API tools faq
paste
Guest User

docker-compose.yml

a guest
Feb 29th, 2024
59
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.06 KB | None | 0 0
raw download clone embed print report
  1. version: '2.4'
  2. services:
  3.  
  4. ################################################################################ EXPOSED
  5.  
  6. traefik:
  7. profiles: [server2]
  8. image: traefik
  9. container_name: traefik
  10. network_mode: host
  11. environment:
  12. - TZ=Europe/Amsterdam
  13. - CLOUDFLARE_DNS_API_TOKEN=${TRAEFIK_CLOUDFLARE_DNS_API_TOKEN}
  14. - LEGO_DISABLE_CNAME_SUPPORT=true
  15. - TRAEFIK_DOMAIN=${TRAEFIK_DOMAIN}
  16. command:
  17. - --log.level=DEBUG
  18. - --api.dashboard=true
  19. - --api.insecure=true
  20. - --providers.docker=true
  21. - --providers.docker.exposedByDefault=false
  22. - --providers.file.directory=/etc/traefik
  23. - --providers.file.watch=true
  24. - --entrypoints.websecure.address=:443
  25. - --entrypoints.websecure.http.tls.domains[0].main=*.${TRAEFIK_DOMAIN}
  26. - --entrypoints.websecure.http.tls.certresolver=cloudflare
  27. - --certificatesresolvers.cloudflare.acme.dnschallenge=true
  28. - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare
  29. - --certificatesResolvers.cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
  30. - --certificatesResolvers.cloudflare.acme.dnsChallenge.delayBeforeCheck=5
  31. - --certificatesresolvers.cloudflare.acme.email=xxxxxxx@${TRAEFIK_DOMAIN}
  32. - --certificatesresolvers.cloudflare.acme.storage=/etc/traefik/acme.json
  33. - --serverstransport.insecureskipverify=true
  34. volumes:
  35. - /var/run/docker.sock:/var/run/docker.sock:ro
  36. - /volume1/docker/traefik:/etc/traefik
  37. restart: always
  38. mem_limit: 250m
  39. memswap_limit: 250m
  40. security_opt:
  41. - no-new-privileges:true
  42.  
  43. oc:
  44. profiles: [server2]
  45. image: mbentley/omada-controller
  46. container_name: oc
  47. ulimits:
  48. nofile:
  49. soft: 4096
  50. hard: 8192
  51. stop_grace_period: 60s
  52. network_mode: host
  53. environment:
  54. - PUID=508
  55. - PGID=508
  56. - TZ=Europe/Amsterdam
  57. labels:
  58. - traefik.enable=true
  59. - traefik.http.services.oc.loadbalancer.server.scheme=https
  60. - traefik.http.services.oc.loadbalancer.server.port=8043
  61. - traefik.http.routers.oc.rule=Host(`oc.${TRAEFIK_DOMAIN}`)
  62. - traefik.http.routers.oc.entrypoints=websecure
  63. - traefik.http.routers.oc.middlewares=internal@file
  64. volumes:
  65. - /root/oc/data:/opt/tplink/EAPController/data
  66. - /root/oc/logs:/opt/tplink/EAPController/logs
  67. restart: always
  68. healthcheck:
  69. disable: true
  70. mem_limit: 2000m
  71. memswap_limit: 2000m
  72. security_opt:
  73. - no-new-privileges:true
  74.  
