From a60f4aa4140cb49cd5520156b2d15eae551c4c41 Mon Sep 17 00:00:00 2001 From: "R. Gierwialo" Date: Tue, 1 Apr 2025 18:03:17 +0000 Subject: [PATCH] Initial commit --- core_services/docker-compose.yaml | 157 ++++++++++++++++++ homeassistant/docker-compose.yml | 124 +++++++++++++++ omada/docker-compose.yml | 46 ++++++ paperless/docker-compose.yml | 106 +++++++++++++ selfhosted_db/docker-compose.yaml | 62 ++++++++ selfhosted_extra/docker-compose.yaml | 72 +++++++++ selfhosted_services/docker-compose.yaml | 201 ++++++++++++++++++++++++ static_pages/docker-compose.yaml | 91 +++++++++++ vault/docker-compose.yaml | 33 ++++ 9 files changed, 892 insertions(+) create mode 100644 core_services/docker-compose.yaml create mode 100644 homeassistant/docker-compose.yml create mode 100644 omada/docker-compose.yml create mode 100644 paperless/docker-compose.yml create mode 100644 selfhosted_db/docker-compose.yaml create mode 100644 selfhosted_extra/docker-compose.yaml create mode 100644 selfhosted_services/docker-compose.yaml create mode 100644 static_pages/docker-compose.yaml create mode 100644 vault/docker-compose.yaml diff --git a/core_services/docker-compose.yaml b/core_services/docker-compose.yaml new file mode 100644 index 0000000..62f26c1 --- /dev/null +++ b/core_services/docker-compose.yaml @@ -0,0 +1,157 @@ +version: '3.6' +services: + zerotier: + image: "zyclonite/zerotier:router" + container_name: core_zerotier + devices: + - /dev/net/tun + networks: + internal_traffic: + ipv4_address: 192.168.2.254 + volumes: + - data_zerotier:/var/lib/zerotier-one + cap_add: + - NET_ADMIN + - SYS_ADMIN + - NET_RAW + restart: unless-stopped + deploy: + resources: + limits: + cpus: '1' + memory: 128M + environment: + - TZ=Etc/UTC + - PUID=999 + - PGID=994 + - ZEROTIER_ONE_LOCAL_PHYS=eth0 + - ZEROTIER_ONE_USE_IPTABLES_NFT=false + - ZEROTIER_ONE_GATEWAY_MODE=both + - ZEROTIER_ONE_NETWORK_IDS=8286ac0e4750c5f3 + depends_on: + - http_proxy + mail: + image: 'boky/postfix' + container_name: core_mail + networks: + internal_traffic: + ipv4_address: 192.168.2.20 + restart: unless-stopped + deploy: + resources: + limits: + cpus: '0.50' + memory: 128M + environment: + - RELAYHOST=smtp.gmail.com:587 + - RELAYHOST_USERNAME=${RELAYHOST_USERNAME} + - RELAYHOST_PASSWORD=${RELAYHOST_PASSWORD} + - ALLOWED_SENDER_DOMAINS=gmail.com gierwialo.com eldorado.city radziel.com + http_proxy: + image: 'jc21/nginx-proxy-manager:2.9.14' + container_name: core_proxy + restart: unless-stopped + deploy: + resources: + limits: + cpus: '0.50' + memory: 256M + networks: + internal_traffic: + ipv4_address: 192.168.2.253 + volumes: + - data_nginx_manager:/data + - data_letsencrypt:/etc/letsencrypt + depends_on: + - syslog + http_proxy2: + image: docker.io/zoeyvid/npmplus:latest + container_name: core_proxy2 + restart: unless-stopped + deploy: + resources: + limits: + cpus: '0.50' + memory: 256M + networks: + internal_traffic: + ipv4_address: 192.168.2.253 + volumes: + - "data_nginx_managerplus:/data" + environment: + - "TZ=Europe/Warsaw" + - "ACME_EMAIL=certs@radziel.com" # email address which should be used for acme, currently optional, may be required in the future, so I recommend you to enter your email here, optional for letsencrypt, but required for zerossl and google public ca + depends_on: + - syslog + + syslog: + image: rgsyslog + hostname: syslog + container_name: core_syslog + network_mode: host + restart: always + deploy: + resources: + limits: + cpus: '0.50' + memory: 128M + volumes: + - data_logs:/var/log + ports: + - 514:514 + - 514:514/udp + cap_add: + - SYSLOG + + ups: + image: instantlinux/nut-upsd + container_name: