cmonroe/selfhost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
selfhost/docker-compose.yml
root 0f08fcb176 docker info
2025-12-06 09:47:55 -08:00

800 lines
24 KiB
YAML
Raw Permalink Blame History

networks:
nextcloud-net:
driver: bridge
enable_ipv6: true # <-- Enable IPv6 for this network
ipam:
driver: default
config:
- subnet: 172.16.0.0/16 # <-- Define your desired IPv4 subnet
- subnet: "fd00:22::/64" # <-- Define your desired IPv6 subnet
#sunshine_net:
# driver: macvlan
# driver_opts:
# parent: enp102s0f3u1u4 # Your physical network card
# ipam:
# config:
# - subnet: 192.168.0.0/24 # Your network's subnet
# gateway: 192.168.0.1 # Your network's gateway
services:
minio:
image: minio/minio:latest
container_name: minio
restart: unless-stopped
environment:
# IMPORTANT: Add these to your .env file
- MINIO_ROOT_USER=${MINIO_ACCESS_KEY}
- MINIO_ROOT_PASSWORD=${MINIO_SECRET_KEY}
volumes:
- /mnt/Nextcloud/minio-data:/data
ports:
# Port for the S3 API endpoint (internal access, no need to publish)
# - "9000:9000"
# Port for the MinIO web console (publish to access from your browser)
- "9001:9001"
command: server /data --console-address ":9001"
networks:
- nextcloud-net
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
minio-init:
image: minio/mc
container_name: minio-init
depends_on:
minio:
condition: service_healthy # Wait for MinIO to be healthy
environment:
# Pass the credentials from your .env file
- MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY}
- MINIO_SECRET_KEY=${MINIO_SECRET_KEY}
entrypoint: /bin/sh
command: /init-minio.sh
volumes:
- ./init-minio.sh:/init-minio.sh # Mount the script
networks:
- nextcloud-net
restart: "no"
authelia:
image: authelia/authelia:latest
container_name: authelia
restart: unless-stopped
volumes:
- ./authelia:/config
networks:
- nextcloud-net
expose:
- 9091
environment:
- TZ=America/Los_Angeles
depends_on:
mail:
condition: service_started
authelia-redis:
condition: service_started
authelia-redis:
image: redis:alpine
container_name: authelia-redis
restart: unless-stopped
volumes:
- /mnt/Nextcloud/authelia-redis:/data
networks:
- nextcloud-net
cloudflare-ddns:
image: docker.io/oznu/cloudflare-ddns:latest
container_name: cloudflare_ddns
restart: unless-stopped
environment:
- API_KEY=${CF_API_KEY}
- ZONE=${CF_ZONE}
- SUBDOMAIN=${CF_SUBDOMAIN}
- PROXIED=${CF_PROXIED}
networks:
- nextcloud-net
db:
image: postgres:16
container_name: nextcloud-db
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
interval: 10s
timeout: 5s
retries: 5
environment:
- TZ=America/Los_Angeles
- POSTGRES_DB=${POSTGRES_DB}
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- DB_STORAGE_TYPE='HDD'
volumes:
- /mnt/Nextcloud/nextcloud_db:/var/lib/postgresql/data
networks:
- nextcloud-net
app:
build: ./nextcloud
container_name: nextcloud-app
restart: unless-stopped
depends_on:
db:
condition: service_healthy
redis:
condition: service_started
collabora:
condition: service_started
