data "docker_registry_image" "wireguard" {
  name = "masipcat/wireguard-go:latest"
}

resource "docker_image" "wireguard" {
  name = data.docker_registry_image.wireguard.name
  pull_triggers = [data.docker_registry_image.wireguard.sha256_digest]
}

resource "docker_network" "wireguard" {
  name = "wireguard"
}

resource "docker_container" "wireguard" {
  image = docker_image.wireguard.image_id
  name = "wireguard"

  capabilities {
    add = ["NET_ADMIN"]
  }

  env = [
    "TZ=Europe/Amsterdam",
    "PEERS=1"
  ]

  mounts {
    target = "/etc/wireguard"
    source = "/share/appdata/wireguard"
    type = "bind"
  }

  mounts {
    target = "/dev/net/tun"
    source = "/dev/net/tun"
    type = "bind"
  }

  restart = "always"

  networks_advanced {
    name = docker_network.bridge.name
    ipv4_address = "192.168.2.120"
  }

  lifecycle {
    ignore_changes = [
      ulimit,
      log_opts
    ]
  }
}