core_ups + network_mode: host + privileged: true + restart: always + deploy: + resources: + limits: + cpus: '0.50' + memory: 128M + devices: + - /dev/bus/usb:/dev/bus/usb + environment: + - PORT=auto + - NAME=eaton3s + - API_USER=upsmon + - API_PASSWORD=pass + - VENDORID=0463 + - PRODUCTID=ffff + - POLLINTERVAL=5 + - SDORDER=-1 + cap_add: + - SYS_ADMIN + volumes: + - data_ups:/etc/nut +volumes: + + data_zerotier: + external: true + + data_nginx_managerplus: + external: true + + data_nginx_manager: + external: true + + data_letsencrypt_backup: + external: true + + data_letsencrypt: + external: true + + data_logs: + external: true + + data_ups: + external: true + +networks: + internal_traffic: + external: true diff --git a/homeassistant/docker-compose.yml b/homeassistant/docker-compose.yml new file mode 100644 index 0000000..9b812ca --- /dev/null +++ b/homeassistant/docker-compose.yml @@ -0,0 +1,124 @@ +version: "3" + +networks: + internal_traffic: + external: true +services: + go2rtc: + container_name: ha_rtc + image: alexxit/go2rtc:1.9.8 + network_mode: host + privileged: true + restart: unless-stopped + environment: + - TZ=Europe/Warsaw + volumes: + - "/srv/docker/config/homeassistant/go2rtc:/config" + + ha_influxdb: + image: influxdb:1.8.10 + container_name: ha_influxdb + restart: always + networks: + internal_traffic: + ipv4_address: 192.168.24.30 + deploy: + resources: + limits: + cpus: '1' + memory: 512M + expose: + - 8086 + volumes: + - /srv/docker/config/homeassistant/influxdb/data:/var/lib/influxdb + - /srv/docker/config//srv/docker/config/homeassistant/homeassistant/influxdb/influxdb.conf:/etc/influxdb/influxdb.conf:ro + - /srv/docker/config/homeassistant/influxdb/init:/docker-entrypoint-initdb.d + environment: + - INFLUXDB_ADMIN_USER=${INFLUXDB_USERNAME} # sourced from .env + - INFLUXDB_ADMIN_PASSWORD=${INFLUXDB_PASSWORD} # sourced from .env + + #chronograf: + # container_name: chronograf + # restart: always + # image: chronograf:latest + # expose: + # - 8888 + # depends_on: + # - influxdb + # networks: + # internal_traffic: + # ipv4_address: 192.168.24.25 + # environment: + # - INFLUXDB_URL=http://influxdb:8086 # needs to match container_name + # - INFLUXDB_USERNAME=${INFLUXDB_USERNAME} # sourced from .env + # - INFLUXDB_PASSWORD=${INFLUXDB_PASSWORD} # sourced from .env + + ha_mosquitto: + image: eclipse-mosquitto:latest + container_name: ha_mosquitto + restart: unless-stopped + networks: + internal_traffic: + ipv4_address: 192.168.24.20 + deploy: + resources: + limits: + cpus: '0.5' + memory: 128M + ports: + - "1883:1883" + - "9001:9001" + expose: + - 1883 + - 9001 + volumes: + - /srv/docker/config/homeassistant/mosquitto/config/mosquitto.conf:/mosquitto/config/mosquitto.conf + - /srv/docker/config/homeassistant/mosquitto/data:/mosquitto/data + - /srv/docker/config/homeassistant/mosquitto/log/:/mosquitto/log + + ha_zigbee2mqtt: + image: koenkk/zigbee2mqtt:1.42.0 + container_name: ha_zigbee2mqtt + restart: unless-stopped + privileged: true + deploy: + resources: + limits: + cpus: '1' + memory: 256M + + expose: + - 8080 + volumes: + - /run/udev:/run/udev:ro + - /srv/docker/config/homeassistant/zigbee2mqtt:/app/data + devices: + - /dev/ttyACM0:/dev/ttyACM0 + networks: + internal_traffic: + ipv4_address: 192.168.24.15 + environment: + - TZ=Europe/Warsaw + depends_on: + - ha_mosquitto + + ha_core: + container_name: ha_core + restart: unless-stopped + image: ghcr.io/home-assistant/home-assistant:stable + deploy: + resources: + limits: + cpus: '2' + memory: 2G + + depends_on: + - ha_zigbee2mqtt + - ha_influxdb + networks: + internal_traffic: + ipv4_address: 192.168.24.10 + + volumes: + - /etc/localtime:/etc/localtime:ro + - /srv/docker/config/homeassistant/core:/config diff --git a/omada/docker-compose.yml b/omada/docker-compose.yml new file mode 100644 index 0000000..fcb4a1e --- /dev/null +++ b/omada/docker-compose.yml @@ -0,0 +1,46 @@ +version: "3.1" + +services: + omada-controller: + container_name: self_omada + hostname: self_omada + image: mbentley/omada-controller:5.14 + restart: no + deploy: + resources: + limits: + cpus: '1' + memory: 2G + ulimits: + nofile: + soft: 4096 + hard: 8192 + stop_grace_period: 60s + network_mode: host + environment: + - PUID=508 + - PGID=508 + - MANAGE_HTTP_PORT=8088 + - MANAGE_HTTPS_PORT=8043 + - PORTAL_HTTP_PORT=8088 + - PORTAL_HTTPS_PORT=8843 + - PORT_APP_DISCOVERY=27001 + - PORT_ADOPT_V1=29812 + - PORT_UPGRADE_V1=29813 + - PORT_MANAGER_V1=29811 + - PORT_MANAGER_V2=29814 + - PORT_DISCOVERY=29810 + - PORT_TRANSFER_V2=29815 + - PORT_RTTY=29816 + - SHOW_SERVER_LOGS=true + - SHOW_MONGODB_LOGS=false + - SSL_CERT_NAME=tls.crt + - SSL_KEY_NAME=tls.key + - TZ=Etc/UTC + volumes: + - omada-data:/opt/tplink/EAPController/data + - omada-logs:/opt/tplink/EAPController/logs + +volumes: + omada-data: + omada-logs: diff --git a/paperless/docker-compose.yml b/paperless/docker-compose.yml new file mode 100644 index 0000000..eaa2409 --- /dev/null +++ b/paperless/docker-compose.yml @@ -0,0 +1,106 @@ +# docker-compose file for running paperless from the Docker Hub. +# This file contains everything paperless needs to run. +# Paperless supports amd64, arm and arm64 hardware. +# +# All compose files of paperless configure paperless in the following way: +# +# - Paperless is (re)started on system boot, if it was running before shutdown. +# - Docker volumes for storing data are managed by Docker. +# - Folders for importing and exporting files are created in the same directory +# as this file and mounted to the correct folders inside the container. +# - Paperless listens on port 8000. +# +# SQLite is used as the database. The SQLite file is stored in the data volume. +# +# To install and update paperless with this file, do the following: +# +# - Copy this file as 'docker-compose.yml' and the files 'docker-compose.env' +# and '.env' into a folder. +# - Run 'docker-compose pull'. +# - Run 'docker-compose run --rm webserver createsuperuser' to create a user. +# - Run 'docker-compose up -d'. +# +# For more extensive installation and update instructions, refer to the +# documentation. + +version: "3.4" +services: +# pa_samba: +# image: ghcr.io/servercontainers/samba:smbd-only-latest +# container_name: pa_samba +# restart: unless-stopped +# environment: +# ACCOUNT_paperless: paperless +# UID_paperless: 1000 +# SAMBA_VOLUME_CONFIG_paperless: "[paperless]; path=/shares/consume; available = yes; browsable = yes; writable = yes; read only = no; force user = paperless; public = yes; guest ok = yes" +# volumes: +# - ./consume:/shares/consume +# ports: +# - 445:445 +# deploy: +# resources: +# limits: +# cpus: '0.50' +# memory: 128M + + pa_broker: + image: docker.io/library/redis:7 + restart: unless-stopped + container_name: pa_redis + deploy: + resources: + limits: + cpus: '0.50' + memory: 128M + volumes: + - data_pa_redisdata:/data + networks: + internal_traffic: + ipv4_address: 192.168.4.10 + + pa_webserver: + image: ghcr.io/paperless-ngx/paperless-ngx:2.12.1 + restart: unless-stopped + container_name: pa_webserver + deploy: + resources: + limits: + cpus: '1' + memory: 1G + depends_on: + - pa_broker + ports: + - "8000:8000" + healthcheck: + test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000"] + interval: 