minio-init:
condition: service_completed_successfully
environment:
POSTGRES_HOST: db
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
REDIS_HOST: redis
NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER}
NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD}
NEXTCLOUD_TRUSTED_DOMAINS: cloud.poppyglen.cc local.poppyglen.cc
OVERWRITEHOST: cloud.poppyglen.cc
OVERWRITEPROTOCOL: https
OVERWRITECLIURL: https://cloud.poppyglen.cc
OVERWRITECONDADDR: 172.16.0.0\/12
TRUSTED_PROXIES: 172.16.0.0/12
USERS_JSON: ${USERS_JSON}
HOME: /var/www # Set HOME for www-data
GIPHY_API_KEY: ${GIPHY_API_KEY}
WHITEBOARD_JWT: ${WHITEBOARD_JWT}
TURN_SECRET: ${TURN_SECRET}
SIGNALING_SECRET: ${SIGNALING_SECRET}
MAIL_FROM_ADDRESS: admin
MAIL_DOMAIN: ${MAIL_DOMAIN}
MAIL_SMTPAUTH: 1
MAIL_SMTPSECURE: ssl
MAIL_SMTPHOST: ${MAIL_SMTPHOST}
MAIL_SMTPPORT: 465
MAIL_SMTPNAME: ${MAIL_ADMIN_EMAIL}
MAIL_SMTPPASSWORD: ${MAIL_ADMIN_PASSWORD}
MAIL_ADMIN_EMAIL: ${MAIL_ADMIN_EMAIL}
MAIL_ADMIN_PASSWORD: ${MAIL_ADMIN_PASSWORD}
EMAIL_IMAP_HOST: ${MAIL_SMTPHOST}
EMAIL_SMTP_HOST: ${MAIL_SMTPHOST}
MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY}
MINIO_SECRET_KEY: ${MINIO_SECRET_KEY}
volumes:
- /mnt/Nextcloud/Nextcloud:/var/www/html
- ./hooks:/docker-entrypoint-hooks.d
- /mnt/Nextcloud/music:/music
- /mnt/Nextcloud/tvshows:/tvshows
- /mnt/Nextcloud/games:/games
- /mnt/Nextcloud/movies:/movies
- /mnt/Nextcloud/photos:/photos
networks:
- nextcloud-net
cron:
image: nextcloud:latest
container_name: nextcloud-cron
restart: unless-stopped
depends_on:
- app
volumes:
- /mnt/Nextcloud/Nextcloud:/var/www/html
entrypoint: /cron.sh
networks:
- nextcloud-net
#create 32 character password fpr each service
#openssl rand -hex 32
nc-talk:
image: ghcr.io/nextcloud-releases/aio-talk:latest
container_name: nc-talk
init: true
restart: unless-stopped
ports:
- 3478:3478/tcp
- 3478:3478/udp
- 8181:8081/tcp
environment:
- NC_DOMAIN=cloud.poppyglen.cc
- TALK_HOST=signal.poppyglen.cc
- TURN_SECRET=${TURN_SECRET}
- SIGNALING_SECRET=${SIGNALING_SECRET}
- TZ=America/Los_Angeles
- TALK_PORT=3478
- RECORDING_SECRET=${RECORDING_SECRET}
- INTERNAL_SECRET=${INTERNAL_SECRET}
depends_on:
- app
networks:
- nextcloud-net
collabora:
image: collabora/code
container_name: collabora
restart: unless-stopped
networks:
- nextcloud-net
healthcheck:
test: ["CMD-SHELL", "curl -f http://localhost:9980/hosting/capabilities || exit 1"]
interval: 30s
timeout: 10s
retries: 3
environment:
#- PUID=1000
#- PGID=1000
- TZ=America/Los_Angeles
- password=${COLLABORA_PASSWORD}
- username=${COLLABORA_USERNAME}
- server_name=office.poppyglen.cc
- aliasgroup1=https://cloud.poppyglen.cc:443
- aliasgroup2=http://local.poppyglen.cc
- extra_params=--o:ssl.enable=false --o:ssl.termination=true
- DONT_GEN_PASSWD=1
#ports:
# - 9980:9980
#volumes:
# - /mnt/Nextcloud/Nextcloud:/var/www/html:ro
cap_add:
- SYS_ADMIN
redis:
image: docker.io/library/redis:alpine
container_name: nextcloud-redis
