Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- version: '2.4'
- services:
- ################################################################################ EXPOSED
- traefik:
- profiles: [server2]
- image: traefik
- container_name: traefik
- network_mode: host
- environment:
- - TZ=Europe/Amsterdam
- - CLOUDFLARE_DNS_API_TOKEN=${TRAEFIK_CLOUDFLARE_DNS_API_TOKEN}
- - LEGO_DISABLE_CNAME_SUPPORT=true
- - TRAEFIK_DOMAIN=${TRAEFIK_DOMAIN}
- command:
- - --log.level=DEBUG
- - --api.dashboard=true
- - --api.insecure=true
- - --providers.docker=true
- - --providers.docker.exposedByDefault=false
- - --providers.file.directory=/etc/traefik
- - --providers.file.watch=true
- - --entrypoints.websecure.address=:443
- - --entrypoints.websecure.http.tls.domains[0].main=*.${TRAEFIK_DOMAIN}
- - --entrypoints.websecure.http.tls.certresolver=cloudflare
- - --certificatesresolvers.cloudflare.acme.dnschallenge=true
- - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare
- - --certificatesResolvers.cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
- - --certificatesResolvers.cloudflare.acme.dnsChallenge.delayBeforeCheck=5
- - --certificatesresolvers.cloudflare.acme.email=xxxxxxx@${TRAEFIK_DOMAIN}
- - --certificatesresolvers.cloudflare.acme.storage=/etc/traefik/acme.json
- - --serverstransport.insecureskipverify=true
- volumes:
- - /var/run/docker.sock:/var/run/docker.sock:ro
- - /volume1/docker/traefik:/etc/traefik
- restart: always
- mem_limit: 250m
- memswap_limit: 250m
- security_opt:
- - no-new-privileges:true
- oc:
- profiles: [server2]
- image: mbentley/omada-controller
- container_name: oc
- ulimits:
- nofile:
- soft: 4096
- hard: 8192
- stop_grace_period: 60s
- network_mode: host
- environment:
- - PUID=508
- - PGID=508
- - TZ=Europe/Amsterdam
- labels:
- - traefik.enable=true
- - traefik.http.services.oc.loadbalancer.server.scheme=https
- - traefik.http.services.oc.loadbalancer.server.port=8043
- - traefik.http.routers.oc.rule=Host(`oc.${TRAEFIK_DOMAIN}`)
- - traefik.http.routers.oc.entrypoints=websecure
- - traefik.http.routers.oc.middlewares=internal@file
- volumes:
- - /root/oc/data:/opt/tplink/EAPController/data
- - /root/oc/logs:/opt/tplink/EAPController/logs
- restart: always
- healthcheck:
- disable: true
- mem_limit: 2000m
- memswap_limit: 2000m
- security_opt:
- - no-new-privileges:true
- homepage:
- profiles: [server2]
- image: ghcr.io/gethomepage/homepage@sha256:b230141fcb3b824c58b972f519f023238b12c8050db84098f0a2ca8470fdec9c
- container_name: homepage
- environment:
- - TZ=Europe/Amsterdam
- - HOMEPAGE_VAR_COMMON_PW=${AGH_PASS}
- - HOMEPAGE_VAR_HASS_PW=${HOMEPAGE_VAR_HASS_PW}
- - HOMEPAGE_VAR_OC_PW=${OMADA_PASSWORD}
- - HOMEPAGE_VAR_BAZARR_TOKEN=${HOMEPAGE_VAR_BAZARR_TOKEN}
- - HOMEPAGE_VAR_SONARR_TOKEN=${HOMEPAGE_VAR_SONARR_TOKEN}
- - HOMEPAGE_VAR_RADARR_TOKEN=${HOMEPAGE_VAR_RADARR_TOKEN}
- - HOMEPAGE_VAR_PROWLARR_TOKEN=${HOMEPAGE_VAR_PROWLARR_TOKEN}
- - HOMEPAGE_VAR_PLEX_TOKEN=${HOMEPAGE_VAR_PLEX_TOKEN}
- - HOMEPAGE_VAR_OVERSEERR_TOKEN=${HOMEPAGE_VAR_OVERSEERR_TOKEN}
- - HOMEPAGE_VAR_DSM_PW=${HOMEPAGE_VAR_DSM_PW}
- - HOMEPAGE_VAR_DOMAIN=${TRAEFIK_DOMAIN}
- labels:
- - traefik.enable=true
- - traefik.http.services.homepage.loadbalancer.server.port=3000
- - traefik.http.routers.homepage.rule=Host(`homepage.${TRAEFIK_DOMAIN}`)
- - traefik.http.routers.homepage.priority=99
- - traefik.http.routers.homepage.entrypoints=websecure
- - traefik.http.routers.homepage.middlewares=external@file,auth@file
- - traefik.http.routers.homepagelan.rule=Host(`homepage.${TRAEFIK_DOMAIN}`) && ClientIP(`10.10.10.0/24`, `10.10.11.1/30`)
- - traefik.http.routers.homepagelan.priority=100
- - traefik.http.routers.homepagelan.entrypoints=websecure
- - traefik.http.routers.homepagelan.middlewares=internal@file
- volumes:
- - /volume1/docker/homepage:/app/config
- - /volume1/docker/homepage/images:/app/public/images
- restart: always
- healthcheck:
- disable: true
- mem_limit: 250m
- memswap_limit: 250m
- security_opt:
- - no-new-privileges:true
- hass:
- profiles: [server2]
- image: linuxserver/homeassistant
- container_name: hass
- network_mode: host
- environment:
- - TZ=Europe/Amsterdam
- labels:
- - traefik.enable=true
- - traefik.http.services.hass.loadbalancer.server.port=8123
- - traefik.http.routers.hass.rule=Host(`hass.${TRAEFIK_DOMAIN}`)
- - traefik.http.routers.hass.entrypoints=websecure
- - traefik.http.routers.hass.middlewares=external@file
- volumes:
- - /root/hass:/config
- - /run/dbus:/run/dbus:ro
- devices:
- - /dev/ttyACM0:/dev/ttyACM0
- restart: always
- mem_limit: 2000m
- memswap_limit: 2000m
- security_opt:
- - no-new-privileges:true
- plex:
- profiles: [server2]
- image: linuxserver/plex
- container_name: plex
- ports:
- - 32400:32400/tcp
- environment:
- - PUID=1000
- - PGID=100
- - TZ=Europe/Amsterdam
- - VERSION=docker
- labels:
- - traefik.enable=true
- - traefik.http.services.plex.loadbalancer.server.port=32400
- - traefik.http.routers.plex.rule=Host(`plex.${TRAEFIK_DOMAIN}`)
- - traefik.http.routers.plex.entrypoints=websecure
- - traefik.http.routers.plex.middlewares=external@file
- volumes:
- - /root/plex:/config
- - /volume1/media:/media:ro
- devices:
- - /dev/dri:/dev/dri
- restart: always
- mem_limit: 3000m
- memswap_limit: 3000m
- security_opt:
- - no-new-privileges:true
- overseerr:
- profiles: [server2]
- image: linuxserver/overseerr
- container_name: overseerr
- ports:
- - 5055:5055
- environment:
- - PUID=1000
- - PGID=100
- - TZ=Europe/Amsterdam
- labels:
- - traefik.enable=true
- - traefik.http.services.overseerr.loadbalancer.server.port=5055
- - traefik.http.routers.overseerr.rule=Host(`overseerr.${TRAEFIK_DOMAIN}`)
- - traefik.http.routers.overseerr.entrypoints=websecure
- - traefik.http.routers.overseerr.middlewares=external@file
- volumes:
- - /volume1/docker/overseerr:/config
- restart: always
- mem_limit: 500m
- memswap_limit: 500m
- security_opt:
- - no-new-privileges:true
- ################################################################################
- gluetun:
- profiles: [server1]
- image: qmcgaw/gluetun
- container_name: gluetun
- ports:
- - 8888:8888/tcp # HTTPPROXY
- - 8080:8080
- sysctls:
- - net.ipv6.conf.all.disable_ipv6=0
- cap_add:
- - NET_ADMIN
- environment:
- - TZ=Europe/Amsterdam
- - DOT=off
- - HTTPPROXY=on
- - HTTPPROXY_STEALTH=on
- - VPN_TYPE=wireguard
- - VPN_SERVICE_PROVIDER=airvpn
- - DNS_ADDRESS=${AIRVPN_WG_DNS}
- - SERVER_NAMES=${AIRVPN_SERVER_NAMES}
- - SERVER_COUNTRIES=${AIRVPN_COUNTRIES}
- - FIREWALL_VPN_INPUT_PORTS=${AIRVPN_WG_PEER_PORT}
- - WIREGUARD_ADDRESSES=${AIRVPN_WG_ADDRESSES}
- - WIREGUARD_PRIVATE_KEY=${AIRVPN_WG_PRIVATE_KEY}
- - WIREGUARD_PRESHARED_KEY=${AIRVPN_WG_PRESHARED_KEY}
- volumes:
- - /volume1/docker/gluetun:/gluetun
- devices:
- - /dev/net/tun:/dev/net/tun
- restart: always
- healthcheck:
- disable: true
- mem_limit: 250m
- memswap_limit: 250m
- security_opt:
- - no-new-privileges:true
- qbit:
- profiles: [server1]
- image: linuxserver/qbittorrent
- container_name: qbit
- network_mode: service:gluetun
- environment:
- - PUID=1000
- - PGID=100
- - TZ=Europe/Amsterdam
- - WEBUI_PORT=8080
- volumes:
- - /volume1/docker/qbittorrent:/config
- - /volume1/media:/media
- restart: always
- depends_on:
- - gluetun
- mem_limit: 1000m
- memswap_limit: 1000m
- security_opt:
- - no-new-privileges:true
- unpackerr:
- profiles: [server1]
- image: golift/unpackerr
- container_name: unpackerr
- environment:
- - TZ=Europe/Amsterdam
- user: 1000:100
- volumes:
- - /volume1/docker/unpackerr:/config
- - /volume1/media:/media
- restart: always
- mem_limit: 500m
- memswap_limit: 500m
- security_opt:
- - no-new-privileges:true
- prowlarr:
- profiles: [server1]
- image: linuxserver/prowlarr
- container_name: prowlarr
- ports:
- - 9696:9696
- environment:
- - PUID=1000
- - PGID=100
- - TZ=Europe/Amsterdam
- volumes:
- - /volume1/docker/prowlarr:/config
- restart: always
- mem_limit: 500m
- memswap_limit: 500m
- security_opt:
- - no-new-privileges:true
- radarr:
- profiles: [server1]
- image: linuxserver/radarr
- container_name: radarr
- ports:
- - 7878:7878
- environment:
- - PUID=1000
- - PGID=100
- - TZ=Europe/Amsterdam
- volumes:
- - /volume1/docker/radarr:/config
- - /volume1/media:/media
- restart: always
- mem_limit: 750m
- memswap_limit: 750m
- security_opt:
- - no-new-privileges:true
- sonarr:
- profiles: [server1]
- image: linuxserver/sonarr
- container_name: sonarr
- ports:
- - 8989:8989
- environment:
- - PUID=1000
- - PGID=100
- - TZ=Europe/Amsterdam
- volumes:
- - /volume1/docker/sonarr:/config
- - /volume1/media:/media
- restart: always
- mem_limit: 750m
- memswap_limit: 750m
- security_opt:
- - no-new-privileges:true
- bazarr:
- profiles: [server1]
- image: linuxserver/bazarr
- container_name: bazarr
- ports:
- - 6767:6767
- environment:
- - PUID=1000
- - PGID=100
- - TZ=Europe/Amsterdam
- volumes:
- - /volume1/docker/bazarr:/config
- - /volume1/media:/media
- restart: always
- mem_limit: 1500m
- memswap_limit: 1500m
- security_opt:
- - no-new-privileges:true
- recyclarr:
- profiles: [server1]
- image: recyclarr/recyclarr
- container_name: recyclarr
- environment:
- - PUID=1000
- - PGID=100
- - TZ=Europe/Amsterdam
- volumes:
- - /volume1/docker/recyclarr:/config
- restart: always
- mem_limit: 250m
- memswap_limit: 250m
- security_opt:
- - no-new-privileges:true
- adguard:
- image: adguard/adguardhome
- container_name: adguard
- network_mode: host
- environment:
- - TZ=Europe/Amsterdam
- volumes:
- - /volume1/docker/adguard:/opt/adguardhome/conf
- - /opt/adguard/work:/opt/adguardhome/work
- restart: always
- mem_limit: 1000m
- memswap_limit: 1000m
- depends_on:
- - coredns
- security_opt:
- - no-new-privileges:true
- adsync:
- profiles: [server2]
- image: linuxserver/adguardhome-sync
- container_name: adsync
- environment:
- - TZ=Europe/Amsterdam
- - CONFIGFILE=""
- - RUN_ON_START=true
- - ORIGIN_URL=http://server1.lan:3000
- - ORIGIN_USERNAME=${AGH_USER}
- - ORIGIN_PASSWORD=${AGH_PASS}
- - ORIGIN_INSECURE_SKIP_VERIFY=true
- - REPLICA_URL=http://server2.lan:3000
- - REPLICA_USERNAME=${AGH_USER}
- - REPLICA_PASSWORD=${AGH_PASS}
- - REPLICA_INSECURE_SKIP_VERIFY=true
- - REPLICA_AUTO_SETUP=true
- - CRON=*/2 * * * *
- - API_PORT=0
- restart: always
- mem_limit: 100m
- memswap_limit: 100m
- security_opt:
- - no-new-privileges:true
- coredns:
- image: ghcr.io/dougbw/coredns_omada@sha256:a5d022ec3105016d41f46c849deb10538596cfa2400f86a986b57100240de09b
- container_name: coredns
- ports:
- - 127.0.0.1:5053:53/udp
- environment:
- - TZ=Europe/Amsterdam
- - OMADA_URL=https://server2.lan:8043
- - OMADA_SITE=Default
- - OMADA_USERNAME=${OMADA_USERNAME}
- - OMADA_PASSWORD=${OMADA_PASSWORD}
- - OMADA_DISABLE_HTTPS_VERIFICATION=true
- volumes:
- - /volume1/docker/coredns/Corefile:/Corefile
- restart: always
- mem_limit: 100m
- memswap_limit: 100m
- security_opt:
- - no-new-privileges:true
- relay:
- profiles: [server2]
- image: scyto/multicast-relay@sha256:585e23b1ae749f5fc02faf7a7fdf7b986782d7bf898e91304577f6de536b5c1c
- container_name: relay
- networks:
- iot:
- ipv4_address: 10.10.56.200
- default:
- environment:
- - OPTS=--relay 255.255.255.255:6666 255.255.255.255:6667 --noMDNS
- - INTERFACES=eth0 eth1
- restart: always
- mem_limit: 100m
- memswap_limit: 100m
- security_opt:
- - no-new-privileges:true
- go2rtc:
- profiles: [server2]
- image: alexxit/go2rtc@sha256:b1b4e3e37a661ea2af1b603449277b286f28ee9583bc8623d654e9f5e8380ab3
- container_name: go2rtc
- network_mode: host
- environment:
- - TZ=Europe/Amsterdam
- volumes:
- - /volume1/docker/go2rtc:/config
- restart: always
- mem_limit: 250m
- memswap_limit: 250m
- security_opt:
- - no-new-privileges:true
- #glances:
- # image: nicolargo/glances@sha256:b1120cf26dc2a6f0553c1bf2079f0168316f2465affea8432b7a78e956ed4d55
- # container_name: glances
- # network_mode: host
- # privileged: true
- # environment:
- # - TZ=Europe/Amsterdam
- # - GLANCES_OPT=-w --disable-plugin=ports,wifi
- # pid: host
- # volumes:
- # - /var/run/docker.sock:/var/run/docker.sock:ro
- # restart: always
- # mem_limit: 100m
- # memswap_limit: 100m
- # security_opt:
- # - no-new-privileges:true
- #librespeed:
- # #profiles: [server2]
- # image: linuxserver/librespeed
- # container_name: librespeed
- # environment:
- # - PUID=1000
- # - PGID=100
- # - TZ=Europe/Amsterdam
- # ports:
- # - 8089:80
- # restart: unless-stopped
- # security_opt:
- # - no-new-privileges:true
- networks:
- default:
- driver: bridge
- ipam:
- driver: default
- config:
- - subnet: 172.20.0.0/16
- iot:
- driver: macvlan
- driver_opts:
- parent: bond0.56
- ipam:
- driver: default
- config:
- - subnet: 10.10.56.0/24
Add Comment
Please, Sign In to add comment