  75. homepage:
  76. profiles: [server2]
  77. image: ghcr.io/gethomepage/homepage@sha256:b230141fcb3b824c58b972f519f023238b12c8050db84098f0a2ca8470fdec9c
  78. container_name: homepage
  79. environment:
  80. - TZ=Europe/Amsterdam
  81. - HOMEPAGE_VAR_COMMON_PW=${AGH_PASS}
  82. - HOMEPAGE_VAR_HASS_PW=${HOMEPAGE_VAR_HASS_PW}
  83. - HOMEPAGE_VAR_OC_PW=${OMADA_PASSWORD}
  84. - HOMEPAGE_VAR_BAZARR_TOKEN=${HOMEPAGE_VAR_BAZARR_TOKEN}
  85. - HOMEPAGE_VAR_SONARR_TOKEN=${HOMEPAGE_VAR_SONARR_TOKEN}
  86. - HOMEPAGE_VAR_RADARR_TOKEN=${HOMEPAGE_VAR_RADARR_TOKEN}
  87. - HOMEPAGE_VAR_PROWLARR_TOKEN=${HOMEPAGE_VAR_PROWLARR_TOKEN}
  88. - HOMEPAGE_VAR_PLEX_TOKEN=${HOMEPAGE_VAR_PLEX_TOKEN}
  89. - HOMEPAGE_VAR_OVERSEERR_TOKEN=${HOMEPAGE_VAR_OVERSEERR_TOKEN}
  90. - HOMEPAGE_VAR_DSM_PW=${HOMEPAGE_VAR_DSM_PW}
  91. - HOMEPAGE_VAR_DOMAIN=${TRAEFIK_DOMAIN}
  92. labels:
  93. - traefik.enable=true
  94. - traefik.http.services.homepage.loadbalancer.server.port=3000
  95. - traefik.http.routers.homepage.rule=Host(`homepage.${TRAEFIK_DOMAIN}`)
  96. - traefik.http.routers.homepage.priority=99
  97. - traefik.http.routers.homepage.entrypoints=websecure
  98. - traefik.http.routers.homepage.middlewares=external@file,auth@file
  99. - traefik.http.routers.homepagelan.rule=Host(`homepage.${TRAEFIK_DOMAIN}`) && ClientIP(`10.10.10.0/24`, `10.10.11.1/30`)
  100. - traefik.http.routers.homepagelan.priority=100
  101. - traefik.http.routers.homepagelan.entrypoints=websecure
  102. - traefik.http.routers.homepagelan.middlewares=internal@file
  103. volumes:
  104. - /volume1/docker/homepage:/app/config
  105. - /volume1/docker/homepage/images:/app/public/images
  106. restart: always
  107. healthcheck:
  108. disable: true
  109. mem_limit: 250m
  110. memswap_limit: 250m
  111. security_opt:
  112. - no-new-privileges:true
  113.  
  114. hass:
  115. profiles: [server2]
  116. image: linuxserver/homeassistant
  117. container_name: hass
  118. network_mode: host
  119. environment:
  120. - TZ=Europe/Amsterdam
  121. labels:
  122. - traefik.enable=true
  123. - traefik.http.services.hass.loadbalancer.server.port=8123
  124. - traefik.http.routers.hass.rule=Host(`hass.${TRAEFIK_DOMAIN}`)
  125. - traefik.http.routers.hass.entrypoints=websecure
  126. - traefik.http.routers.hass.middlewares=external@file
  127. volumes:
  128. - /root/hass:/config
  129. - /run/dbus:/run/dbus:ro
  130. devices:
  131. - /dev/ttyACM0:/dev/ttyACM0
  132. restart: always
  133. mem_limit: 2000m
  134. memswap_limit: 2000m
  135. security_opt:
  136. - no-new-privileges:true
  137.  
  138. plex:
  139. profiles: [server2]
  140. image: linuxserver/plex
  141. container_name: plex
  142. ports:
  143. - 32400:32400/tcp
  144. environment:
  145. - PUID=1000
  146. - PGID=100
  147. - TZ=Europe/Amsterdam
  148. - VERSION=docker
  149. labels:
  150. - traefik.enable=true
  151. - traefik.http.services.plex.loadbalancer.server.port=32400
  152. - traefik.http.routers.plex.rule=Host(`plex.${TRAEFIK_DOMAIN}`)
  153. - traefik.http.routers.plex.entrypoints=websecure
  154. - traefik.http.routers.plex.middlewares=external@file
  155. volumes:
  156. - /root/plex:/config
  157. - /volume1/media:/media:ro
  158. devices:
  159. - /dev/dri:/dev/dri
  160. restart: always
  161. mem_limit: 3000m
  162. memswap_limit: 3000m
  163. security_opt:
  164. - no-new-privileges:true
  165.  
