cinnamondev/docker-compose.yml

## docker-compose.yml
version: "3.6"
#       docker-compose.yml
#         Docker setup for RPI4 services.
#         Revision date 02.11.22

services:
  portainer:
    container_name: Portainer
    restart: unless-stopped
    image: portainer/portainer-ce
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer_data:/data
    ports:
      - "8000:8000"
      - "9000:9000"
  #   Networking services
  #     Pihole & Cloudflared
  #       Cloudflared service should not be directly accessible. Service is only exposed to pihole and pihole is exposed to all internal/external networks.
  pihole:
    container_name: PiHole
    restart: unless-stopped
    image: pihole/pihole
    environment:
      - "TZ=Europe/London"
      - "WEBPASSWORD=admin"
      - "DNS1=172.30.9.2#5054"
      - "DNS2=no" # EXPLICITLY STOP USING DNS FALLBACK (AVOID GOOGLE DNS)
      - "DNSMASQ_LISTENING=ALL" # Prevents exposing Pihole to the internet but allows the cloudflared docker
    volumes:
      - /home/cinnamon/dockerconfigs/networking/pihole/config:/etc/pihole/
      - /home/cinnamon/dockerconfigs/networking/pihole/dnsmasq:/etc/dnsmasq.d/
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "80:32400/tcp"
      - "80:32400/udp"
    networks:
      cf: # Hidden cloudflared container network
        ipv4_address: 172.30.9.3
      main:
        ipv4_address: 172.20.0.2
      torrent:
        ipv4_address: 172.20.1.2
    depends_on:
      - cloudflared

  cloudflared:
    container_name: Cloudflared
    restart: unless-stopped
    image: visibilityspots/cloudflared
    environment:
      PORT: 5054
      ADDRESS: 0.0.0.0
      TZ: Europe/London
    ports:
      - "5054:5054/tcp"
      - "5054:5054/udp"
    networks:
      cf: # cloudflared isolated network
        ipv4_address: 172.30.9.2
  # Wireguard service
  # wg is accessible via docker exec.
  wireguard:
    container_name: WireGuard
    image: linuxserver/wireguard
    restart: unless-stopped
    ports:
      - 51820:51820/udp
      - 51820:51820/tcp
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
      - SERVERURL=pvn1924.itscinnamon.me
      - SERVERPORT=57998
      - PEERS=3
      - PEERDNS=auto
      - INTERNAL_SUBNET=10.13.13.0
      - ALLOWEDIPS=0.0.0.0/0
    volumes:
      - /home/cinnamon/dockerconfigs/networking/wireguard/config:/config
      - /lib/modules:/lib/modules
    networks:
     main:
      ipv4_address: 172.20.0.3
        #network_mode: host
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv4.ip_forward=1
      - net.ipv6.conf.all.forwarding=1
    depends_on:
      - pihole

    # Webthings: disabled 02.11.22 DNN
  #webthings:
  #  image: webthingsio/gateway
  #  container_name: WebThingsIOT
  #  environment:
  #    - TZ=Europe/London
  #  network_mode: host # otherwise it will cry at me
  #  restart: unless-stopped
  #  volumes:
  #    - /home/cinnamon/dockerconfigs/webthings/:/home/node/.webthings
  #  dns:
  #    - 172.20.0.2
  #  depends_on:
  #    - pihole


  # Torrenting services
  # QBittorrent - use port 8080 for GUI. Disabled 02.11.22
  #qbittorrent:
  #  image: linuxserver/qbittorrent
  #  container_name: qbittorrent
  #  environment:
  #    - PUID=1000
  #    - PGID=1000
  #    - TZ=Europe/London
  #    - WEBUI_PORT=8080
  #  volumes:
  #    - /home/cinnamon/dockerconfigs/torrenting/qbittorrent/blackhole:/blackhole
  #    - /home/cinnamon/dockerconfigs/torrenting/qbittorrent/config:/config
  #    - /media/pie/Torrenting/:/downloads
  #  ports:
  #    - 6881:6881/tcp
  #    - 6881:6881/udp
  #    - 8080:8080
  #  restart: unless-stopped
  #  dns: 172.20.1.2
  #  networks:
  #    torrent:
  #      ipv4_address: 172.20.1.3
  #  depends_on:
  #    - pihole