restart: unless-stopped
mem_limit: 2048m
mem_reservation: 512m
volumes:
- /mnt/Nextcloud/redis:/data
networks:
- nextcloud-net
#docker compose exec caddy caddy fmt --overwrite /etc/caddy/Caddyfile
caddy:
build: ./caddy
container_name: caddy
restart: unless-stopped
env_file: .env
environment:
- CF_API_KEY=${CF_API_KEY}
ports:
- 80:80
- 443:443
- "443:443/udp"
volumes:
- /mnt/Nextcloud/Nextcloud:/var/www/html:ro
- ./caddy/Caddyfile:/etc/caddy/Caddyfile
#- /mnt/Nextcloud/caddy/data:/data
#- /mnt/Nextcloud/caddy/config:/config
- ./caddy/waf:/etc/caddy/waf
#- /mnt/Nextcloud/caddy/logs:/var/log/caddy
networks:
- nextcloud-net
depends_on:
- caddy-redis
caddy-redis:
image: redis:alpine
container_name: caddy-redis
restart: unless-stopped
volumes:
- /mnt/Nextcloud/caddy_redis:/data
networks:
- nextcloud-net
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
clamav:
image: clamav/clamav:1.3
container_name: clamav
restart: unless-stopped
networks:
- nextcloud-net
volumes:
- /mnt/Nextcloud/clamav_data:/var/lib/clamav
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:8.15.0
container_name: elasticsearch
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "curl -f http://localhost:9200/_cluster/health?wait_for_status=yellow || exit 1"]
interval: 30s
timeout: 10s
retries: 5
environment:
- discovery.type=single-node
- xpack.security.enabled=false # Easiest for internal Docker communication
- "ES_JAVA_OPTS=-Xms512m -Xmx512m" # Recommended to limit memory usage
volumes:
- /mnt/Nextcloud/es_data:/usr/share/elasticsearch/data
networks:
- nextcloud-net
go-vod:
image: radialapps/go-vod
container_name: go-vod
restart: always
init: true
depends_on:
- app
environment:
- NEXTCLOUD_HOST=https://cloud.poppyglen.cc
# - NEXTCLOUD_ALLOW_INSECURE=1 # (self-signed certs or no HTTPS)
- NVIDIA_VISIBLE_DEVICES=all
devices:
- /dev/dri:/dev/dri # VA-API (omit for NVENC)
volumes:
- /mnt/Nextcloud/Nextcloud:/var/www/html:ro
# runtime: nvidia # (NVENC)
networks:
- nextcloud-net
nextcloud-whiteboard-server:
image: ghcr.io/nextcloud-releases/whiteboard:stable
container_name: nextcloud-whiteboard-server
ports:
- 3002:3002
environment:
NEXTCLOUD_URL: https://cloud.poppyglen.cc
JWT_SECRET_KEY: ${WHITEBOARD_JWT}
networks:
- nextcloud-net
cert-exporter:
image: redis:alpine
container_name: cert-exporter
restart: unless-stopped
networks:
- nextcloud-net
volumes:
- ./export-certs.sh:/export-certs.sh:ro
- /mnt/Nextcloud/caddy/data:/export
command: >
sh -c "apk add --no-cache jq coreutils &&
while true; do sh /export-certs.sh; sleep 12h; done"
depends_on:
caddy-redis:
condition: service_healthy
caddy:
condition: service_started
#mkdir -p /mnt/Nextcloud/mail/{maildata,mailstate,mail-logs,config,caddy}
#docker exec -it mail doveadm search -u admin@poppyglen.cc mailbox INBOX ALL
#docker exec -it mail doveadm fetch -u admin@poppyglen.cc text mailbox INBOX uid 1
mail:
image: docker.io/mailserver/docker-mailserver:latest
container_name: mail
