connectivity

7.1 KB•J2

docker-compose.yml.j2

7.1 KB • 186 lines • plaintext

1---
2# Main Docker Compose for Connectivity Services
3# Generated by Ansible connectivity role
4
5version: '{{ connectivity_docker_compose_version }}'
6
7networks:
8  {{ connectivity_network_name }}:
9    driver: bridge
10    ipam:
11      config:
12        - subnet: {{ connectivity_subnet }}
13
14services:
15{% if connectivity_wireguard_enabled %}
16  # WireGuard VPN Service
17  {{ connectivity_wireguard_container_name }}:
18    image: {{ connectivity_wireguard_image }}:{{ connectivity_wireguard_image_tag }}
19    container_name: {{ connectivity_wireguard_container_name }}
20    restart: {{ connectivity_default_restart_policy }}
21    cap_add:
22      - NET_ADMIN
23      - SYS_MODULE
24    sysctls:
25      - net.ipv4.ip_forward=1
26      - net.ipv4.conf.all.src_valid_mark=1
27    volumes:
28      - {{ connectivity_docker_base_path }}/wireguard/config:/etc/wireguard
29    ports:
30      - "{{ connectivity_wireguard_port }}:{{ connectivity_wireguard_port }}/udp"
31      - "{{ connectivity_wireguard_web_port }}:51821/tcp"
32    environment:
33      - WG_HOST={{ connectivity_wireguard_host }}
34      - PASSWORD={{ connectivity_wireguard_password }}
35      - WG_DEFAULT_DNS={{ connectivity_wireguard_dns }}
36      - WG_DEFAULT_ADDRESS={{ connectivity_wireguard_subnet }}
37      - WG_ALLOWED_IPS={{ connectivity_wireguard_default_allowed_ips }}
38      - WG_PERSISTENT_KEEPALIVE={{ connectivity_wireguard_default_persistent_keepalive }}
39      - WG_PORT={{ connectivity_wireguard_port }}
40    networks:
41      - {{ connectivity_network_name }}
42    labels:
43      - com.connectivity.service=wireguard
44      - com.connectivity.type=vpn
45    logging:
46      driver: {{ log_driver }}
47      options:
48        max-size: {{ log_max_size }}
49        max-file: "{{ log_max_file }}"
50{% endif %}
51
52{% if connectivity_nginx_proxy_enabled and connectivity_nginx_proxy_db_enabled %}
53  # Nginx Proxy Manager Database
54  {{ connectivity_nginx_proxy_db_container_name }}:
55    image: {{ connectivity_nginx_proxy_db_image }}:{{ connectivity_nginx_proxy_db_image_tag }}
56    container_name: {{ connectivity_nginx_proxy_db_container_name }}
57    restart: {{ connectivity_database_restart_policy }}
58    environment:
59      MYSOL_ROOT_PASSWORD: {{ connectivity_nginx_proxy_db_root_password }}
60      MYSQL_DATABASE: {{ connectivity_nginx_proxy_db_name }}
61      MYSQL_USER: {{ connectivity_nginx_proxy_db_user }}
62      MYSQL_PASSWORD: {{ connectivity_nginx_proxy_db_password }}
63    volumes:
64      - {{ connectivity_docker_base_path }}/nginx-proxy/database:/var/lib/mysql
65    networks:
66      - {{ connectivity_network_name }}
67    labels:
68      - com.connectivity.service=nginx-proxy
69      - com.connectivity.type=database
70    logging:
71      driver: {{ connectivity_log_driver }}
72      options:
73        max-size: {{ connectivity_log_max_size }}
74        max-file: "{{ connectivity_log_max_file }}"
75{% endif %}
76
77{% if connectivity_nginx_proxy_enabled %}
78  # Nginx Proxy Manager
79  {{ connectivity_nginx_proxy_container_name }}:
80    image: {{ connectivity_nginx_proxy_image }}:{{ connectivity_nginx_proxy_image_tag }}
81    container_name: {{ connectivity_nginx_proxy_container_name }}
82    restart: {{ connectivity_default_restart_policy }}
83{% if connectivity_nginx_proxy_db_enabled %}
84    depends_on:
85      - {{ connectivity_nginx_proxy_db_container_name }}
86{% endif %}
87    ports:
88      - "{{ connectivity_nginx_proxy_admin_port }}:81"
89      - "{{ connectivity_nginx_proxy_http_port }}:80"
90      - "{{ connectivity_nginx_proxy_https_port }}:443"
91    volumes:
92      - {{ connectivity_docker_base_path }}/nginx-proxy/data:/data
93      - {{ connectivity_docker_base_path }}/nginx-proxy/letsencrypt:/etc/letsencrypt
94    environment:
95{% if connectivity_nginx_proxy_db_enabled %}
96      DB_MYSQL_HOST: {{ connectivity_nginx_proxy_db_container_name }}
97      DB_MYSQL_PORT: 3306
98      DB_MYSQL_USER: {{ connectivity_nginx_proxy_db_user }}
99      DB_MYSQL_PASSWORD: {{ connectivity_nginx_proxy_db_password }}
100      DB_MYSQL_NAME: {{ connectivity_nginx_proxy_db_name }}
101{% endif %}
102      DISABLE_IPV6: 'true'
103    networks:
104      - {{ connectivity_network_name }}
105    labels:
106      - com.connectivity.service=nginx-proxy
107      - com.connectivity.type=proxy
108    logging:
109      driver: {{ connectivity_log_driver }}
110      options:
111        max-size: {{ connectivity_log_max_size }}
112        max-file: "{{ connectivity_log_max_file }}"
113{% endif %}
114
115{% if connectivity_unbound_enabled %}
116  # Unbound Recursive DNS
117  {{ connectivity_unbound_container_name }}:
118    image: {{ connectivity_unbound_image }}:{{ connectivity_unbound_image_tag }}
119    container_name: {{ connectivity_unbound_container_name }}
120    restart: {{ connectivity_default_restart_policy }}
121    ports:
122      - "{{ connectivity_unbound_port }}:5353"
123    volumes:
124      - {{ connectivity_docker_base_path }}/unbound/config:/opt/unbound/etc/unbound
125    networks:
126      - {{ connectivity_network_name }}
127    labels:
128      - com.connectivity.service=dns-stack
129      - com.connectivity.type=recursive-dns
130    logging:
131      driver: {{ connectivity_log_driver }}
132      options:
133        max-size: {{ connectivity_log_max_size }}
134        max-file: "{{ connectivity_log_max_file }}"
135{% endif %}
136
137{% if connectivity_pihole_enabled %}
138  # Pi-hole DNS Sinkhole
139  {{ connectivity_pihole_container_name }}:
140    image: {{ connectivity_pihole_image }}:{{ connectivity_pihole_image_tag }}
141    container_name: {{ connectivity_pihole_container_name }}
142    restart: {{ connectivity_default_restart_policy }}
143{% if connectivity_unbound_enabled %}
144    depends_on:
145      - {{ connectivity_unbound_container_name }}
146{% endif %}
147    ports:
148      - "{{ connectivity_pihole_web_port }}:80/tcp"
149      - "{{ connectivity_pihole_dns_port }}:53/tcp"
150      - "{{ connectivity_pihole_dns_port }}:53/udp"
151{% if connectivity_pihole_dhcp_enabled %}
152      - "{{ connectivity_pihole_dhcp_port }}:67/udp"
153{% endif %}
154    environment:
155      TZ: {{ connectivity_pihole_timezone }}
156      WEBPASSWORD: {{ connectivity_pihole_password }}
157{% if connectivity_unbound_enabled %}
158      PIHOLE_DNS_: {{ connectivity_unbound_container_name }}#5353
159{% else %}
160      PIHOLE_DNS_: {{ connectivity_pihole_dns_servers }}
161{% endif %}
162      DNSMASQ_LISTENING: all
163      WEBTHEME: default-dark
164      REV_SERVER: {{ connectivity_pihole_conditional_forwarding | string | lower }}
165      DHCP_ACTIVE: {{ connectivity_pihole_dhcp_enabled | string | lower }}
166      DHCP_START: {{ connectivity_pihole_dhcp_range.split(',')[0] | default('192.168.1.100') }}
167      DHCP_END: {{ connectivity_pihole_dhcp_range.split(',')[1] | default('192.168.1.200') }}
168      DHCP_ROUTER: {{ ansible_default_ipv4.gateway | default('192.168.1.1') }}
169      PIHOLE_DOMAIN: {{ ansible_domain | default('local') }}
170      IPv6: {{ connectivity_pihole_ipv6_enabled | string | lower }}
171    volumes:
172      - {{ connectivity_docker_base_path }}/pihole/config:/etc/pihole
173      - {{ connectivity_docker_base_path }}/pihole/dnsmasq.d:/etc/dnsmasq.d
174    cap_add:
175      - NET_ADMIN
176    networks:
