---
services:
  openvpn-server:
    build:
      context: .
      dockerfile: test/Dockerfile.server
      args:
        BASE_IMAGE: ${BASE_IMAGE:-ubuntu:24.04}
        ENABLE_FIREWALLD: ${ENABLE_FIREWALLD:-n}
        ENABLE_NFTABLES: ${ENABLE_NFTABLES:-n}
    container_name: openvpn-server
    hostname: openvpn-server
    privileged: true
    cgroupns: host
    devices:
      - /dev/net/tun:/dev/net/tun
    sysctls:
      - net.ipv4.ip_forward=1
    volumes:
      - shared-config:/shared
      - /sys/fs/cgroup:/sys/fs/cgroup:rw
    tmpfs:
      - /run
      - /run/lock
    networks:
      vpn-test:
        ipv4_address: 172.28.0.10
    stop_signal: SIGRTMIN+3
    healthcheck:
      test: ["CMD", "pgrep", "openvpn"]
      interval: 5s
      timeout: 3s
      retries: 30

  openvpn-client:
    build:
      context: .
      dockerfile: test/Dockerfile.client
    container_name: openvpn-client
    hostname: openvpn-client
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    volumes:
      - shared-config:/shared
    networks:
      vpn-test:
        ipv4_address: 172.28.0.20
    depends_on:
      openvpn-server:
        condition: service_healthy

volumes:
  shared-config:

networks:
  vpn-test:
    driver: bridge
    ipam:
      config:
        - subnet: 172.28.0.0/24