hostname: mail.poppyglen.cc
restart: unless-stopped
environment:
#- SSL_TYPE=manual
#- SSL_CERT_PATH=/caddy-data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.poppyglen.cc/mail.poppyglen.cc.crt
#- SSL_KEY_PATH=/caddy-data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.poppyglen.cc/mail.poppyglen.cc.key
- SSL_TYPE=letsencrypt
#- SSL_CERT_PATH=/caddy-data/mail.poppyglen.cc.crt
#- SSL_KEY_PATH=/caddy-data/mail.poppyglen.cc.key
- TZ=America/Los_Angeles
- PERMIT_DOCKER=network
- DMS_DEBUG=0
- ONE_DIR=1
- ENABLE_POSTGREY=0
- ENABLE_FAIL2BAN=1
- ENABLE_CLAMAV=1
- CLAMAV_HOST=clamav
- ENABLE_SPAMASSASSIN=1
- ENABLE_OPENDKIM=1
volumes:
- /mnt/Nextcloud/mail/maildata:/var/mail
- /mnt/Nextcloud/mail/mailstate:/var/mail-state
- /mnt/Nextcloud/mail/mail-logs:/var/log/mail
- /mnt/Nextcloud/mail/config:/tmp/docker-mailserver/
- /etc/localtime:/etc/localtime:ro
- /mnt/Nextcloud/caddy/data/mail.poppyglen.cc.crt:/etc/letsencrypt/live/mail.poppyglen.cc/fullchain.pem
- /mnt/Nextcloud/caddy/data/mail.poppyglen.cc.key:/etc/letsencrypt/live/mail.poppyglen.cc/privkey.pem
ports:
- "25:25"
- "143:143"
- "465:465"
- "587:587"
- "993:993"
cap_add:
- NET_ADMIN # Required for Fail2Ban
- SYS_PTRACE
networks:
- nextcloud-net
depends_on:
- clamav
- cert-exporter
#docker exec -it mail setup config dkim
#docker exec -it mail cat /tmp/docker-mailserver/opendkim/keys/poppyglen.cc/mail.txt | awk -F'"' '/"/{print $2}' | tr -d '\n'
ollama:
image: ollama/ollama:rocm
container_name: ollama
restart: unless-stopped
volumes:
- /mnt/Nextcloud/ollama:/root/.ollama
- /lib/modules:/lib/modules:ro
- /sys/module:/sys/module:ro
networks:
- nextcloud-net
environment:
HSA_OVERRIDE_GFX_VERSION: ${HSA_OVERRIDE_GFX_VERSION}
HIP_VISIBLE_DEVICES: "0"
devices:
- /dev/kfd:/dev/kfd
- /dev/dri:/dev/dri
security_opt:
- seccomp:unconfined
cap_add:
- SYS_MODULE
- SYS_RAWIO
#docker exec -it ollama ollama pull qwen3:4b
recording-server:
image: nextcloud/aio-talk-recording
container_name: nextcloud-recording-server
restart: unless-stopped
environment:
- NEXTCLOUD_URL=https://cloud.poppyglen.cc
- NC_DOMAIN=cloud.poppyglen.cc
- NEXTCLOUD_RECORDING_USERNAME=${NEXTCLOUD_RECORDING_USERNAME}
- NEXTCLOUD_RECORDING_PASSWORD=${NEXTCLOUD_RECORDING_PASSWORD}
- RECORDING_SECRET=${RECORDING_SECRET}
- INTERNAL_SECRET=${INTERNAL_SECRET}
networks:
- nextcloud-net # Must be on the same network as other services
immich-postgres:
container_name: immich_postgres
image: tensorchord/pgvecto-rs:pg16-v0.2.0 # Required for vector search
restart: unless-stopped
environment:
POSTGRES_PASSWORD: ${IMMICH_DB_PASSWORD}
POSTGRES_USER: ${IMMICH_DB_USER}
POSTGRES_DB: ${IMMICH_DB_NAME}
DB_STORAGE_TYPE: 'HDD'
volumes:
- /mnt/Nextcloud/immich/immich_db:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
interval: 10s
timeout: 5s
retries: 5
networks:
- nextcloud-net
immich-redis:
container_name: immich_redis
image: redis:6.2-alpine
restart: unless-stopped
networks:
- nextcloud-net
immich-server:
container_name: immich_server
image: ghcr.io/immich-app/immich-server:release
#command: [ "start.sh", "immich" ]
extends:
file: ./immich/hwaccel.transcoding.yml
service: vaapi
restart: unless-stopped
depends_on:
immich-postgres:
condition: service_healthy
immich-redis:
condition: service_started
environment:
# This is an anchor that other services will reference
&immich-common-env
DB_HOSTNAME: immich-postgres
DB_USERNAME: ${IMMICH_DB_USER}
DB_PASSWORD: ${IMMICH_DB_PASSWORD}
DB_DATABASE_NAME: ${IMMICH_DB_NAME}
REDIS_HOSTNAME: immich-redis
JWT_SECRET: ${IMMICH_JWT_SECRET}
# You can add other Immich specific env vars here if needed
volumes:
- /mnt/Nextcloud/immich/immich_upload:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
- /mnt/Nextcloud/photos:/import:ro
networks:
- nextcloud-net
#healthcheck:
# test: ["CMD", "curl", "-f", "http://localhost:2283/api/server/ping"]
# interval: 30s
# timeout: 10s
# retries: 5
# start_period: 30s
immich-microservices:
container_name: immich_microservices
image: ghcr.io/immich-app/immich-server:release
# This command is required to run microservices
#command: [ "start.sh", "microservices" ]
extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
file: ./immich/hwaccel.ml.yml
service: rocm # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
restart: unless-stopped
depends_on:
- immich-server
environment:
# Use the alias to inherit common environment variables
<<: *immich-common-env
volumes:
- /mnt/Nextcloud/immich/immich_upload:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
- /mnt/Nextcloud/photos:/import:ro
networks:
- nextcloud-net
immich-machine-learning:
container_name: immich_machine_learning
image: ghcr.io/immich-app/immich-machine-learning:release
restart: unless-stopped
volumes:
- /mnt/Nextcloud/immich/immich_models:/cache
environment:
# Use the alias to inherit common environment variables
<<: *immich-common-env
networks:
- nextcloud-net
immich-init:
image: alpine:3.20
container_name: immich-init
env_file: .env
environment:
IMMICH_BASE_URL: http://immich-server:2283/api
depends_on:
- immich-server
#condition: service_healthy
volumes:
- ./immich/init-immich.sh:/init-immich.sh:ro
entrypoint: ["/bin/sh", "/init-immich.sh"]
restart: "no"
networks:
- nextcloud-net
jellyfin:
image: jellyfin/jellyfin:latest
container_name: jellyfin
restart: unless-stopped
user: 1000:1000
environment:
- TZ=America/Los_Angeles
- PUID=1000 # Replace with your user ID
- PGID=1000 # Replace with your group ID
volumes:
- /mnt/Nextcloud/jellyfin/config:/config
- /mnt/Nextcloud/jellyfin/cache:/cache
- /mnt/Nextcloud/movies:/media/movies
- /mnt/Nextcloud/tvshows:/media/tvshows
- /mnt/Nextcloud/music:/media/music
- /mnt/Nextcloud/photos:/media/photos
ports:
- "8096:8096" # Web UI
- "7359:7359/udp" # Client discovery
- "1900:1900/udp" # DLNA
devices:
- /dev/dri:/dev/dri # For Intel Quick Sync or AMD VA-API hardware acceleration
networks:
- nextcloud-net
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8096/Users/Public"]
interval: 15s
timeout: 5s
retries: 40
start_period: 30s
jellyfin-init:
image: alpine:3.20
container_name: jellyfin-init
env_file: .env
environment:
JELLYFIN_BASE_URL: ${JELLYFIN_BASE_URL}
JELLYFIN_INIT_ADMIN_USER: ${JELLYFIN_INIT_ADMIN_USER}
JELLYFIN_INIT_ADMIN_PASSWORD: ${JELLYFIN_INIT_ADMIN_PASSWORD}
JELLYFIN_INIT_SERVERNAME: ${JELLYFIN_INIT_SERVERNAME}
depends_on:
jellyfin:
condition: service_healthy
volumes:
- ./jellyfin/init-jellyfin.sh:/init-jellyfin.sh:ro
- /mnt/Nextcloud/movies:/media/movies
- /mnt/Nextcloud/tvshows:/media/tvshows
- /mnt/Nextcloud/music:/media/music
- /mnt/Nextcloud/photos:/media/photos
entrypoint: ["/bin/sh", "/init-jellyfin.sh"]
restart: "no"
networks:
- nextcloud-net
#sunshine:
# image: ghcr.io/lizardbyte/sunshine:v2025.628.4510-archlinux
# container_name: sunshine
# restart: unless-stopped
# privileged: true
# shm_size: "2gb"
# user: "root"
# group_add:
# - "render"
# - "video"
# - "input"
# environment:
# - TZ=America/Los_Angeles
# - PUID=1000
# - PGID=1000
# - LIBVA_DRIVER_NAME=radeonsi
# - WAYLAND_DISPLAY=${WAYLAND_DISPLAY:-wayland-0}
# - XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR:-/run/user/1000} # replace 1000 with your UID
# - SUNSHINE_USERNAME=${SUNSHINE_USERNAME}
# - SUNSHINE_PASSWORD=${SUNSHINE_PASSWORD}
# - DISPLAY=:1
# volumes:
# - /mnt/Nextcloud/sunshine/config:/config
# - /run/user/1000:/run/user/1000
# - /tmp/.X11-unix:/tmp/.X11-unix # optional for X11
# - /var/lib/dbus/machine-id:/var/lib/dbus/machine-id:ro
# - /run/dbus:/run/dbus:ro
# - /run/udev/data:/run/udev/data:ro
# ports:
# - "47984:47984/udp"
# - "47990:47990/tcp"
# - "47989:47989/tcp"
# - "48010:48010/udp"
# - "48010:48010/tcp"
# - "47998-48000:47998-48000/udp"
# devices:
# - /dev/dri:/dev/dri
# - /dev/input:/dev/input
# - /dev/uinput:/dev/uinput
# #networks:
# # - nextcloud-net
# networks:
# sunshine_net:
# ipv4_address: 192.168.0.200
wolf:
image: ghcr.io/games-on-whales/wolf:stable
container_name: wolf
#user: "1000:1000"
privileged: true
environment:
- XDG_RUNTIME_DIR=/tmp/sockets
- HOST_APPS_STATE_FOLDER=/mnt/Nextcloud/wolf
- WAYLAND_DISPLAY=wayland-1
- MESA_LOADER_DRIVER_OVERRIDE=amd
- VDPAU_DRIVER=va_gl
- LIBVA_DRIVER_NAME=radeonsi
- RADV_DEBUG=llvm
- WOLF_LOG_LEVEL:DEBUG
volumes:
- /mnt/Nextcloud/wolf:/mnt/Nextcloud/wolf:rw
- /mnt/Nextcloud/wolf/cfg:/etc/wolf/cfg:rw
- /run/user/1000:/run/user/1000
- /run/udev/data:/run/udev/data:ro
- /tmp/sockets:/tmp/sockets:rw
- /var/run/docker.sock:/var/run/docker.sock:rw
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id:ro
- /usr/share/vulkan/icd.d:/usr/share/vulkan/icd.d:ro
- /usr/lib/libvulkan.so:/usr/lib/libvulkan.so:ro
- /usr/lib/libvulkan.so.1:/usr/lib/libvulkan.so.1:ro
- /usr/lib/libvulkan.so.1.4.321:/usr/lib/libvulkan.so.1.4.321:ro
- /usr/lib/libvulkan_radeon.so:/usr/lib/libvulkan_radeon.so:ro
- /usr/lib/libEGL_mesa.so:/usr/lib/libEGL_mesa.so:ro
