---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: wireguard
  labels:
    app: wireguard
spec:
  replicas: 1
  selector:
    matchLabels:
      app: wireguard
  template:
    metadata:
      labels:
        app: wireguard
    spec:
      containers:
      - name: wireguard
        image: lscr.io/linuxserver/wireguard:latest
        imagePullPolicy: Always
        securityContext:
          capabilities:
           add:
             - NET_ADMIN
             - SYS_MODULE
        env:
        - name: PUID
          value: "1000"
        - name: PGID
          value: "1000"
        - name: SERVERURL
          value: "wireguard.dezendorf.net"
        - name: SERVERPORT
          value: "51820"
        - name: PEERS
          value: "2"
        - name: PEERDNS
          value: "192.168.1.87"
        - name: INTERNAL_SUBNET
          value: "192.168.1.0/24"
        - name: ALLOWEDIPS
          value: "0.0.0.0/0"
        - name: LOG_CONFS
          value: "true"

        ports:
        - name: wireguard-udp
          containerPort: 51820
          protocol: UDP
        volumeMounts:
        - name: wireguard-config-nfs
          mountPath: "/config"
          subPath: "wireguard/config"
      volumes:
      - name: wireguard-config-nfs
        nfs:
          server: 192.168.1.87
          path: /tank/svc
---
apiVersion: v1
kind: Service
metadata:
  name: wireguard-udp-svc
spec:
  type: ClusterIP
  selector:
    app: wireguard
  ports:
    - name: wireguard-udp
      port: 51820
      targetPort: 51820
      protocol: UDP