first commit

2026-03-15 01:00:14 +01:00
commit c1a4025697
6 changed files with 529 additions and 0 deletions
--- a/network/docker-compose.yml
+++ b/network/docker-compose.yml
@@ -0,0 +1,96 @@
+services:
+
+  nginxpm:
+    image: jc21/nginx-proxy-manager:latest
+    container_name: nginxpm
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "81:81"
+      - "443:443"
+    environment:
+      PUID: 1000
+      PGID: 1000
+    volumes:
+      - ./nginxpm/data:/data
+      - ./nginxpm/letsencrypt:/etc/letsencrypt
+      - ./nginxpm/custom:/data/nginx/custom
+    networks:
+      - proxy
+      - media
+      - misc
+      - productivity
+      - overleaf
+      - administration
+
+  adguard:
+    image: adguard/adguardhome:latest
+    container_name: adguard
+    restart: unless-stopped
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+      - "3000:3000"
+    volumes:
+      - ./adguard/conf:/opt/adguardhome/conf
+      - ./adguard/work:/opt/adguardhome/work
+    networks:
+      - proxy
+
+  wg-easy:
+    image: ghcr.io/wg-easy/wg-easy:latest
+    container_name: wg-easy
+    restart: unless-stopped
+    environment:
+      - LANG=en
+      - WG_HOST=focaccinacamog.li
+      - PASSWORD_HASH=${WG_EASY_PW_HASH}
+      - WG_PORT=51820
+      - WG_DEFAULT_ADDRESS=10.8.0.x
+      - WG_DEFAULT_DNS=172.20.0.2
+      - WG_ALLOWED_IPS=0.0.0.0/0
+      - WG_PERSISTENT_KEEPALIVE=25
+    volumes:
+      - ./wireguard:/etc/wireguard
+    ports:
+      - "51820:51820/udp"
+      - "51821:51821/tcp"                  # UI web
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.src_valid_mark=1
+    networks:
+      - proxy
+
+  fail2ban:
+    image: lscr.io/linuxserver/fail2ban:latest
+    container_name: fail2ban
+    cap_add:
+      - NET_ADMIN
+      - NET_RAW
+    network_mode: host
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+      - VERBOSITY=-vv
+    volumes:
+      - ./fail2ban/config:/config
+      - /var/log:/var/log:ro
+    restart: unless-stopped
+
+networks:
+  proxy:
+    driver: bridge
+  media:
+    external: true
+  misc:
+    external: true
+  productivity:
+    external: true
+  overleaf:
+    external: true
+  administration:
+    external: true