services:

  nginx:
    image: nginx:latest
    container_name: nginx
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/conf.d:/etc/nginx/conf.d
      - ./nginx/certbot/www:/var/www/certbot
      - ./nginx/certbot/conf:/etc/letsencrypt
    extra_hosts:
      - "host.docker.internal:host-gateway"
    depends_on:
      - web
    restart: always

  wg-client:
    image: ghcr.io/linuxserver/wireguard
    container_name: wg-client
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Amsterdam
    volumes:
      - ./wg:/config  # сюда кладём ./wg/wg_confs/wg0.conf
    restart: always

  web:
    build: .
    container_name: flask-dev
    volumes:
      - .:/app
    environment:
      - FLASK_DEBUG=1
      - PYTHONUNBUFFERED=1
    network_mode: "service:wg-client"  # весь трафик Flask через VPN
    depends_on:
      - wg-client
    restart: always