docker-compose.yml

version: "3"

services:
  wg-easy:
    environment:
      - WG_HOST=CHANGE_ME_TO_YOUR_PUBLIC_IP_ADDRESS
      - PASSWORD=CHANGE_ME
      - WG_DEFAULT_DNS=10.8.1.3
    image: weejewel/wg-easy
    volumes:
      - ~/.wg-easy:/etc/wireguard
    ports:
      - "51820:51820/udp"
      - "51821:51821/tcp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
    networks:
      wg-easy:
        ipv4_address: 10.8.1.2
      
  adguard-unbound:
    container_name: adguard-unbound
    image: ghcr.io/hat3ph/adguard-unbound
    restart: unless-stopped
    hostname: adguard-unbound
    # Volumes store your data between container upgrades
    volumes:
      - "./adguard/opt-adguard-work:/opt/adguardhome/work" # adguard container work directory
      - "./adguard/opt-adguard-conf:/opt/adguardhome/conf" # adguard container conf directory
      - "./unbound:/opt/unbound" # map custom unbound config
      - "/usr/share/dns:/usr/share/dns" # map DNSSEC key and root hints from dns-root-data package
    ports:
      - 53:53/tcp # AdGuard Home DNS connection
      - 53:53/udp # AdGuard Home DNS connection
      - 3000:3000/tcp # AdGuard Home install web panel. Can disable after installation is completed.
      - 80:80/tcp # AdGuard Home web panel HTTP
      #- 443:443/tcp # AdGuard Home web panel HTTPS
      #- 784:784/udp # AdGuard Home DNS-over-QUIC service
      #- 853:853/tcp # AdGuard Home DNS-over-TLS/QUIC service
      #- 67:67/udp # DHCP server
      #- 68:68/udp # DHCP server
      - 5053:5053/tcp # Uncomment to enable unbound access on local server
      - 5053:5053/udp # Uncomment to enable unbound access on local server
    networks:
      wg-easy:
        ipv4_address: 10.8.1.3

networks:
  wg-easy:
    ipam:
      config:
        - subnet: 10.8.1.0/24