-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathdocker-compose.yml
136 lines (123 loc) · 3.91 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
networks:
private_network:
driver: bridge
driver_opts:
com.docker.network.bridge.enable_icc: "true"
attachable: true
internal: false
ipam:
config:
- subnet: 10.2.0.0/24
services:
dnscrypt:
depends_on: [wiregate]
image: "noxcis/dnscrypt:latest"
restart: unless-stopped
container_name: dnscrypt
volumes:
- ./configs/dnscrypt:/config
networks:
private_network:
ipv4_address: 10.2.0.42
unbound:
image: "noxcis/unbound:latest"
container_name: unbound
restart: unless-stopped
hostname: "unbound"
cap_add:
- NET_ADMIN
healthcheck:
test: ["CMD", "drill", "@127.0.0.1", "dnssec.works"]
interval: 30s
timeout: 30s
retries: 3
start_period: 30s
#volumes:
# - ./Global-Configs/Unbound:/etc/unbound/custom.conf.d
networks:
private_network:
ipv4_address: 10.2.0.200
adguard:
depends_on: [unbound]
container_name: adguard
image: adguard/adguardhome
restart: unless-stopped
hostname: adguard
# Volumes store your data between container upgrades
volumes:
- "./configs/adguard/Data:/opt/adguardhome/work"
- "./configs/adguard:/opt/adguardhome/conf"
networks:
private_network:
ipv4_address: 10.2.0.100
darkwire:
image: noxcis/darkwire:terra-firma
cap_add:
- NET_ADMIN
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
networks:
private_network:
ipv4_address: 10.2.0.4
wiregate:
image: noxcis/${STATE}:${TAG}
container_name: wiregate
hostname: wiregate
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
restart: unless-stopped
volumes:
- pf_conf:/WireGate/iptable-rules/
- conf:/etc/wireguard
- db:/WireGate/db
- ./configs/dnscrypt:/WireGate/dnscrypt
- ./configs/tor:/etc/tor/
- ./configs/logs:/WireGate/log/
- ./configs/master-key:/WireGate/master-key
environment:
#Config Path Optional
#- WGDCONF_PATH=/etc/wireguard
#Use Ofuscated Wireguard (AmneziaWG)
- AMNEZIA_WG=${AMNEZIA_WG}
#Set Timezone
- TZ={PI_HOLE_TZ}
#Tor Settings
##########################################################
- WGD_TOR_PROXY=${WGD_TOR_PROXY} #Enable Tor
- WGD_TOR_EXIT_NODES=${WGD_TOR_EXIT_NODES} #Ex. {gb},{fr}
- WGD_TOR_DNS_EXIT_NODES=${WGD_TOR_DNS_EXIT_NODES} #Ex. {gb},{fr}
- WGD_TOR_BRIDGES=${WGD_TOR_BRIDGES} #Enable Tor Bridges
- WGD_TOR_PLUGIN=${WGD_TOR_PLUGIN} #OPTIONS webtunnel, obfs4, snowflake
#WGDashboard Global Settings
##########################################################
- WGD_WELCOME_SESSION=false
- WGD_AUTH_REQ=true
- WGD_USER=${WGD_USER}
- WGD_PASS=${WGD_PASS}
- WGD_REMOTE_ENDPOINT=${WGD_REMOTE_ENDPOINT}
- WGD_REMOTE_ENDPOINT_PORT=80
- WGD_PEER_ENDPOINT_ALLOWED_IP=0.0.0.0/0, ::/0
- WGD_KEEP_ALIVE=21
- WGD_MTU=1420
- WGD_PORT_RANGE_STARTPORT=${WGD_PORT_RANGE_STARTPORT}
#DNS Setiings (Set To use Containers Above) You can use your own DNS
##########################################################
- WGD_DNS=10.2.0.100
- WGD_IPTABLES_DNS=10.2.0.100
ports:
- "${WGD_PORT_MAPPINGS}" #Comment Out for full network lockdown, I.E only Accessible via VPN conttenction at http://wire.gate using config in generated master-key folder
sysctls: #Otherwise access the dashboard @ your-sever-ip/domain:6060
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv6.conf.all.forwarding=1
- net.ipv6.conf.default.forwarding=1
networks:
private_network:
ipv4_address: 10.2.0.3
volumes:
db:
conf:
pf_conf: