services:

  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    hostname: THEPRIVATESERVER
    cap_add:
      - NET_ADMIN
    environment:
      - TZ=America/Edmonton
    volumes:
      - ./wg0.conf:/config/wg_confs/wg0.conf
    restart: always
    sysctls:
      - net.ipv4.ip_forward=1

  caddy:
    image: caddy:latest
    restart: always
    # this is the special sauce.  This attaches this container to the
    # network context of the wireguard container.  Essentially this means
    # that Caddy is listening on 10.0.0.2 now.
    # If you have other containers exposing additional ports, do the same to them.
    network_mode: service:wireguard
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile    # Mount Caddyfile for configuration
      - ./webroot:/srv/www                  # Mount local www directory to container
      - ./data/caddy:/data/caddy            # Persistent storage for certificates