diff --git a/ansible/assets/docker-compose.yml b/ansible/assets/docker-compose.yml new file mode 100644 index 0000000..3c0afea --- /dev/null +++ b/ansible/assets/docker-compose.yml @@ -0,0 +1,207 @@ +version: "3.5" + +# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md + +networks: + network_pihole: + ipam: + driver: default + config: + - subnet: 172.16.3.0/24 + +services: + nginx-proxy: + image: nginxproxy/nginx-proxy + ports: + - '80:80' + environment: + DEFAULT_HOST: {{ pihole_hostname }}.{{ pihole_domain }} + volumes: + - '/var/run/docker.sock:/tmp/docker.sock' + restart: always + networks: + network_pihole: + ipv4_address: 172.16.3.6 + + + pihole: + image: pihole/pihole:latest + ports: + - '53:53/tcp' + - '53:53/udp' + - "67:67/udp" + - '8053:80/tcp' + networks: + network_pihole: + ipv4_address: 172.16.3.2 + volumes: + - './etc-pihole:/etc/pihole' + - './etc-dnsmasq.d:/etc/dnsmasq.d' + # run `touch ./var-log/pihole.log` first unless you like errors + # - './var-log/pihole.log:/var/log/pihole/pihole.log' + # Recommended but not required (DHCP needs NET_ADMIN) + # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities + cap_add: + - NET_ADMIN + expose: + - 80 + environment: + ServerIP: 10.11.1.10 + PIHOLE_DNS_: unbound#53;{{ pihole_additional_upstream_dnsservers }} + PROXY_LOCATION: {{ pihole_hostname }} + VIRTUAL_HOST: {{ pihole_hostname}}.{{ pihole_domain }} + VIRTUAL_PORT: 80 + WEBPASSWORD: {{ pihole_password }} + FTLCONF_LOCAL_IPV4: {{ pi_ip }} + DNSMASQ_LISTENING: all + + extra_hosts: + # Resolve to nothing domains (terminate connection) + - 'nw2master.bioware.com nwn2.master.gamespy.com:0.0.0.0' + # LAN hostnames for other docker containers using nginx-proxy + - 'yourDomain.lan:192.168.41.55' + - '{{ pihole_hostname }} {{ pihole_hostname }}.{{ pihole_domain }}:{{ pi_ip }}' + - 'citadel.tedupnorth.com:10.10.10.10' + - 'postgres postgres.injust.us:10.11.1.14' + - 'proxmox proxmox.injust.us:10.11.1.5' + - 'omv omv.injust.us:10.11.1.12' + - 'docker-int docker-int.injust.us:10.11.1.13' + - 'docker-ext docker-ext.injust.us:10.11.1.15' + - 'linkwarden linkwarden.injust.us:10.11.1.15' + - 'linkwarden.coxgrunow.ca:10.11.1.15' + - 'wiki.mycomputer.party:10.11.1.15' + - 'wiki.coxgrunow.ca:10.11.1.15' + - 'paperless.injust.us:10.11.1.13' + - 'wiki.injust.us:10.11.1.13' + - 'testweb.injust.us:10.11.1.13' + - 'stalwart.mycomputer.party:10.11.1.15' + - 'linkace.mycomputer.party:10.11.1.15' + - 'linkding.mycomputer.party:10.11.1.15' + - 'wallabag.mycomputer.party:10.11.1.15' + - 'test.mycomputer.party:10.11.1.15' + - 'matrix matrix.mycomputer.party:10.11.1.16' + - 'wiki wiki.injust.us:10.11.1.13' + + + restart: always + + unbound: + image: klutchell/unbound + volumes: + - ./unbound:/etc/unbound/unbound.conf.d + ports: + - '5335:53/tcp' + - '5335:53/udp' + restart: always + networks: + network_pihole: + ipv4_address: 172.16.3.3 + + porkbunddns: + image: pavlinchen/porkbun-ddns + container_name: porkbun-ddns + restart: always + pull_policy: always + environment: + APIKey: {{ porkbun_api_key }} + SecretAPIKey: {{ porkbun_secret_api_key }} + Domain: {{ porkbun_domain }} + Schedule: "{{ porkbun_cron_sched }}" + TZ: {{ porkbun_tz }} + networks: + network_pihole: + ipv4_address: 172.16.3.4 + + porkbunddns2: + image: pavlinchen/porkbun-ddns + container_name: porkbun-ddns2 + restart: always + pull_policy: always + environment: + APIKey: {{ porkbun_api_key }} + SecretAPIKey: {{ porkbun_secret_api_key }} + Domain: {{ porkbun_domain2 }} + Schedule: "{{ porkbun_cron_sched }}" + TZ: {{ porkbun_tz }} + networks: + network_pihole: + ipv4_address: 172.16.3.7 + + ddclient: + image: lscr.io/linuxserver/ddclient:latest + container_name: ddclient + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + volumes: + - ./ddclient/:/config + restart: unless-stopped + + wireguard: + depends_on: + - pihole + networks: + network_pihole: + ipv4_address: 172.16.3.5 + image: lscr.io/linuxserver/wireguard:latest + container_name: wireguard + cap_add: + - NET_ADMIN + - SYS_MODULE + environment: + - PUID=0 + - PGID=0 + - TZ=Canada/Eastern + - SERVERURL=vpn.coxgrunow.ca + - SERVERPORT=51820 + - PEERS=phone,tedupnorth #oAdded Docker tags to Ansible playbookptional + - PEERDNS=172.16.3.2 #optional + - INTERNAL_SUBNET=10.11.4.0 #optional + - ALLOWEDIPS=10.11.1.0/24,172.16.3.2 #optional + - SERVER_ALLOWEDIPS_PEER_tedupnorth=10.10.0.0/16 + - PERSISTENTKEEPALIVE_PEERS=all #optional - for dynamic DNS + - LOG_CONFS=true #optional + volumes: + - ./wireguard/config:/config + - /lib/modules:/lib/modules #optional + ports: + - 51820:51820/udp + sysctls: + - net.ipv4.conf.all.src_valid_mark=1 + restart: unless-stopped + +# Another container you might want to have running through the proxy +# Note it also have ENV Vars like pihole and a host under pihole's extra_hosts +# ghost: +# image: fractalf/ghost +# ports: +# - '2368:2368/tcp' +# volumes: +# - '/etc/ghost:/ghost-override' +# environment: +# PROXY_LOCATION: ghost +# VIRTUAL_HOST: ghost.yourDomain.lan +# VIRTUAL_PORT: 2368 +# restart: always + +# homeassistant: +# container_name: homeassistant +# image: "ghcr.io/home-assistant/home-assistant:stable" +# volumes: +# - ./homeassistant/config:/config +# - /etc/localtime:/etc/localtime:ro +# restart: unless-stopped +# privileged: true +# network_mode: host +# #environment: +# # - VIRTUAL_HOST=homeassistant.coxgrunow.ca +# # - VIRTUAL_PORT=8123 + yacy: + container_name: yacy + image: "docker.io/yacy/yacy_search_server:aarch64-latest" + volumes: + - ./yacy:/opt/yacy_search_server/DATA + ports: + - 8090:8090/tcp + - 8443:8443/tcp