  # Jackett torrent index. Use port 9117 for GUI. Disabled 02.11.22
  #jackett:
  #  image: linuxserver/jackett
  #  container_name: jackett
  #  environment:
  #    - PUID=1000
  #    - PGID=1000
  #    - TZ=Europe/London
  #    - AUTO_UPDATE=true
  #  volumes:
  #    - /home/cinnamon/dockerconfigs/torrenting/jackett:/config
  #    - /media/pie/blackhole:/downloads
  #  ports:
  #    - 9117:9117
  #  restart: unless-stopped
  #  dns:
  #    - 172.20.1.2
  #  networks:
  #   torrent:
  #      ipv4_address: 172.20.1.4
  #  depends_on:
  #    - pihole

  # Sonarr TV torrent tracker / library maintain. Disabled 02.11.22 8989 web gui
  #sonarr:
  #  image: hotio/sonarr
  #  container_name: sonarr
  #  ports:
 #     - 8989:8989
  #  environment:
  #    - PUID=1000
  #    - PGID=1000
 #     - UMASK=002
   #   - TZ=Europe/London
   # volumes:
   #   - /home/cinnamon/dockerconfigs/torrenting/sonarr:/config
   #   - /media/pie/Torrenting:/torrents
   #   - /media/pie/MediaServe/Video/TV:/tv
   #   - /media/pie/blackhole:/blackhole
   # dns:
   #   - 172.20.1.2
   # networks:
   #   torrent:
  #      ipv4_address: 172.20.1.5
  #  depends_on:
    #  - jackett
    #  - qbittorrent
    #  - pihole

  ## Radarr - torrent tracker/index/whatever films. 7878 web gui. disabled 02.11.22
  #radarr:
  #  image: hotio/radarr
  #  container_name: radarr
  #  ports:
  #    - 7878:7878
  #  environment:
  #    - PUID=1000
  #    - PGID=1000
  #    - UMASK=002
  #    - TZ=Europe/London
  #  volumes:
  #    - /home/cinnamon/dockerconfigs/torrenting/radarr:/config
  #    - /media/pie/Torrenting:/torrents
  #    - /media/pie/MediaServe/Video/Films:/films
  #    - /media/pie/blackhole:/blackhole
  #  restart: unless-stopped
  #  dns:
  #    - 172.20.1.2
  #  networks:
  #    torrent:
  #      ipv4_address: 172.20.1.6
  #  depends_on:
  #    - jackett
  #    - qbittorrent
  #    - pihole

  # Jellyfin library thing - use web gui port 8096.
  jellyfin:
    image: lscr.io/linuxserver/jellyfin:latest
    container_name: jellyfin
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
        # - JELLYFIN_PublishedServerUrl=192.168.0.5 #optional
    volumes:
      - /media/pie/configs/jelly:/config
      - /media/pie/MediaServe/Video/TV:/data/tvshows
      - /media/pie/MediaServe/Video/Films:/data/movies
      - /opt/vc/lib:/opt/vc/lib
    ports:
      - 8096:8096
      - 8920:8920 #optional
      - 7359:7359/udp #optional
      - 1900:1900/udp #optional
    networks:
      main:
        ipv4_address: 172.20.0.16
    dns:
      - 172.20.0.2
    devices:
      - "/dev/video10:/dev/video10"
      - "/dev/video11:/dev/video11"
      - "/dev/video12:/dev/video12"
        #- "/dev/vcsm:/dev/vcsm"
      - "/dev/vchiq:/dev/vchiq"
    restart: unless-stopped

    # Home assistant. disabled 02.11.22
  #homeassistant:
  #  container_name: homeassistant
  #  image: "ghcr.io/home-assistant/home-assistant:stable"
  #  volumes:
  #    - /opt/homeassistant/config:/config
  #    - /etc/localtime:/etc/localtime:ro
  #  restart: unless-stopped
  #  privileged: true
  #  network_mode: host
  #    # wireguard:
  #    # image: lscr.io/linuxserver/wireguard:latest
  #    #  container_name: vpn
  #    # depends_on:
  #    # - pihole
  #      #environment:
  #    #      - PUID=1001
  #      #      - PGID=100
  #      #      - TZ=Europe/London
  #      #      - SERVERURL=auto
  #      #      - SERVERPORT=4242
  #      #      - PEERS=1

networks:
  # Create the internal network
  cf:
    ipam:
      config:
        - subnet: 172.30.9.0/29
  main:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/24
  torrent:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.1.0/24
          #  vpn:
    #    driver: bridge
      #    ipam:
      #      config:
        #        - subnet: 172.20.2.0/24
volumes:
  portainer_data:
	version: "3.6"
	# docker-compose.yml
	# Docker setup for RPI4 services.
	# Revision date 02.11.22

