services:
    vpn:
        container_name: plex-vpn
        image: jordanpotter/wireguard
        cap_add:
            - NET_ADMIN
            - SYS_MODULE
        sysctls:
            net.ipv4.conf.all.src_valid_mark: 1
            net.ipv6.conf.all.disable_ipv6: 0
        volumes:
            ## Your WireGuard configuration file. Can be from any provider that allows you to generate WireGuard configurations for connections (e.g. Mullvad, AirVPN)
            ## The VPN service does not need to support port forwarding.
            - ./my-vpn-provider.conf/etc/wireguard/vpn.conf
        ports:
            ## Expose the Plex port locally, so the host can reverse proxy it. In my case I have NGINX installed directly on the host, and I basically just: `proxy_pass http://127.0.0.1:32400;`
            ## If you run NGINX Proxy Manager or similar, you will likely have to figure out slightly different solution
            - "127.0.0.1:32400:32400"
        restart: unless-stopped

    plex:
        image: plexinc/pms-docker:latest
        container_name: plex
        depends_on:
            - vpn
        ## The important line, makes all network traffic for the Plex container go through the VPN container.
        network_mode: "service:vpn"
        environment:
            ## I don't actually remember if these are necessary lmao
            - PUID=1000
            - PLEX_UID=1000
            - PGID=1000
            - PLEX_GID=1000
            - VERSION=docker
            ## Claim token, if needed
            # - PLEX_CLAIM=claim-rr-blah-blah-blah
        volumes:
            ## Plex configuration/logs/etc.
            - ./config:/config

            ## Change this to where you have your media stored.
            - /data/media:/media
        restart: unless-stopped
        ## Expose the [i]GPU to the container. For hardware transcoding
        devices:
            - /dev/dri:/dev/dri