211 lines
6.0 KiB
Django/Jinja
211 lines
6.0 KiB
Django/Jinja
version: "3.5"
|
|
|
|
# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md
|
|
|
|
networks:
|
|
network_pihole:
|
|
ipam:
|
|
driver: default
|
|
config:
|
|
- subnet: 172.16.3.0/24
|
|
|
|
services:
|
|
nginx-proxy:
|
|
image: nginxproxy/nginx-proxy
|
|
ports:
|
|
- '80:80'
|
|
environment:
|
|
DEFAULT_HOST: {{ pihole_hostname }}.{{ pihole_domain }}
|
|
volumes:
|
|
- '/var/run/docker.sock:/tmp/docker.sock'
|
|
restart: always
|
|
networks:
|
|
network_pihole:
|
|
ipv4_address: 172.16.3.6
|
|
|
|
|
|
pihole:
|
|
image: pihole/pihole:latest
|
|
ports:
|
|
- '53:53/tcp'
|
|
- '53:53/udp'
|
|
- "67:67/udp"
|
|
- '8053:80/tcp'
|
|
networks:
|
|
network_pihole:
|
|
ipv4_address: 172.16.3.2
|
|
volumes:
|
|
- './etc-pihole:/etc/pihole'
|
|
- './etc-dnsmasq.d:/etc/dnsmasq.d'
|
|
# run `touch ./var-log/pihole.log` first unless you like errors
|
|
# - './var-log/pihole.log:/var/log/pihole/pihole.log'
|
|
# Recommended but not required (DHCP needs NET_ADMIN)
|
|
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
|
|
cap_add:
|
|
- NET_ADMIN
|
|
expose:
|
|
- 80
|
|
environment:
|
|
ServerIP: 10.11.1.10
|
|
PIHOLE_DNS_: unbound#53;{{ pihole_additional_upstream_dnsservers }}
|
|
PROXY_LOCATION: {{ pihole_hostname }}
|
|
VIRTUAL_HOST: {{ pihole_hostname}}.{{ pihole_domain }}
|
|
VIRTUAL_PORT: 80
|
|
WEBPASSWORD: {{ pihole_password }}
|
|
FTLCONF_LOCAL_IPV4: {{ pi_ip }}
|
|
DNSMASQ_LISTENING: all
|
|
|
|
extra_hosts:
|
|
# Resolve to nothing domains (terminate connection)
|
|
- 'nw2master.bioware.com nwn2.master.gamespy.com:0.0.0.0'
|
|
# LAN hostnames for other docker containers using nginx-proxy
|
|
- 'yourDomain.lan:192.168.41.55'
|
|
- '{{ pihole_hostname }} {{ pihole_hostname }}.{{ pihole_domain }}:{{ pi_ip }}'
|
|
- 'citadel.tedupnorth.com:10.10.10.10'
|
|
- 'postgres postgres.injust.us:10.11.1.14'
|
|
- 'proxmox proxmox.injust.us:10.11.1.5'
|
|
- 'omv omv.injust.us:10.11.1.12'
|
|
- 'docker-int docker-int.injust.us:10.11.1.13'
|
|
- 'docker-ext docker-ext.injust.us:10.11.1.15'
|
|
- 'linkwarden linkwarden.injust.us:10.11.1.15'
|
|
- 'linkwarden.coxgrunow.ca:10.11.1.15'
|
|
- 'wiki.mycomputer.party:10.11.1.15'
|
|
- 'wiki.coxgrunow.ca:10.11.1.15'
|
|
- 'paperless.injust.us:10.11.1.13'
|
|
- 'wiki.injust.us:10.11.1.13'
|
|
- 'testweb.injust.us:10.11.1.13'
|
|
- 'stalwart.mycomputer.party:10.11.1.15'
|
|
- 'linkace.mycomputer.party:10.11.1.15'
|
|
- 'linkding.mycomputer.party:10.11.1.15'
|
|
- 'wallabag.mycomputer.party:10.11.1.15'
|
|
- 'test.mycomputer.party:10.11.1.15'
|
|
- 'matrix matrix.mycomputer.party:10.11.1.16'
|
|
- 'wiki wiki.injust.us:10.11.1.13'
|
|
- 'git git.mycomputer.party:10.11.1.17'
|
|
- 'gitea gitea.injust.us:10.11.1.18'
|
|
- 'gitea.mycomputer.party:10.11.1.15'
|
|
|
|
|
|
restart: always
|
|
|
|
unbound:
|
|
image: klutchell/unbound
|
|
volumes:
|
|
- ./unbound:/etc/unbound/unbound.conf.d
|
|
ports:
|
|
- '5335:53/tcp'
|
|
- '5335:53/udp'
|
|
restart: always
|
|
networks:
|
|
network_pihole:
|
|
ipv4_address: 172.16.3.3
|
|
|
|
porkbunddns:
|
|
image: pavlinchen/porkbun-ddns
|
|
container_name: porkbun-ddns
|
|
restart: always
|
|
pull_policy: always
|
|
environment:
|
|
APIKey: {{ porkbun_api_key }}
|
|
SecretAPIKey: {{ porkbun_secret_api_key }}
|
|
Domain: {{ porkbun_domain }}
|
|
Schedule: "{{ porkbun_cron_sched }}"
|
|
TZ: {{ porkbun_tz }}
|
|
networks:
|
|
network_pihole:
|
|
ipv4_address: 172.16.3.4
|
|
|
|
porkbunddns2:
|
|
image: pavlinchen/porkbun-ddns
|
|
container_name: porkbun-ddns2
|
|
restart: always
|
|
pull_policy: always
|
|
environment:
|
|
APIKey: {{ porkbun_api_key }}
|
|
SecretAPIKey: {{ porkbun_secret_api_key }}
|
|
Domain: {{ porkbun_domain2 }}
|
|
Schedule: "{{ porkbun_cron_sched }}"
|
|
TZ: {{ porkbun_tz }}
|
|
networks:
|
|
network_pihole:
|
|
ipv4_address: 172.16.3.7
|
|
|
|
ddclient:
|
|
image: lscr.io/linuxserver/ddclient:latest
|
|
container_name: ddclient
|
|
environment:
|
|
- PUID=1000
|
|
- PGID=1000
|
|
- TZ=Etc/UTC
|
|
volumes:
|
|
- ./ddclient/:/config
|
|
restart: unless-stopped
|
|
|
|
wireguard:
|
|
depends_on:
|
|
- pihole
|
|
networks:
|
|
network_pihole:
|
|
ipv4_address: 172.16.3.5
|
|
image: lscr.io/linuxserver/wireguard:latest
|
|
container_name: wireguard
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- SYS_MODULE
|
|
environment:
|
|
- PUID=0
|
|
- PGID=0
|
|
- TZ=Canada/Eastern
|
|
- SERVERURL=vpn.coxgrunow.ca
|
|
- SERVERPORT=51820
|
|
- PEERS=phone,tedupnorth #oAdded Docker tags to Ansible playbookptional
|
|
- PEERDNS=172.16.3.2 #optional
|
|
- INTERNAL_SUBNET=10.11.4.0 #optional
|
|
- ALLOWEDIPS=10.11.1.0/24,172.16.3.2 #optional
|
|
- SERVER_ALLOWEDIPS_PEER_tedupnorth=10.10.0.0/16
|
|
- PERSISTENTKEEPALIVE_PEERS=all #optional - for dynamic DNS
|
|
- LOG_CONFS=true #optional
|
|
volumes:
|
|
- ./wireguard/config:/config
|
|
- /lib/modules:/lib/modules #optional
|
|
ports:
|
|
- 51820:51820/udp
|
|
sysctls:
|
|
- net.ipv4.conf.all.src_valid_mark=1
|
|
restart: unless-stopped
|
|
|
|
# Another container you might want to have running through the proxy
|
|
# Note it also have ENV Vars like pihole and a host under pihole's extra_hosts
|
|
# ghost:
|
|
# image: fractalf/ghost
|
|
# ports:
|
|
# - '2368:2368/tcp'
|
|
# volumes:
|
|
# - '/etc/ghost:/ghost-override'
|
|
# environment:
|
|
# PROXY_LOCATION: ghost
|
|
# VIRTUAL_HOST: ghost.yourDomain.lan
|
|
# VIRTUAL_PORT: 2368
|
|
# restart: always
|
|
|
|
# homeassistant:
|
|
# container_name: homeassistant
|
|
# image: "ghcr.io/home-assistant/home-assistant:stable"
|
|
# volumes:
|
|
# - ./homeassistant/config:/config
|
|
# - /etc/localtime:/etc/localtime:ro
|
|
# restart: unless-stopped
|
|
# privileged: true
|
|
# network_mode: host
|
|
# #environment:
|
|
# # - VIRTUAL_HOST=homeassistant.coxgrunow.ca
|
|
# # - VIRTUAL_PORT=8123
|
|
yacy:
|
|
container_name: yacy
|
|
image: "docker.io/yacy/yacy_search_server:aarch64-latest"
|
|
volumes:
|
|
- ./yacy:/opt/yacy_search_server/DATA
|
|
ports:
|
|
- 8090:8090/tcp
|
|
- 8443:8443/tcp
|