  166. overseerr:
  167. profiles: [server2]
  168. image: linuxserver/overseerr
  169. container_name: overseerr
  170. ports:
  171. - 5055:5055
  172. environment:
  173. - PUID=1000
  174. - PGID=100
  175. - TZ=Europe/Amsterdam
  176. labels:
  177. - traefik.enable=true
  178. - traefik.http.services.overseerr.loadbalancer.server.port=5055
  179. - traefik.http.routers.overseerr.rule=Host(`overseerr.${TRAEFIK_DOMAIN}`)
  180. - traefik.http.routers.overseerr.entrypoints=websecure
  181. - traefik.http.routers.overseerr.middlewares=external@file
  182. volumes:
  183. - /volume1/docker/overseerr:/config
  184. restart: always
  185. mem_limit: 500m
  186. memswap_limit: 500m
  187. security_opt:
  188. - no-new-privileges:true
  189.  
  190. ################################################################################
  191.  
  192. gluetun:
  193. profiles: [server1]
  194. image: qmcgaw/gluetun
  195. container_name: gluetun
  196. ports:
  197. - 8888:8888/tcp # HTTPPROXY
  198. - 8080:8080
  199. sysctls:
  200. - net.ipv6.conf.all.disable_ipv6=0
  201. cap_add:
  202. - NET_ADMIN
  203. environment:
  204. - TZ=Europe/Amsterdam
  205. - DOT=off
  206. - HTTPPROXY=on
  207. - HTTPPROXY_STEALTH=on
  208. - VPN_TYPE=wireguard
  209. - VPN_SERVICE_PROVIDER=airvpn
  210. - DNS_ADDRESS=${AIRVPN_WG_DNS}
  211. - SERVER_NAMES=${AIRVPN_SERVER_NAMES}
  212. - SERVER_COUNTRIES=${AIRVPN_COUNTRIES}
  213. - FIREWALL_VPN_INPUT_PORTS=${AIRVPN_WG_PEER_PORT}
  214. - WIREGUARD_ADDRESSES=${AIRVPN_WG_ADDRESSES}
  215. - WIREGUARD_PRIVATE_KEY=${AIRVPN_WG_PRIVATE_KEY}
  216. - WIREGUARD_PRESHARED_KEY=${AIRVPN_WG_PRESHARED_KEY}
  217. volumes:
  218. - /volume1/docker/gluetun:/gluetun
  219. devices:
  220. - /dev/net/tun:/dev/net/tun
  221. restart: always
  222. healthcheck:
  223. disable: true
  224. mem_limit: 250m
  225. memswap_limit: 250m
  226. security_opt:
  227. - no-new-privileges:true
  228.  
  229. qbit:
  230. profiles: [server1]
  231. image: linuxserver/qbittorrent
  232. container_name: qbit
  233. network_mode: service:gluetun
  234. environment:
  235. - PUID=1000
  236. - PGID=100
  237. - TZ=Europe/Amsterdam
  238. - WEBUI_PORT=8080
  239. volumes:
  240. - /volume1/docker/qbittorrent:/config
  241. - /volume1/media:/media
  242. restart: always
  243. depends_on:
  244. - gluetun
  245. mem_limit: 1000m
  246. memswap_limit: 1000m
  247. security_opt:
  248. - no-new-privileges:true
  249.  
  250. unpackerr:
  251. profiles: [server1]
  252. image: golift/unpackerr
  253. container_name: unpackerr
  254. environment:
  255. - TZ=Europe/Amsterdam
  256. user: 1000:100
  257. volumes:
  258. - /volume1/docker/unpackerr:/config
  259. - /volume1/media:/media
  260. restart: always
  261. mem_limit: 500m
  262. memswap_limit: 500m
  263. security_opt:
  264. - no-new-privileges:true
  265.  