177      - {{ connectivity_network_name }}
178    labels:
179      - com.connectivity.service=dns-stack
180      - com.connectivity.type=dns-sinkhole
181    logging:
182      driver: {{ connectivity_log_driver }}
183      options:
184        max-size: {{ connectivity_log_max_size }}
185        max-file: "{{ connectivity_log_max_file }}"
186{% endif %}

1--- 2# Main Docker Compose for Connectivity Services 3# Generated by Ansible connectivity role 4 5version: '{{ connectivity_docker_compose_version }}' 6 7networks: 8 {{ connectivity_network_name }}: 9 driver: bridge 10 ipam: 11 config: 12 - subnet: {{ connectivity_subnet }} 13 14services: 15{% if connectivity_wireguard_enabled %} 16 # WireGuard VPN Service 17 {{ connectivity_wireguard_container_name }}: 18 image: {{ connectivity_wireguard_image }}:{{ connectivity_wireguard_image_tag }} 19 container_name: {{ connectivity_wireguard_container_name }} 20 restart: {{ connectivity_default_restart_policy }} 21 cap_add: 22 - NET_ADMIN 23 - SYS_MODULE 24 sysctls: 25 - net.ipv4.ip_forward=1 26 - net.ipv4.conf.all.src_valid_mark=1 27 volumes: 28 - {{ connectivity_docker_base_path }}/wireguard/config:/etc/wireguard 29 ports: 30 - "{{ connectivity_wireguard_port }}:{{ connectivity_wireguard_port }}/udp" 31 - "{{ connectivity_wireguard_web_port }}:51821/tcp" 32 environment: 33 - WG_HOST={{ connectivity_wireguard_host }} 34 - PASSWORD={{ connectivity_wireguard_password }} 35 - WG_DEFAULT_DNS={{ connectivity_wireguard_dns }} 36 - WG_DEFAULT_ADDRESS={{ connectivity_wireguard_subnet }} 37 - WG_ALLOWED_IPS={{ connectivity_wireguard_default_allowed_ips }} 38 - WG_PERSISTENT_KEEPALIVE={{ connectivity_wireguard_default_persistent_keepalive }} 39 - WG_PORT={{ connectivity_wireguard_port }} 40 networks: 41 - {{ connectivity_network_name }} 42 labels: 43 - com.connectivity.service=wireguard 44 - com.connectivity.type=vpn 45 logging: 46 driver: {{ log_driver }} 47 options: 48 max-size: {{ log_max_size }} 49 max-file: "{{ log_max_file }}" 50{% endif %} 51 52{% if connectivity_nginx_proxy_enabled and connectivity_nginx_proxy_db_enabled %} 53 # Nginx Proxy Manager Database 54 {{ connectivity_nginx_proxy_db_container_name }}: 55 image: {{ connectivity_nginx_proxy_db_image }}:{{ connectivity_nginx_proxy_db_image_tag }} 56 container_name: {{ connectivity_nginx_proxy_db_container_name }} 57 restart: {{ connectivity_database_restart_policy }} 58 environment: 59 MYSOL_ROOT_PASSWORD: {{ connectivity_nginx_proxy_db_root_password }} 60 MYSQL_DATABASE: {{ connectivity_nginx_proxy_db_name }} 61 MYSQL_USER: {{ connectivity_nginx_proxy_db_user }} 62 MYSQL_PASSWORD: {{ connectivity_nginx_proxy_db_password }} 63 volumes: 64 - {{ connectivity_docker_base_path }}/nginx-proxy/database:/var/lib/mysql 65 networks: 66 - {{ connectivity_network_name }} 67 labels: 68 - com.connectivity.service=nginx-proxy 69 - com.connectivity.type=database 70 logging: 71 driver: {{ connectivity_log_driver }} 72 options: 73 max-size: {{ connectivity_log_max_size }} 74 max-file: "{{ connectivity_log_max_file }}" 75{% endif %} 76 77{% if connectivity_nginx_proxy_enabled %} 78 # Nginx Proxy Manager 79 {{ connectivity_nginx_proxy_container_name }}: 80 image: {{ connectivity_nginx_proxy_image }}:{{ connectivity_nginx_proxy_image_tag }} 81 container_name: {{ connectivity_nginx_proxy_container_name }} 82 restart: {{ connectivity_default_restart_policy }} 83{% if connectivity_nginx_proxy_db_enabled %} 84 depends_on: 85 - {{ connectivity_nginx_proxy_db_container_name }} 86{% endif %} 87 ports: 88 - "{{ connectivity_nginx_proxy_admin_port }}:81" 89 - "{{ connectivity_nginx_proxy_http_port }}:80" 90 - "{{ connectivity_nginx_proxy_https_port }}:443" 91 volumes: 92 - {{ connectivity_docker_base_path }}/nginx-proxy/data:/data 93 - {{ connectivity_docker_base_path }}/nginx-proxy/letsencrypt:/etc/letsencrypt 94 environment: 95{% if connectivity_nginx_proxy_db_enabled %} 96 DB_MYSQL_HOST: {{ connectivity_nginx_proxy_db_container_name }} 97 DB_MYSQL_PORT: 3306 98 DB_MYSQL_USER: {{ connectivity_nginx_proxy_db_user }} 99 DB_MYSQL_PASSWORD: {{ connectivity_nginx_proxy_db_password }} 100 DB_MYSQL_NAME: {{ connectivity_nginx_proxy_db_name }} 101{% endif %} 102 DISABLE_IPV6: 'true' 103 networks: 104 - {{ connectivity_network_name }} 105 labels: 106 - com.connectivity.service=nginx-proxy 107 - com.connectivity.type=proxy 108 logging: 109 driver: {{ connectivity_log_driver }} 110 options: 111 max-size: {{ connectivity_log_max_size }} 112 max-file: "{{ connectivity_log_max_file }}" 113{% endif %} 114 115{% if connectivity_unbound_enabled %} 116 # Unbound Recursive DNS 117 {{ connectivity_unbound_container_name }}: 118 image: {{ connectivity_unbound_image }}:{{ connectivity_unbound_image_tag }} 119 container_name: {{ connectivity_unbound_container_name }} 120 restart: {{ connectivity_default_restart_policy }} 121 ports: 122 - "{{ connectivity_unbound_port }}:5353" 123 volumes: 124 - {{ connectivity_docker_base_path }}/unbound/config:/opt/unbound/etc/unbound 125 networks: 126 - {{ connectivity_network_name }} 127 labels: 128 - com.connectivity.service=dns-stack 129 - com.connectivity.type=recursive-dns 130 logging: 131 driver: {{ connectivity_log_driver }} 132 options: 133 max-size: {{ connectivity_log_max_size }} 134 max-file: "{{ connectivity_log_max_file }}" 135{% endif %} 136 137{% if connectivity_pihole_enabled %} 138 # Pi-hole DNS Sinkhole 139 {{ connectivity_pihole_container_name }}: 140 image: {{ connectivity_pihole_image }}:{{ connectivity_pihole_image_tag }} 141 container_name: {{ connectivity_pihole_container_name }} 142 restart: {{ connectivity_default_restart_policy }} 143{% if connectivity_unbound_enabled %} 144 depends_on: 145 - {{ connectivity_unbound_container_name }} 146{% endif %} 147 ports: 148 - "{{ connectivity_pihole_web_port }}:80/tcp" 149 - "{{ connectivity_pihole_dns_port }}:53/tcp" 150 - "{{ connectivity_pihole_dns_port }}:53/udp" 151{% if connectivity_pihole_dhcp_enabled %} 152 - "{{ connectivity_pihole_dhcp_port }}:67/udp" 153{% endif %} 154 environment: 155 TZ: {{ connectivity_pihole_timezone }} 156 WEBPASSWORD: {{ connectivity_pihole_password }} 157{% if connectivity_unbound_enabled %} 158 PIHOLE_DNS_: {{ connectivity_unbound_container_name }}#5353 159{% else %} 160 PIHOLE_DNS_: {{ connectivity_pihole_dns_servers }} 161{% endif %} 162 DNSMASQ_LISTENING: all 163 WEBTHEME: default-dark 164 REV_SERVER: {{ connectivity_pihole_conditional_forwarding | string | lower }} 165 DHCP_ACTIVE: {{ connectivity_pihole_dhcp_enabled | string | lower }} 166 DHCP_START: {{ connectivity_pihole_dhcp_range.split(',')[0] | default('192.168.1.100') }} 167 DHCP_END: {{ connectivity_pihole_dhcp_range.split(',')[1] | default('192.168.1.200') }} 168 DHCP_ROUTER: {{ ansible_default_ipv4.gateway | default('192.168.1.1') }} 169 PIHOLE_DOMAIN: {{ ansible_domain | default('local') }} 170 IPv6: {{ connectivity_pihole_ipv6_enabled | string | lower }} 171 volumes: 172 - {{ connectivity_docker_base_path }}/pihole/config:/etc/pihole 173 - {{ connectivity_docker_base_path }}/pihole/dnsmasq.d:/etc/dnsmasq.d 174 cap_add: 175 - NET_ADMIN 176 networks: 177 - {{ connectivity_network_name }} 178 labels: 179 - com.connectivity.service=dns-stack 180 - com.connectivity.type=dns-sinkhole 181 logging: 182 driver: {{ connectivity_log_driver }} 183 options: 184 max-size: {{ connectivity_log_max_size }} 185 max-file: "{{ connectivity_log_max_file }}" 186{% endif %}