Last active
November 2, 2022 18:53
-
-
Save cinnamondev/9aa907d4bef9875a7598c3a34516960b to your computer and use it in GitHub Desktop.
Raspberry Pi Docker Compose full. Run `sudo docker-compose up -d`. Creates all docker networks and deploys all containers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: "3.6" | |
# docker-compose.yml | |
# Docker setup for RPI4 services. | |
# Revision date 02.11.22 | |
services: | |
portainer: | |
container_name: Portainer | |
restart: unless-stopped | |
image: portainer/portainer-ce | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock | |
- portainer_data:/data | |
ports: | |
- "8000:8000" | |
- "9000:9000" | |
# Networking services | |
# Pihole & Cloudflared | |
# Cloudflared service should not be directly accessible. Service is only exposed to pihole and pihole is exposed to all internal/external networks. | |
pihole: | |
container_name: PiHole | |
restart: unless-stopped | |
image: pihole/pihole | |
environment: | |
- "TZ=Europe/London" | |
- "WEBPASSWORD=admin" | |
- "DNS1=172.30.9.2#5054" | |
- "DNS2=no" # EXPLICITLY STOP USING DNS FALLBACK (AVOID GOOGLE DNS) | |
- "DNSMASQ_LISTENING=ALL" # Prevents exposing Pihole to the internet but allows the cloudflared docker | |
volumes: | |
- /home/cinnamon/dockerconfigs/networking/pihole/config:/etc/pihole/ | |
- /home/cinnamon/dockerconfigs/networking/pihole/dnsmasq:/etc/dnsmasq.d/ | |
ports: | |
- "53:53/tcp" | |
- "53:53/udp" | |
- "80:32400/tcp" | |
- "80:32400/udp" | |
networks: | |
cf: # Hidden cloudflared container network | |
ipv4_address: 172.30.9.3 | |
main: | |
ipv4_address: 172.20.0.2 | |
torrent: | |
ipv4_address: 172.20.1.2 | |
depends_on: | |
- cloudflared | |
cloudflared: | |
container_name: Cloudflared | |
restart: unless-stopped | |
image: visibilityspots/cloudflared | |
environment: | |
PORT: 5054 | |
ADDRESS: 0.0.0.0 | |
TZ: Europe/London | |
ports: | |
- "5054:5054/tcp" | |
- "5054:5054/udp" | |
networks: | |
cf: # cloudflared isolated network | |
ipv4_address: 172.30.9.2 | |
# Wireguard service | |
# wg is accessible via docker exec. | |
wireguard: | |
container_name: WireGuard | |
image: linuxserver/wireguard | |
restart: unless-stopped | |
ports: | |
- 51820:51820/udp | |
- 51820:51820/tcp | |
cap_add: | |
- NET_ADMIN | |
- SYS_MODULE | |
environment: | |
- PUID=1000 | |
- PGID=1000 | |
- TZ=Europe/London | |
- SERVERURL=pvn1924.itscinnamon.me | |
- SERVERPORT=57998 | |
- PEERS=3 | |
- PEERDNS=auto | |
- INTERNAL_SUBNET=10.13.13.0 | |
- ALLOWEDIPS=0.0.0.0/0 | |
volumes: | |
- /home/cinnamon/dockerconfigs/networking/wireguard/config:/config | |
- /lib/modules:/lib/modules | |
networks: | |
main: | |
ipv4_address: 172.20.0.3 | |
#network_mode: host | |
sysctls: | |
- net.ipv4.conf.all.src_valid_mark=1 | |
- net.ipv4.ip_forward=1 | |
- net.ipv6.conf.all.forwarding=1 | |
depends_on: | |
- pihole | |
# Webthings: disabled 02.11.22 DNN | |
#webthings: | |
# image: webthingsio/gateway | |
# container_name: WebThingsIOT | |
# environment: | |
# - TZ=Europe/London | |
# network_mode: host # otherwise it will cry at me | |
# restart: unless-stopped | |
# volumes: | |
# - /home/cinnamon/dockerconfigs/webthings/:/home/node/.webthings | |
# dns: | |
# - 172.20.0.2 | |
# depends_on: | |
# - pihole | |
# Torrenting services | |
# QBittorrent - use port 8080 for GUI. Disabled 02.11.22 | |
#qbittorrent: | |
# image: linuxserver/qbittorrent | |
# container_name: qbittorrent | |
# environment: | |
# - PUID=1000 | |
# - PGID=1000 | |
# - TZ=Europe/London | |
# - WEBUI_PORT=8080 | |
# volumes: | |
# - /home/cinnamon/dockerconfigs/torrenting/qbittorrent/blackhole:/blackhole | |
# - /home/cinnamon/dockerconfigs/torrenting/qbittorrent/config:/config | |
# - /media/pie/Torrenting/:/downloads | |
# ports: | |
# - 6881:6881/tcp | |
# - 6881:6881/udp | |
# - 8080:8080 | |
# restart: unless-stopped | |
# dns: 172.20.1.2 | |
# networks: | |
# torrent: | |
# ipv4_address: 172.20.1.3 | |
# depends_on: | |
# - pihole | |
# Jackett torrent index. Use port 9117 for GUI. Disabled 02.11.22 | |
#jackett: | |