  266. prowlarr:
  267. profiles: [server1]
  268. image: linuxserver/prowlarr
  269. container_name: prowlarr
  270. ports:
  271. - 9696:9696
  272. environment:
  273. - PUID=1000
  274. - PGID=100
  275. - TZ=Europe/Amsterdam
  276. volumes:
  277. - /volume1/docker/prowlarr:/config
  278. restart: always
  279. mem_limit: 500m
  280. memswap_limit: 500m
  281. security_opt:
  282. - no-new-privileges:true
  283.  
  284. radarr:
  285. profiles: [server1]
  286. image: linuxserver/radarr
  287. container_name: radarr
  288. ports:
  289. - 7878:7878
  290. environment:
  291. - PUID=1000
  292. - PGID=100
  293. - TZ=Europe/Amsterdam
  294. volumes:
  295. - /volume1/docker/radarr:/config
  296. - /volume1/media:/media
  297. restart: always
  298. mem_limit: 750m
  299. memswap_limit: 750m
  300. security_opt:
  301. - no-new-privileges:true
  302.  
  303. sonarr:
  304. profiles: [server1]
  305. image: linuxserver/sonarr
  306. container_name: sonarr
  307. ports:
  308. - 8989:8989
  309. environment:
  310. - PUID=1000
  311. - PGID=100
  312. - TZ=Europe/Amsterdam
  313. volumes:
  314. - /volume1/docker/sonarr:/config
  315. - /volume1/media:/media
  316. restart: always
  317. mem_limit: 750m
  318. memswap_limit: 750m
  319. security_opt:
  320. - no-new-privileges:true
  321.  
  322. bazarr:
  323. profiles: [server1]
  324. image: linuxserver/bazarr
  325. container_name: bazarr
  326. ports:
  327. - 6767:6767
  328. environment:
  329. - PUID=1000
  330. - PGID=100
  331. - TZ=Europe/Amsterdam
  332. volumes:
  333. - /volume1/docker/bazarr:/config
  334. - /volume1/media:/media
  335. restart: always
  336. mem_limit: 1500m
  337. memswap_limit: 1500m
  338. security_opt:
  339. - no-new-privileges:true
  340.  
  341. recyclarr:
  342. profiles: [server1]
  343. image: recyclarr/recyclarr
  344. container_name: recyclarr
  345. environment:
  346. - PUID=1000
  347. - PGID=100
  348. - TZ=Europe/Amsterdam
  349. volumes:
  350. - /volume1/docker/recyclarr:/config
  351. restart: always
  352. mem_limit: 250m
  353. memswap_limit: 250m
  354. security_opt:
  355. - no-new-privileges:true
  356.  
  357. adguard:
  358. image: adguard/adguardhome
  359. container_name: adguard
  360. network_mode: host
  361. environment:
  362. - TZ=Europe/Amsterdam
  363. volumes:
  364. - /volume1/docker/adguard:/opt/adguardhome/conf
  365. - /opt/adguard/work:/opt/adguardhome/work
  366. restart: always
  367. mem_limit: 1000m
  368. memswap_limit: 1000m
  369. depends_on:
  370. - coredns
  371. security_opt:
  372. - no-new-privileges:true
  373.  
  374. adsync:
  375. profiles: [server2]
  376. image: linuxserver/adguardhome-sync
  377. container_name: adsync
  378. environment:
  379. - TZ=Europe/Amsterdam
  380. - CONFIGFILE=""
  381. - RUN_ON_START=true
  382. - ORIGIN_URL=http://server1.lan:3000
  383. - ORIGIN_USERNAME=${AGH_USER}
  384. - ORIGIN_PASSWORD=${AGH_PASS}
  385. - ORIGIN_INSECURE_SKIP_VERIFY=true
  386. - REPLICA_URL=http://server2.lan:3000
  387. - REPLICA_USERNAME=${AGH_USER}
  388. - REPLICA_PASSWORD=${AGH_PASS}
  389. - REPLICA_INSECURE_SKIP_VERIFY=true
  390. - REPLICA_AUTO_SETUP=true
  391. - CRON=*/2 * * * *
  392. - API_PORT=0
  393. restart: always
  394. mem_limit: 100m
  395. memswap_limit: 100m
  396. security_opt:
  397. - no-new-privileges:true
  398.  
