wireguard docker

client-wg0.conf

[Interface]
Address = 10.13.13.2
PrivateKey = <hidden>
ListenPort = 51820
DNS = 10.13.13.1

[Peer]
PublicKey = <hidden>
Endpoint = <hidden>:51820
AllowedIPs = 0.0.0.0/0, ::/0

docker-compose.yml

---
version: "2.1"
services:
  wireguard:
    image: linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=0
      - PGID=0
      - TZ=Asia/Yekaterinburg
      - SERVERURL=<hidden>
      - SERVERPORT=51820
      - PEERS=3
      - PEERDNS=auto
      - INTERNAL_SUBNET=10.13.13.0
    volumes:
      - /root/.config/wireguard:/config
      - /lib/modules:/lib/modules
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped

server-wg0.conf

[Interface]
Address = 10.13.13.1
ListenPort = 51820
PrivateKey = <hidden>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = <hidden>
AllowedIPs = 10.13.13.2/32

[Peer]
PublicKey = <hidden>
AllowedIPs = 10.13.13.3/32

[Peer]
PublicKey = <hidden>
AllowedIPs = 10.13.13.4/32