cfff4d735b
Add searxng service bound to Tailscale IP 100.111.160.84:8888 for internal LocalScout searches. Pinned to image digest for reproducibility.
135 lines
3.3 KiB
YAML
135 lines
3.3 KiB
YAML
services:
|
|
# ============================================================
|
|
# Edge Layer — Reverse Proxy + Security + DDNS
|
|
# ============================================================
|
|
home-caddy:
|
|
image: caddy:2-alpine
|
|
container_name: home-caddy
|
|
restart: unless-stopped
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "443:443/udp"
|
|
volumes:
|
|
- ./caddy/Caddyfile:/etc/caddy/Caddyfile:ro
|
|
- ./caddy/logs:/var/log/caddy
|
|
- caddy_data:/data
|
|
- caddy_config:/config
|
|
extra_hosts:
|
|
- "host.docker.internal:host-gateway"
|
|
depends_on:
|
|
gpu-hub-api:
|
|
condition: service_healthy
|
|
networks:
|
|
- gateway-net
|
|
- komga_default
|
|
- hyungi_document_server_default
|
|
|
|
home-fail2ban:
|
|
image: crazymax/fail2ban:latest
|
|
container_name: home-fail2ban
|
|
restart: unless-stopped
|
|
network_mode: host
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
volumes:
|
|
- ./fail2ban/data:/data
|
|
- ./caddy/logs:/var/log/caddy:ro
|
|
- ./fail2ban/jail.local:/etc/fail2ban/jail.local:ro
|
|
environment:
|
|
- TZ=Asia/Seoul
|
|
- F2B_LOG_LEVEL=INFO
|
|
|
|
home-ddns-vpn:
|
|
image: oznu/cloudflare-ddns:latest
|
|
container_name: home-ddns-vpn
|
|
restart: unless-stopped
|
|
env_file:
|
|
- ./ddns/.env
|
|
environment:
|
|
- ZONE=hyungi.net
|
|
- SUBDOMAIN=vpn
|
|
- PROXIED=false
|
|
|
|
home-ddns-mail:
|
|
image: oznu/cloudflare-ddns:latest
|
|
container_name: home-ddns-mail
|
|
restart: unless-stopped
|
|
env_file:
|
|
- ./ddns/.env
|
|
environment:
|
|
- ZONE=hyungi.net
|
|
- SUBDOMAIN=mail
|
|
- PROXIED=false
|
|
|
|
# ============================================================
|
|
# GPU Hub — AI Backend Router + Web UI
|
|
# ============================================================
|
|
gpu-hub-api:
|
|
build: ./hub-api
|
|
container_name: gpu-hub-api
|
|
restart: unless-stopped
|
|
environment:
|
|
- OWNER_PASSWORD=${OWNER_PASSWORD}
|
|
- GUEST_PASSWORD=${GUEST_PASSWORD}
|
|
- JWT_SECRET=${JWT_SECRET}
|
|
- BACKENDS_CONFIG=/app/config/backends.json
|
|
- CORS_ORIGINS=${CORS_ORIGINS:-http://localhost:5173}
|
|
- DB_PATH=/app/data/gateway.db
|
|
volumes:
|
|
- hub_data:/app/data
|
|
- ./backends.json:/app/config/backends.json:ro
|
|
extra_hosts:
|
|
- "host.docker.internal:host-gateway"
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
|
|
interval: 15s
|
|
timeout: 5s
|
|
retries: 3
|
|
networks:
|
|
- gateway-net
|
|
|
|
gpu-hub-web:
|
|
build: ./hub-web
|
|
container_name: gpu-hub-web
|
|
restart: unless-stopped
|
|
networks:
|
|
- gateway-net
|
|
|
|
searxng:
|
|
image: searxng/searxng@sha256:34d13094b1150bba739e16c95b7334040a524aadb557fbdbc41a42827aae5f8b
|
|
container_name: searxng
|
|
restart: unless-stopped
|
|
ports:
|
|
- "100.111.160.84:8888:8080"
|
|
environment:
|
|
- SEARXNG_BASE_URL=http://100.111.160.84:8888/
|
|
- INSTANCE_NAME=localscout-pra
|
|
networks:
|
|
- gateway-net
|
|
healthcheck:
|
|
test: ["CMD", "wget", "-q", "-O", "-", "http://localhost:8080/"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 30s
|
|
logging:
|
|
driver: json-file
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
|
|
volumes:
|
|
caddy_data:
|
|
caddy_config:
|
|
hub_data:
|
|
|
|
networks:
|
|
gateway-net:
|
|
name: home-gateway-network
|
|
komga_default:
|
|
external: true
|
|
hyungi_document_server_default:
|
|
external: true
|