	services:
	portainer:
	container_name: Portainer
	restart: unless-stopped
	image: portainer/portainer-ce
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock
	- portainer_data:/data
	ports:
	- "8000:8000"
	- "9000:9000"
	# Networking services
	# Pihole & Cloudflared
	# Cloudflared service should not be directly accessible. Service is only exposed to pihole and pihole is exposed to all internal/external networks.
	pihole:
	container_name: PiHole
	restart: unless-stopped
	image: pihole/pihole
	environment:
	- "TZ=Europe/London"
	- "WEBPASSWORD=admin"
	- "DNS1=172.30.9.2#5054"
	- "DNS2=no" # EXPLICITLY STOP USING DNS FALLBACK (AVOID GOOGLE DNS)
	- "DNSMASQ_LISTENING=ALL" # Prevents exposing Pihole to the internet but allows the cloudflared docker
	volumes:
	- /home/cinnamon/dockerconfigs/networking/pihole/config:/etc/pihole/
	- /home/cinnamon/dockerconfigs/networking/pihole/dnsmasq:/etc/dnsmasq.d/
	ports:
	- "53:53/tcp"
	- "53:53/udp"
	- "80:32400/tcp"
	- "80:32400/udp"
	networks:
	cf: # Hidden cloudflared container network
	ipv4_address: 172.30.9.3
	main:
	ipv4_address: 172.20.0.2
	torrent:
	ipv4_address: 172.20.1.2
	depends_on:
	- cloudflared

	cloudflared:
	container_name: Cloudflared
	restart: unless-stopped
	image: visibilityspots/cloudflared
	environment:
	PORT: 5054
	ADDRESS: 0.0.0.0
	TZ: Europe/London
	ports:
	- "5054:5054/tcp"
	- "5054:5054/udp"
	networks:
	cf: # cloudflared isolated network
	ipv4_address: 172.30.9.2
	# Wireguard service
	# wg is accessible via docker exec.
	wireguard:
	container_name: WireGuard
	image: linuxserver/wireguard
	restart: unless-stopped
	ports:
	- 51820:51820/udp
	- 51820:51820/tcp
	cap_add:
	- NET_ADMIN
	- SYS_MODULE
	environment:
	- PUID=1000
	- PGID=1000
	- TZ=Europe/London
	- SERVERURL=pvn1924.itscinnamon.me
	- SERVERPORT=57998
	- PEERS=3
	- PEERDNS=auto
	- INTERNAL_SUBNET=10.13.13.0
	- ALLOWEDIPS=0.0.0.0/0
	volumes:
	- /home/cinnamon/dockerconfigs/networking/wireguard/config:/config
	- /lib/modules:/lib/modules
	networks:
	main:
	ipv4_address: 172.20.0.3
	#network_mode: host
	sysctls:
	- net.ipv4.conf.all.src_valid_mark=1
	- net.ipv4.ip_forward=1
	- net.ipv6.conf.all.forwarding=1
	depends_on:
	- pihole

	# Webthings: disabled 02.11.22 DNN
	#webthings:
	# image: webthingsio/gateway
	# container_name: WebThingsIOT
	# environment:
	# - TZ=Europe/London
	# network_mode: host # otherwise it will cry at me
	# restart: unless-stopped
	# volumes:
	# - /home/cinnamon/dockerconfigs/webthings/:/home/node/.webthings
	# dns:
	# - 172.20.0.2
	# depends_on:
	# - pihole


	# Torrenting services
	# QBittorrent - use port 8080 for GUI. Disabled 02.11.22
	#qbittorrent:
	# image: linuxserver/qbittorrent
	# container_name: qbittorrent
	# environment:
	# - PUID=1000
	# - PGID=1000
	# - TZ=Europe/London
	# - WEBUI_PORT=8080
	# volumes:
	# - /home/cinnamon/dockerconfigs/torrenting/qbittorrent/blackhole:/blackhole
	# - /home/cinnamon/dockerconfigs/torrenting/qbittorrent/config:/config
	# - /media/pie/Torrenting/:/downloads
	# ports:
	# - 6881:6881/tcp
	# - 6881:6881/udp
	# - 8080:8080
	# restart: unless-stopped
	# dns: 172.20.1.2
	# networks:
	# torrent:
	# ipv4_address: 172.20.1.3
	# depends_on:
	# - pihole

