docker-compose.yml

---
version: '3.9'
services:

  wiresocks:
    image: ghcr.io/sensepost/wiresocks:latest
    build:
      dockerfile: Dockerfile
    container_name: wiresocks
    mem_limit: 1gb
    memswap_limit: 2gb
    mem_reservation: 512m
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    environment:
      - LOGLEVEL=${LOGLEVEL:-info}
      - TUN=tun0
      - ADDR=198.18.0.1/15
      - MTU=9000

      # What we care about:
      - PROXY=${PROXY_ADDRESS}
      - TUN_INCLUDED_ROUTES=${TARGET_ROUTES}

      # optional options avaliable with tun2socks
      #- STATS=:8080
      - RESTAPI=
      - TCP_SNDBUF=
      - TCP_RCVBUF=
      - TCP_AUTO_TUNING=1
      - UDP_TIMEOUT=
      - EXTRA_COMMANDS=
    networks:
      - wiresocks
    extra_hosts:
      # So you can easily reference your host docker interface for the docker network
      - host.docker.internal:host-gateway
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
    ports:
      # Because we are going to use this containers network for wireguard we have to port forward here
      - ${WG_UDP_PORT}:${WG_UDP_PORT}/udp
    restart: unless-stopped

  wireguard:
    image: lscr.io/linuxserver/wireguard
    container_name: wireguard
    depends_on:
      - wiresocks
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    env_file:
      - .env
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
      - SERVERPORT=${WG_UDP_PORT}
      # These are just settings that get populated into the client configs, you can edit the config after creation
      - SERVERURL=${WG_HOST}
      - PEERS=${WG_PEERS}
      - INTERNAL_SUBNET=10.13.13.0
      - ALLOWEDIPS=10.13.13.0/24,${TARGET_ROUTES}
      - TARGET_ROOT_DOMAINS=${TARGET_ROOT_DOMAINS}
    volumes:
      # this is where the wireguard peer configs will live
      - ./config:/config
      - /lib/modules:/lib/modules
      #
      - ./init.d:/custom-cont-init.d:ro
      #- ./coredns:/config/coredns
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    network_mode: container:wiresocks
    restart: unless-stopped

networks:
  wiresocks:
    name: wiresocks
    driver: bridge
    driver_opts:
      com.docker.network.bridge.name: wiresocks0