dmad/docker-compose-with-caddy.yml at main · nguyenanhung/dmad · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
version: '3'
networks:
    dmad_private_network:
        external: true

services:
    unbound:
        image: "klutchell/unbound"
        container_name: unbound
        restart: unless-stopped
        hostname: "unbound"
        networks:
            dmad_private_network:
                ipv4_address: 10.2.0.200
        #        deploy:
        #            resources:
        #                limits:
        #                    cpus: "1"
        #                    memory: 512M
        healthcheck:
            test: [ "CMD", "dig", "@127.0.0.1", "google.com" ]
            interval: 30s
            timeout: 5s
            retries: 3

    pihole:
        image: "pihole/pihole:latest"
        container_name: pihole
        restart: unless-stopped
        hostname: pihole
        dns:
            - 127.0.0.1
            - 10.2.0.200
        env_file:
            - .env
        volumes:
            - "./etc-pihole/:/etc/pihole/"
            - "./etc-dnsmasq.d/:/etc/dnsmasq.d/"
        cap_add:
            - NET_ADMIN
        networks:
            dmad_private_network:
                ipv4_address: 10.2.0.100
        healthcheck:
            test: [ "CMD", "dig", "@127.0.0.1", "google.com" ]
            interval: 30s
            timeout: 5s
            retries: 3

    wg-easy:
        image: "ghcr.io/wg-easy/wg-easy:14"
        container_name: wg-easy
        restart: unless-stopped
        env_file:
            - .env
        volumes:
            - .:/etc/wireguard
        ports:
            - "51820:51820/udp"
            #- "127.0.0.1:51821:51821/tcp" # By default, mapping port 51821 is disabled, allowing only services on the same docker network to be called for safety.
        cap_add:
            - NET_ADMIN
            - SYS_MODULE
        sysctls:
            - net.ipv4.ip_forward=1
            - net.ipv4.conf.all.src_valid_mark=1
        dns:
            - 10.2.0.100
            - 10.2.0.200
        networks:
            dmad_private_network:
                ipv4_address: 10.2.0.3
        depends_on:
            - pihole
            - unbound

    caddy:
        image: "caddy:latest"
        container_name: caddy
        restart: unless-stopped
        ports:
            - "80:80"
            - "443:443"
            - "443:443/udp"
        volumes:
            - ./Caddyfile:/etc/caddy/Caddyfile
            - ./sites:/etc/caddy/sites
            - caddy_data:/data
            - caddy_config:/config
        networks:
            dmad_private_network:
                ipv4_address: 10.2.0.4
        healthcheck:
            test: [ "CMD", "pgrep", "caddy" ]
            interval: 30s
            timeout: 5s
            retries: 3
        logging:
            options:
                max-size: "10m"
                max-file: "7"
        depends_on:
            - wg-easy
            - pihole

volumes:
    caddy_data:
    caddy_config: