Docker compose is a powerful too, as is wireguard, and the MACVLAN networking stack is a no-brainer for anyone that wants to scale docker to anything other than a blob of gross mapped ports and NAT-P with linux bridge.

I wanted to do this, but found very little relevant or valid documentation on combining these technologies. Below is how I got this to work. First, start by adding a docker compose file to your docker hierarchy.

---
version: "3.3"
# ToDo Add MACVLAN build here. MACVLAN Network is created outside of this configuration currently
networks:
  vlan99:
    external: true  

services:
  wireguard:
    image: ghcr.io/linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Chicago
      - SERVERURL=wg.domain.com
      - SERVERPORT=51820
      - PEERS=user1,user2,user3,user4,user5,user6
      - PEERDNS=auto
      - INTERNAL_SUBNET=10.29.30.0 # ToDo Add IPv6 VPNNet
      - ALLOWEDIPS=10.6.1.0/25,10.5.1.0/26,10.4.1.0/25,10.3.1.0/25,10.2.1.0/25,172.16.1.0/25 #ToDo Add IPv6 block
    volumes:
      - /data/docker/volumes/wireguard:/config
      - /lib/modules:/lib/modules
    networks:
      vlan99:
        ipv4_address: 10.6.1.12
        # ToDo Add IPv6 static
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped
 

Create the MACVLAN network. This can be done in compose, but I already had this done so it is currently done as an external network.

docker network create -d macvlan --subnet=10.6.1.0/25 --gateway=10.6.1.1 --aux-address="reservedhost1=10.6.1.2" --aux-address="reservedhost2=10.6.1.3" --aux-address="dynamic29=10.6.1.29" --aux-address="dynamic30=10.6.1.30" --subnet=2001:db8:6:1::/64 --gateway=2001:db8:6:1::1 -o parent=eno4.99 vlan99