- /usr/lib/libEGL_mesa.so.0:/usr/lib/libEGL_mesa.so.0:ro
- /usr/lib/libEGL_mesa.so.0.0.0:/usr/lib/libEGL_mesa.so.0.0.0:ro
- /usr/lib/libGLX_mesa.so:/usr/lib/libGLX_mesa.so:ro
- /usr/lib/libGLX_mesa.so.0:/usr/lib/libGLX_mesa.so.0:ro
- /usr/lib/libGLX_mesa.so.0.0.0:/usr/lib/libGLX_mesa.so.0.0.0:ro
- /usr/lib/libva.so:/usr/lib/libva.so:ro
- /usr/lib/libva.so.2:/usr/lib/libva.so.2:ro
- /usr/lib/libva.so.2.0.0:/usr/lib/libva.so.2.0.0:ro
- /usr/lib/dri/radeonsi_drv_video.so:/usr/lib/dri/radeonsi_drv_video.so:ro
- /usr/lib/x86_64-linux-gnu/dri:/usr/lib/x86_64-linux-gnu/dri:ro
- /run/dbus:/run/dbus:ro
- /run/udev:/run/udev:rw
device_cgroup_rules:
- 'c 13:* rmw'
devices:
- /dev/dri:/dev/dri:rw
- /dev/dri/renderD128:/dev/dri/renderD128:rw
- /dev/uinput:/dev/uinput
- /dev/uhid:/dev/uhid
group_add:
- "989"
- "video"
- "994"
network_mode: host
restart: unless-stopped
#networks:
# sunshine_net:
# ipv4_address: 192.168.0.200
technitium-dns:
image: technitium/dns-server:latest
container_name: technitium-dns
hostname: technitium-dns
restart: unless-stopped
volumes:
- /mnt/Nextcloud/technitium/config:/etc/dns
environment:
- DNS_SERVER_DOMAIN=home.lan
- DNS_SERVER_ADMIN_PASSWORD=${TECHNITIUM_ADMIN_PASSWORD}
- DNS_SERVER_FORWARDERS=1.1.1.1,8.8.8.8,2606:4700:4700::1111,2001:4860:4860::8888
- DNS_SERVER_FORWARDER_PROTOCOL=Udp
- DNS_SERVER_RECURSION=AllowOnlyForPrivateNetworks
- DNS_SERVER_RECURSION_ALLOWED_NETWORKS=192.168.0.0/24,fd00::/8
ports:
- "5380:5380/tcp" # Web UI
- "53:53/tcp" # DNS
- "53:53/udp" # DNS
networks:
- nextcloud-net
#echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf
#echo "nameserver 1.1.1.1" | sudo tee /etc/resolv.conf
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: unless-stopped
environment:
- WEBSOCKET_ENABLED=true # Required for Caddy reverse proxy
- SIGNUPS_ALLOWED=true # Set to false after you've created your account
- ADMIN_TOKEN=${VAULTWARDEN_ADMIN_TOKEN} # Add a secure token to your .env file
volumes:
- /mnt/Nextcloud/vaultwarden:/data
networks:
- nextcloud-net
wireguard:
image: lscr.io/linuxserver/wireguard:latest
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1000
- PGID=1000
- TZ=America/Los_Angeles
- SERVERURL=vpn.poppyglen.cc # or your public domain, e.g., vpn.poppyglen.cc
- PEERS=1 # Number of peer configs to generate
- PEERDNS=auto
- INTERNAL_SUBNET=10.13.13.0/24
volumes:
- /mnt/Nextcloud/wireguard/config:/config
- /lib/modules:/lib/modules
ports:
- 51820:51820/udp
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: unless-stopped
networks:
- nextcloud-net
#ipfs:
# image: ipfs/kubo:latest
# container_name: ipfs_node
# restart: unless-stopped
# environment:
# - IPFS_PROFILE=server
# volumes:
# - /mnt/Nextcloud/ipfs_data:/data/ipfs
# ports:
# - "4001:4001/tcp" # Swarm - TCP
# - "4001:4001/udp" # Swarm - QUIC
# - "8080:8080" # Gateway
# - "5001:5001" # API
# networks:
# - nextcloud-net
Reference in New Issue View Git Blame Copy Permalink