  399. coredns:
  400. image: ghcr.io/dougbw/coredns_omada@sha256:a5d022ec3105016d41f46c849deb10538596cfa2400f86a986b57100240de09b
  401. container_name: coredns
  402. ports:
  403. - 127.0.0.1:5053:53/udp
  404. environment:
  405. - TZ=Europe/Amsterdam
  406. - OMADA_URL=https://server2.lan:8043
  407. - OMADA_SITE=Default
  408. - OMADA_USERNAME=${OMADA_USERNAME}
  409. - OMADA_PASSWORD=${OMADA_PASSWORD}
  410. - OMADA_DISABLE_HTTPS_VERIFICATION=true
  411. volumes:
  412. - /volume1/docker/coredns/Corefile:/Corefile
  413. restart: always
  414. mem_limit: 100m
  415. memswap_limit: 100m
  416. security_opt:
  417. - no-new-privileges:true
  418.  
  419. relay:
  420. profiles: [server2]
  421. image: scyto/multicast-relay@sha256:585e23b1ae749f5fc02faf7a7fdf7b986782d7bf898e91304577f6de536b5c1c
  422. container_name: relay
  423. networks:
  424. iot:
  425. ipv4_address: 10.10.56.200
  426. default:
  427. environment:
  428. - OPTS=--relay 255.255.255.255:6666 255.255.255.255:6667 --noMDNS
  429. - INTERFACES=eth0 eth1
  430. restart: always
  431. mem_limit: 100m
  432. memswap_limit: 100m
  433. security_opt:
  434. - no-new-privileges:true
  435.  
  436. go2rtc:
  437. profiles: [server2]
  438. image: alexxit/go2rtc@sha256:b1b4e3e37a661ea2af1b603449277b286f28ee9583bc8623d654e9f5e8380ab3
  439. container_name: go2rtc
  440. network_mode: host
  441. environment:
  442. - TZ=Europe/Amsterdam
  443. volumes:
  444. - /volume1/docker/go2rtc:/config
  445. restart: always
  446. mem_limit: 250m
  447. memswap_limit: 250m
  448. security_opt:
  449. - no-new-privileges:true
  450.  
  451. #glances:
  452. # image: nicolargo/glances@sha256:b1120cf26dc2a6f0553c1bf2079f0168316f2465affea8432b7a78e956ed4d55
  453. # container_name: glances
  454. # network_mode: host
  455. # privileged: true
  456. # environment:
  457. # - TZ=Europe/Amsterdam
  458. # - GLANCES_OPT=-w --disable-plugin=ports,wifi
  459. # pid: host
  460. # volumes:
  461. # - /var/run/docker.sock:/var/run/docker.sock:ro
  462. # restart: always
  463. # mem_limit: 100m
  464. # memswap_limit: 100m
  465. # security_opt:
  466. # - no-new-privileges:true
  467.  
  468. #librespeed:
  469. # #profiles: [server2]
  470. # image: linuxserver/librespeed
  471. # container_name: librespeed
  472. # environment:
  473. # - PUID=1000
  474. # - PGID=100
  475. # - TZ=Europe/Amsterdam
  476. # ports:
  477. # - 8089:80
  478. # restart: unless-stopped
  479. # security_opt:
  480. # - no-new-privileges:true
  481.  
  482. networks:
  483. default:
  484. driver: bridge
  485. ipam:
  486. driver: default
  487. config:
  488. - subnet: 172.20.0.0/16
  489.  
  490. iot:
  491. driver: macvlan
  492. driver_opts:
  493. parent: bond0.56
  494. ipam:
  495. driver: default
  496. config:
  497. - subnet: 10.10.56.0/24
  498.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!