forked from IAmStoxe/wirehole
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
144 lines (138 loc) · 3.67 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
version: "3"
networks:
private_network:
ipam:
driver: default
config:
- subnet: 10.2.0.0/24
services:
unbound:
image: "mvance/unbound:latest"
container_name: unbound
restart: unless-stopped
hostname: "unbound"
volumes:
- "./unbound:/opt/unbound/etc/unbound/"
networks:
private_network:
ipv4_address: 10.2.0.200
wireguard:
depends_on: [unbound, pihole]
image: linuxserver/wireguard
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1000
- PGID=1000
- TZ=America/Los_Angeles # Change to your timezone
- SERVERPORT=51820
#- SERVERURL=my.ddns.net #optional - For use with DDNS (Uncomment to use)
- PEERS=1 # How many peers to generate for you (clients)
- PEERDNS=10.2.0.100 # Set it to point to pihole
- INTERNAL_SUBNET=10.6.0.0
volumes:
- ./wireguard:/config
- /lib/modules:/lib/modules
ports:
- "51820:51820/udp"
dns:
- 10.2.0.100 # Points to pihole
- 10.2.0.200 # Points to unbound
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
labels: "wireguard"
restart: unless-stopped
networks:
private_network:
ipv4_address: 10.2.0.3
pihole:
depends_on: [unbound]
container_name: pihole
image: pihole/pihole:latest
restart: unless-stopped
hostname: pihole
dns:
- 127.0.0.1
- 10.2.0.200 # Points to unbound
environment:
TZ: "America/Los_Angeles"
WEBPASSWORD: "" # Blank password - Can be whatever you want.
ServerIP: 10.2.0.100 # Internal IP of pihole
DNS1: 10.2.0.200 # Unbound IP
DNS2: 10.2.0.200 # If we don't specify two, it will auto pick google.
# Volumes store your data between container upgrades
volumes:
- "./etc-pihole/:/etc/pihole/"
- "./etc-dnsmasq.d/:/etc/dnsmasq.d/"
# Recommended but not required (DHCP needs NET_ADMIN)
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
cap_add:
- NET_ADMIN
networks:
private_network:
ipv4_address: 10.2.0.100
shadowsocks:
depends_on: [unbound, pihole]
image: shadowsocks/shadowsocks-libev:latest
container_name: shadowsocks
environment:
- TZ=America/Los_Angeles
- PASSWORD=Your_password
- METHOD=chacha20-ietf-poly1305
- ARGS=--fast-open
- SERVER_ADDR=10.2.0.50
- DNS_ADDRS=10.2.0.100,10.2.0.200
ports:
- "8388:8388"
- "8388:8388/udp"
volumes:
- ./shadowsock:/etc/shadowsocks-libev
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
labels: "shadowsocks"
restart: unless-stopped
networks:
private_network:
ipv4_address: 10.2.0.50
wireguard-ui:
depends_on: [wireguard]
container_name: wireguard-ui
image: ngoduykhanh/wireguard-ui:latest
restart: unless-stopped
hostname: wireguard-ui
dns:
- 127.0.0.1
- 10.2.0.200 # Points to unbound
environment:
- SENDGRID_API_KEY
- EMAIL_FROM_ADDRESS
- EMAIL_FROM_NAME
- SESSION_SECRET
- WGUI_USERNAME=admin
- WGUI_PASSWORD=password
- WG_CONF_TEMPLATE
- WGUI_MANAGE_START=true
- WGUI_MANAGE_RESTART=true
- WGUI_SERVER_INTERFACE_ADDRESSES=10.2.0.0/24
logging:
driver: json-file
options:
max-size: 50m
volumes:
- ./db:/app/db
- ./wireguard:/etc/wireguard
cap_add:
- NET_ADMIN
networks:
private_network:
ipv4_address: 10.2.0.10