30s + timeout: 10s + retries: 5 + volumes: + - data_pa:/usr/src/paperless/data + - data_pa_media:/usr/src/paperless/media + - ./export:/usr/src/paperless/export + - ./consume:/usr/src/paperless/consume + networks: + internal_traffic: + ipv4_address: 192.168.4.15 + + env_file: .env + environment: + PAPERLESS_REDIS: redis://pa_broker:6379 + PAPERLESS_USE_X_FORWARD_HOST: true + PAPERLESS_USE_X_FORWARD_PORT: true + PAPERLESS_OCR_USER_ARGS: '{"invalidate_digital_signatures": true}' + #PAPERLESS_PROXY_SSL_HEADER: '{"HTTP_X_FORWARDED_PROTO", "https"]' + +volumes: + data_pa: + external: true + data_pa_media: + external: true + data_pa_redisdata: + external: true +networks: + internal_traffic: + external: true + diff --git a/selfhosted_db/docker-compose.yaml b/selfhosted_db/docker-compose.yaml new file mode 100644 index 0000000..d47366b --- /dev/null +++ b/selfhosted_db/docker-compose.yaml @@ -0,0 +1,62 @@ +version: '3.6' +services: + postgres: + image: postgres:13 + container_name: self_postgres + volumes: + - data_postgres:/var/lib/postgresql/data + expose: + - 5432 + networks: + internal_traffic: + ipv4_address: 192.168.3.41 + +# deploy: +# resources: +# limits: +# cpus: '0.50' +# memory: 1024M + + restart: unless-stopped + + environment: + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + - POSTGRES_USER=${POSTGRES_USER} + - POSTGRES_DB=${POSTGRES_DATABASE} + + adminer: + image: ghcr.io/shyim/adminerevo:latest + hostname: self_adminer + container_name: self_adminer + restart: always + networks: + internal_traffic: + ipv4_address: 192.168.3.47 + environment: + - AMINER_PLUGINS='tables-filter tinymce' + + mysql: + image: mysql:8.4 + hostname: self_mysql + container_name: self_mysql + networks: + internal_traffic: + ipv4_address: 192.168.3.42 + restart: unless-stopped + env_file: .env + volumes: + - data_mysql:/var/lib/mysql + deploy: + resources: + limits: + cpus: '0.50' + memory: 512M +volumes: + data_postgres: + external: true + data_mysql: + external: true + +networks: + internal_traffic: + external: true diff --git a/selfhosted_extra/docker-compose.yaml b/selfhosted_extra/docker-compose.yaml new file mode 100644 index 0000000..fafa9ef --- /dev/null +++ b/selfhosted_extra/docker-compose.yaml @@ -0,0 +1,72 @@ +version: '3.6' +services: + portainer: + image: portainer/portainer-ce:2.20.3 + container_name: self_portainer + networks: + internal_traffic: + ipv4_address: 192.168.3.50 + deploy: + resources: + limits: + cpus: '0.50' + memory: 128M + volumes: + - data_portainer:/data + - /var/run/docker.sock:/var/run/docker.sock + restart: no + browserless: + image: dgtlmoon/sockpuppetbrowser:latest + container_name: self_browserless + environment: + - DEFAULT_LAUNCH_ARGS="--window-size=1920,1080" + shm_size: 2g + deploy: + resources: + limits: + cpus: '1' + memory: 2G + restart: no + networks: + internal_traffic: + ipv4_address: 192.168.3.61 + changedetection: + image: dgtlmoon/changedetection.io:0.45.23 + container_name: self_changedetection + networks: + internal_traffic: + ipv4_address: 192.168.3.60 + deploy: + resources: + limits: + cpus: '1' + memory: 512M + restart: no + environment: + - PLAYWRIGHT_DRIVER_URL=ws://self_browserless:3000 + depends_on: + - browserless + + volumes: + - data_changedetection:/datastore + #unifi: + # image: jacobalberty/unifi:7.3 + # container_name: self_unifi + # networks: + # internal_traffic: + # ipv4_address: 192.168.3.70 + # volumes: + # - data_unifi:/unifi + # environment: + # - TZ=Europe/Warsaw + # restart: unless-stopped +volumes: + data_portainer: + external: true + data_changedetection: + external: true + data_unifi: + external: true +networks: + internal_traffic: + external: true diff --git a/selfhosted_services/docker-compose.yaml b/selfhosted_services/docker-compose.yaml new file mode 100644 index 0000000..fc9ff13 --- /dev/null +++ b/selfhosted_services/docker-compose.yaml @@ -0,0 +1,201 @@ +services: + shaarli: + image: shaarli:latest + container_name: self_shaarli + networks: + internal_traffic: + ipv4_address: 192.168.3.10 + volumes: + - data_shaarli:/var/www/shaarli/data + - data_shaarli_cache:/var/www/shaarli/cache + + restart: no + deploy: + resources: + limits: + cpus: '0.50' + memory: 128M + gitea: + image: kunde21/gitea-arm:latest + container_name: self_gitea + networks: + internal_traffic: + ipv4_address: 192.168.3.20 + volumes: + - data_gitea:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + restart: no + deploy: + resources: + limits: + cpus: '0.50' + memory: 128M + + + selfoss: + container_name: self_selfoss + image: rsprta/selfoss + restart: no + deploy: + resources: + limits: + cpus: '0.50' + memory: 128M + networks: + internal_traffic: + ipv4_address: 192.168.3.30 + volumes: + - data_selfoss:/selfoss/data + tube: + image: jellyfin/jellyfin:latest + container_name: self_jellyfin + networks: + internal_traffic: + ipv4_address: 192.168.3.37 + volumes: + - "/opt/jellyfin/config:/config" + - "/opt/jellyfin/cache:/cache" + - "/opt/jellyfin/media:/media" + + calibre: + image: lscr.io/linuxserver/calibre-web:latest + #image: rgcalibre:0.6.24 + container_name: self_calibre + environment: + #- PUID=1000 + #- PGID=1000 + - TZ=Europe/Warsaw + #- DOCKER_MODS=linuxserver/mods:universal-calibre #optional + - CALIBRE_PORT=80 + deploy: + resources: + limits: + cpus: '0.50' + memory: 512M + volumes: + - data_calibre_config:/config + - /opt/books:/books + restart: unless-stopped + networks: + internal_traffic: + ipv4_address: 192.168.3.38 + #postgres: + # image: postgres:13 + # container_name: self_postgres + # volumes: + # #- /mnt/docker/joplin/postgres:/var/lib/postgresql/data + # - data_postgres:/var/lib/postgresql/data + # expose: + # - 5432 + # networks: + # internal_traffic: + # ipv4_address: 192.168.3.41 + # + # restart: unless-stopped + # + # environment: + # - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + # - POSTGRES_USER=${POSTGRES_USER} + # - POSTGRES_DB=${POSTGRES_DATABASE} + joplin: + image: florider89/joplin-server:2.14.2 + container_name: self_joplin + networks: + internal_traffic: + ipv4_address: 192.168.3.40 + #depends_on: + # - postgres + deploy: + resources: + limits: + cpus: '1.0' + memory: 1024M + restart: no + environment: + - APP_PORT=443 + - APP_BASE_URL=${APP_BASE_URL} + - DB_CLIENT=pg + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + - POSTGRES_DATABASE=${POSTGRES_DATABASE} + - POSTGRES_USER=${POSTGRES_USER} + - POSTGRES_PORT=${POSTGRES_PORT} + - POSTGRES_HOST=self_postgres + +# nextcloud: +# image: nextcloud +# container_name: self_nextcloud +# restart: no +# networks: +# internal_traffic: +# ipv4_address: 192.168.3.70 +# deploy: +# resources: +# limits: +# cpus: '0.50' +# memory: 128M +# volumes: +# - data_nextcloud_storage:/var/www/html +# environment: +# - OVERWRITEPROTOCOL=https + + firefly_importer: + image: fireflyiii/data-importer:latest + hostname: self_firefly_importer + restart: always + container_name: self_firefly_importer + depends_on: + - firefly + env_file: firefly_importer.env + networks: + internal_traffic: + ipv4_address: 192.168.3.74 + + firefly: + image: fireflyiii/core:latest + hostname: self_firefly + container_name: self_firefly + restart: always + deploy: + resources: + limits: + cpus: '0.50' + memory: 512M + + volumes: + - data_firefly:/var/www/html/storage/upload + env_file: firefly.env + networks: + internal_traffic: + ipv4_address: 192.168.3.75 + + +volumes: + data_nextcloud_storage: + external: true + + data_shaarli: + external: true + + data_shaarli_cache: + external: true + + data_gitea: + external: true + + data_selfoss: + external: true + + data_postgres: + external: true + + data_firefly: + external: true + + data_calibre_config: + external: true + + +networks: + internal_traffic: + external: true diff --git a/static_pages/docker-compose.yaml b/static_pages/docker-compose.yaml new file mode 100644 index 0000000..5ae83ee --- /dev/null +++ b/static_pages/docker-compose.yaml @@ -0,0 +1,91 @@ +version: '3.6' +services: + www_radoslawgierwialo: + container_name: static_radoslawgierwialo + image: nginxinc/nginx-unprivileged:1.22-alpine + deploy: + resources: + limits: + cpus: '0.50' + memory: 128M + volumes: + - www_public_radoslawgierwialo:/usr/share/nginx/html + networks: + internal_traffic: + ipv4_address: 192.168.16.10 + + restart: unless-stopped + + www_rgierwialo: + container_name: static_rgierwialo + image: linuxserver/grav:version-1.7.38 + deploy: + resources: + limits: + cpus: '0.50' + memory: 128M + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Warsaw + volumes: + - www_public_rgierwialo:/config + networks: + internal_traffic: + ipv4_address: 192.168.16.20 + + + restart: unless-stopped + + www_8focus: + container_name: static_8focus + image: nginxinc/nginx-unprivileged:1.22-alpine + deploy: + resources: + limits: + cpus: '0.50' + memory: 128M + volumes: + - www_public_8focus:/usr/share/nginx/html + networks: + internal_traffic: + ipv4_address: 192.168.16.30 + + restart: unless-stopped + + www_radziel: + container_name: static_radziel + image: linuxserver/grav:version-1.7.38 + deploy: + resources: + limits: + cpus: '0.50' + memory: 128M + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Warsaw + volumes: + - www_public_radziel:/config + networks: + internal_traffic: + ipv4_address: 192.168.16.40 + + restart: unless-stopped + +volumes: + www_public_radoslawgierwialo: + external: true + + www_public_rgierwialo: + external: true + + www_public_8focus: + external: true + + www_public_radziel: + external: true + +networks: + internal_traffic: + external: true diff --git a/vault/docker-compose.yaml b/vault/docker-compose.yaml new file mode 100644 index 0000000..55b81b0 --- /dev/null +++ b/vault/docker-compose.yaml @@ -0,0 +1,33 @@ +version: '3.6' +services: + vault: + image: sftp + container_name: core_vault + networks: + internal_traffic: + ipv4_address: 192.168.2.100 + deploy: + resources: + limits: + cpus: '0.50' + memory: 64M + volumes: + - data_vault:/home/rg/vault:rw + - /srv/docker/config/vault/sshd_config:/etc/ssh/sshd_config + - /srv/docker/config/vault/ssh_host_ed25519_key:/etc/ssh/ssh_host_ed25519_key + - /srv/docker/config/vault/ssh_host_rsa_key:/etc/ssh/ssh_host_rsa_key + - /srv/docker/config/vault/ssh_host_ed25519_key.pub:/home/rg/.ssh/keys/ssh_host_ed25519_key.pub:ro + - /srv/docker/config/vault/ssh_host_rsa_key.pub:/home/rg/.ssh/keys/ssh_host_rsa_key.pub:ro + - /srv/docker/config/vault/device_TROFEO.pub:/home/rg/.ssh/keys/device_TROEO.pub:ro + - /srv/docker/config/vault/device_MATE20PRO.pub:/home/rg/.ssh/keys/device_MATE20PRO.pub:ro + - /srv/docker/config/vault/device_XT3.pub:/home/rg/.ssh/keys/device_XT3.pub:ro + - /srv/docker/config/vault/device_S24ULTRA.pub:/home/rg/.ssh/keys/device_S24ULTRA.pub:ro + command: rg:::::vault + restart: unless-stopped +volumes: + data_vault: + external: true + +networks: + internal_traffic: + external: true