INTERNAL_SUBNET= "192.168.1.0" 
        ALLOWEDIPS="0.0.0.0/0"
      }
      service {
        name = "${TASKGROUP}"
        port = "vpn"
          tags = ["enable_gocast",
          "gocast_vip=192.168.1.241/32",
          "gocast_nat=tcp:51820:51820",
          "gocast_nat=udp:51820:51820"]
      }

      resources {
        cpu    = 50
        memory = 100
      }
    }

    network {
      port "vpn" {
        static = 51820
        to     = 51820
      }
    }
  }
}