job "wireguard" {
  region      = "global"
  datacenters = ["dc1"]
  type        = "service"

  constraint {
    attribute = "${node.unique.name}"
    value     = "opti1"
  }

  group "wireguard" {
    count = 1

    task "wireguard" {
      driver = "docker"
      config {
        image   = "ghcr.io/wg-easy/wg-easy"
        ports   = ["vpn", "ui"]
        volumes = [
          "/mnt/Public/config/wireguard:/etc/wireguard",
        ]
        cap_add = ["NET_ADMIN", "SYS_MODULE"]
        sysctl = {
          "net.ipv4.conf.all.src_valid_mark" = "1"
          "net.ipv4.ip_forward"              = "1"
        }
      }

env {
  TZ                 = "EST5EDT"
  WG_HOST            = "wireguard.fbleagh.duckdns.org"
  WG_PORT            = 51820
  WG_DEFAULT_DNS     = "192.168.4.250,192.168.4.1,1.1.1.1"
  WG_DEFAULT_ADDRESS = "10.8.0.x"
  WG_ALLOWED_IPS     = "0.0.0.0/0"
  PASSWORD_HASH      = "$2a$12$WAdMQQAoOqtANtsH09hVtuOnCvvghOX9oLZjGkUsovOjgkbPmMdtq"
}

      service {
        name = "${TASKGROUP}"
        port = "vpn"
        tags = [
          "enable_gocast",
          "gocast_vip=192.168.1.241/32",
          "gocast_nat=tcp:51820:51820",
          "gocast_nat=udp:51820:51820",
        ]
      }

      service {
        name = "${TASKGROUP}-ui"
        port = "ui"
        tags = ["wireguard-ui"]
      }

      resources {
        cpu    = 50
        memory = 128
      }
    }

    network {
      port "vpn" {
        static = 51820
        to     = 51820
      }
      port "ui" {
        static = 51821
        to     = 51821
      }
    }
  }
}