created two contaners, one for wireguard and another for tailscale

compose.yml

@@ -0,0 +1,62 @@
+---
+# version: "3.2.3"
+networks:
+  wg:
+    driver: bridge
+  default:
+    driver: bridge
+volumes:
+  tscale_data:
+    driver: local
+  actual_data:
+    driver: local
+services:
+  # @NOTE https://oneuptime.com/blog/post/2026-03-18-use-podman-containers-wireguard-vpn/view
+  wgclient:
+    image: lscr.io/linuxserver/wireguard:latest
+    container_name: wgclient
+    cap_add:
+      # - SYS_MODULE
+      - NET_ADMIN
+    restart: unless-stopped
+    volumes:
+      # - /lib/modules:/lib/modules:ro
+      - ~/.config/wireguard:/config/wg-confs:Z
+    networks:
+      - wg
+    ports:
+      - 51820:51820/udp
+    environment:
+      TZ: Etc/UTC
+      PUID: 1000
+      GUID: 1000
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1
+      - net.ipv6.conf.all.src_valid_mark=1
+      - net.ipv6.ip_forward=1data
+      - net.ipv4.ip_forward=1
+
+  # @NOTE https://tailscale.com/docs/features/containers/docker
+  # @NOTE https://tailscale.com/blog/docker-tailscale-guide
+  tailclient:
+    image: tailscale/tailscale:latest
+    container_name: tailclient
+    cap_add:
+      # - SYS_MODULE
+      - NET_ADMIN
+    restart: unless-stopped
+    volumes:
+      # - /lib/modules:/lib/modules:ro
+      - tscale_data:/var/lib/tailscale
+      - ~/.config/tailscale:/config
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    hostname: nirvana
+    environment:
+      TS_AUTHKEY: ${TS_AUTHKEY:?Provide authentication key}?ephemeral=false
+      TS_SERVE_CONFIG: /config/${TS_SERVE_CONFIG_BASENAME:?Provide a basename for the Tailscale Serve configuration file}.json
+      TS_EXTRA_ARGS: "--advertise-tags=tag:container"
+      TS_STATE_DIR: "/var/lib/tailscale"
+
+  # @TODO make subsequent containers have 'network_mode' attrbute set to value 'service:wgclient'/'service:tailclient'
+  #   OR make subsequent containers have 'networks' attribute set to list value with 'container:wgclient'/'contaner:tailclient' item