# image: linuxserver/jackett | |
# container_name: jackett | |
# environment: | |
# - PUID=1000 | |
# - PGID=1000 | |
# - TZ=Europe/London | |
# - AUTO_UPDATE=true | |
# volumes: | |
# - /home/cinnamon/dockerconfigs/torrenting/jackett:/config | |
# - /media/pie/blackhole:/downloads | |
# ports: | |
# - 9117:9117 | |
# restart: unless-stopped | |
# dns: | |
# - 172.20.1.2 | |
# networks: | |
# torrent: | |
# ipv4_address: 172.20.1.4 | |
# depends_on: | |
# - pihole | |
# Sonarr TV torrent tracker / library maintain. Disabled 02.11.22 8989 web gui | |
#sonarr: | |
# image: hotio/sonarr | |
# container_name: sonarr | |
# ports: | |
# - 8989:8989 | |
# environment: | |
# - PUID=1000 | |
# - PGID=1000 | |
# - UMASK=002 | |
# - TZ=Europe/London | |
# volumes: | |
# - /home/cinnamon/dockerconfigs/torrenting/sonarr:/config | |
# - /media/pie/Torrenting:/torrents | |
# - /media/pie/MediaServe/Video/TV:/tv | |
# - /media/pie/blackhole:/blackhole | |
# dns: | |
# - 172.20.1.2 | |
# networks: | |
# torrent: | |
# ipv4_address: 172.20.1.5 | |
# depends_on: | |
# - jackett | |
# - qbittorrent | |
# - pihole | |
## Radarr - torrent tracker/index/whatever films. 7878 web gui. disabled 02.11.22 | |
#radarr: | |
# image: hotio/radarr | |
# container_name: radarr | |
# ports: | |
# - 7878:7878 | |
# environment: | |
# - PUID=1000 | |
# - PGID=1000 | |
# - UMASK=002 | |
# - TZ=Europe/London | |
# volumes: | |
# - /home/cinnamon/dockerconfigs/torrenting/radarr:/config | |
# - /media/pie/Torrenting:/torrents | |
# - /media/pie/MediaServe/Video/Films:/films | |
# - /media/pie/blackhole:/blackhole | |
# restart: unless-stopped | |
# dns: | |
# - 172.20.1.2 | |
# networks: | |
# torrent: | |
# ipv4_address: 172.20.1.6 | |
# depends_on: | |
# - jackett | |
# - qbittorrent | |
# - pihole | |
# Jellyfin library thing - use web gui port 8096. | |
jellyfin: | |
image: lscr.io/linuxserver/jellyfin:latest | |
container_name: jellyfin | |
environment: | |
- PUID=1000 | |
- PGID=1000 | |
- TZ=Europe/London | |
# - JELLYFIN_PublishedServerUrl=192.168.0.5 #optional | |
volumes: | |
- /media/pie/configs/jelly:/config | |
- /media/pie/MediaServe/Video/TV:/data/tvshows | |
- /media/pie/MediaServe/Video/Films:/data/movies | |
- /opt/vc/lib:/opt/vc/lib | |
ports: | |
- 8096:8096 | |
- 8920:8920 #optional | |
- 7359:7359/udp #optional | |
- 1900:1900/udp #optional | |
networks: | |
main: | |
ipv4_address: 172.20.0.16 | |
dns: | |
- 172.20.0.2 | |
devices: | |
- "/dev/video10:/dev/video10" | |
- "/dev/video11:/dev/video11" | |
- "/dev/video12:/dev/video12" | |
#- "/dev/vcsm:/dev/vcsm" | |
- "/dev/vchiq:/dev/vchiq" | |
restart: unless-stopped | |
# Home assistant. disabled 02.11.22 | |
#homeassistant: | |
# container_name: homeassistant | |
# image: "ghcr.io/home-assistant/home-assistant:stable" | |
# volumes: | |
# - /opt/homeassistant/config:/config | |
# - /etc/localtime:/etc/localtime:ro | |
# restart: unless-stopped | |
# privileged: true | |
# network_mode: host | |
# # wireguard: | |
# # image: lscr.io/linuxserver/wireguard:latest | |
# # container_name: vpn | |
# # depends_on: | |
# # - pihole | |
# #environment: | |
# # - PUID=1001 | |
# # - PGID=100 | |
# # - TZ=Europe/London | |
# # - SERVERURL=auto | |
# # - SERVERPORT=4242 | |
# # - PEERS=1 | |
networks: | |
# Create the internal network | |
cf: | |
ipam: | |
config: | |
- subnet: 172.30.9.0/29 | |
main: | |
driver: bridge | |
ipam: | |
config: | |
- subnet: 172.20.0.0/24 | |
torrent: | |
driver: bridge | |
ipam: | |
config: | |
- subnet: 172.20.1.0/24 | |
# vpn: | |
# driver: bridge | |
# ipam: | |
# config: | |
# - subnet: 172.20.2.0/24 | |
volumes: | |
portainer_data: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment