services:
  wireknock-client:
    image: wireknock
    build: .
    container_name: wireknock-client
    hostname: wireknock-client
    restart: always
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Madrid
      - INTERNAL_SUBNET=192.168.9.0
      - ALLOWEDIPS=192.168.9.0/24,0.0.0.0/0
      - SERVERURL=wireknock-server
      - SERVERPORT=51820
      - PERSISTENTKEEPALIVE_PEERS=all
      - LOG_CONFS=false
      - USE_COREDNS=false
    volumes:
      - ./config-client:/config
      - /lib/modules:/lib/modules:ro
      - ./open-sesame.sh:/custom-cont-init.d/open-sesame.sh:ro
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    healthcheck:
        test: ncat -4 -z -u $SERVERURL $SERVERPORT || kill 1
        interval: 1m
        retries: 2
        start_period: 1m
    network_mode: host