job "wireguard" {
  region      = "global"
  datacenters = ["dc1"]
  type        = "service"

constraint {
    attribute = "${attr.cpu.arch}"
    operator  = "regexp"
    value     = "amd64"
  }

  group "wireguard" {
    count = 1
    task "wireguard" {
      driver = "docker"
      config {
        image   = "ghcr.io/wg-easy/wg-easy"
        ports   = ["vpn","vpn_ui"]
        volumes = [
          "/mnt/Public/config/wireguard:/etc/wireguard",
          ]
        cap_add = ["NET_ADMIN","SYS_MODULE"]
        sysctl = {
          "net.ipv4.conf.all.src_valid_mark"="1"
          "net.ipv4.ip_forward"="1"
        }

      }
      env {
        TZ                  = "EST5EDT"
        PUID                = 1000
        PGID                = 1000
        WG_HOST="wireguard.fbleagh.duckdns.org"
        WG_PORT=51820 
        PORT=51821
        WEBUI_HOST="0.0.0.0"
        WG_ALLOWED_IPS="0.0.0.0/0"
        UI_TRAFFIC_STATS="true"
        UI_CHART_TYPE=1
        WG_DEFAULT_DNS="192.168.4.36, 8.8.8.8"
      }
      service {
        name = "${TASKGROUP}"
        port = "vpn"
      }

      resources {
        cpu    = 50
        memory = 100
      }
    }

    network {
      port "vpn" {
        static = 51820
        to     = 51820
      }
      port "vpn_ui" {
        static = 51821
        to     = 51821
      }

    }
  }
}