	# Jackett torrent index. Use port 9117 for GUI. Disabled 02.11.22
	#jackett:
	# image: linuxserver/jackett
	# container_name: jackett
	# environment:
	# - PUID=1000
	# - PGID=1000
	# - TZ=Europe/London
	# - AUTO_UPDATE=true
	# volumes:
	# - /home/cinnamon/dockerconfigs/torrenting/jackett:/config
	# - /media/pie/blackhole:/downloads
	# ports:
	# - 9117:9117
	# restart: unless-stopped
	# dns:
	# - 172.20.1.2
	# networks:
	# torrent:
	# ipv4_address: 172.20.1.4
	# depends_on:
	# - pihole

	# Sonarr TV torrent tracker / library maintain. Disabled 02.11.22 8989 web gui
	#sonarr:
	# image: hotio/sonarr
	# container_name: sonarr
	# ports:
	# - 8989:8989
	# environment:
	# - PUID=1000
	# - PGID=1000
	# - UMASK=002
	# - TZ=Europe/London
	# volumes:
	# - /home/cinnamon/dockerconfigs/torrenting/sonarr:/config
	# - /media/pie/Torrenting:/torrents
	# - /media/pie/MediaServe/Video/TV:/tv
	# - /media/pie/blackhole:/blackhole
	# dns:
	# - 172.20.1.2
	# networks:
	# torrent:
	# ipv4_address: 172.20.1.5
	# depends_on:
	# - jackett
	# - qbittorrent
	# - pihole

	## Radarr - torrent tracker/index/whatever films. 7878 web gui. disabled 02.11.22
	#radarr:
	# image: hotio/radarr
	# container_name: radarr
	# ports:
	# - 7878:7878
	# environment:
	# - PUID=1000
	# - PGID=1000
	# - UMASK=002
	# - TZ=Europe/London
	# volumes:
	# - /home/cinnamon/dockerconfigs/torrenting/radarr:/config
	# - /media/pie/Torrenting:/torrents
	# - /media/pie/MediaServe/Video/Films:/films
	# - /media/pie/blackhole:/blackhole
	# restart: unless-stopped
	# dns:
	# - 172.20.1.2
	# networks:
	# torrent:
	# ipv4_address: 172.20.1.6
	# depends_on:
	# - jackett
	# - qbittorrent
	# - pihole

	# Jellyfin library thing - use web gui port 8096.
	jellyfin:
	image: lscr.io/linuxserver/jellyfin:latest
	container_name: jellyfin
	environment:
	- PUID=1000
	- PGID=1000
	- TZ=Europe/London
	# - JELLYFIN_PublishedServerUrl=192.168.0.5 #optional
	volumes:
	- /media/pie/configs/jelly:/config
	- /media/pie/MediaServe/Video/TV:/data/tvshows
	- /media/pie/MediaServe/Video/Films:/data/movies
	- /opt/vc/lib:/opt/vc/lib
	ports:
	- 8096:8096
	- 8920:8920 #optional
	- 7359:7359/udp #optional
	- 1900:1900/udp #optional
	networks:
	main:
	ipv4_address: 172.20.0.16
	dns:
	- 172.20.0.2
	devices:
	- "/dev/video10:/dev/video10"
	- "/dev/video11:/dev/video11"
	- "/dev/video12:/dev/video12"
	#- "/dev/vcsm:/dev/vcsm"
	- "/dev/vchiq:/dev/vchiq"
	restart: unless-stopped

	# Home assistant. disabled 02.11.22
	#homeassistant:
	# container_name: homeassistant
	# image: "ghcr.io/home-assistant/home-assistant:stable"
	# volumes:
	# - /opt/homeassistant/config:/config
	# - /etc/localtime:/etc/localtime:ro
	# restart: unless-stopped
	# privileged: true
	# network_mode: host
	# # wireguard:
	# # image: lscr.io/linuxserver/wireguard:latest
	# # container_name: vpn
	# # depends_on:
	# # - pihole
	# #environment:
	# # - PUID=1001
	# # - PGID=100
	# # - TZ=Europe/London
	# # - SERVERURL=auto
	# # - SERVERPORT=4242
	# # - PEERS=1

	networks:
	# Create the internal network
	cf:
	ipam:
	config:
	- subnet: 172.30.9.0/29
	main:
	driver: bridge
	ipam:
	config:
	- subnet: 172.20.0.0/24
	torrent:
	driver: bridge
	ipam:
	config:
	- subnet: 172.20.1.0/24
	# vpn:
	# driver: bridge
	# ipam:
	# config:
	# - subnet: 172.20.2.0/24
	volumes:
	portainer_data: