docker-netbird/compose.yml at master · 11notes/docker-netbird · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
name: "netbird"

x-lockdown: &lockdown
  # prevents write access to the image itself
  read_only: true
  # prevents any process within the container to gain more privileges
  security_opt:
    - "no-new-privileges=true"

x-image-netbird: &image
  image: "11notes/netbird:0.71.4"
  <<: *lockdown

services:
  server:
    depends_on:
      postgres:
        condition: "service_healthy"
        restart: true
    <<: *image
    environment:
      TZ: "Europe/Zurich"
      NETBIRD_FQDN: "${NETBIRD_FQDN}"
      POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
    volumes:
      - "server.etc:/netbird/etc"
      - "server.var:/netbird/var"
    tmpfs:
      - "/tmp:uid=1000,gid=1000"
    networks:
      frontend:
      backend:
    ports:
      - "3478:3478/udp"
      - "8080:8080/tcp"
    restart: "always"

  dashboard:
    <<: *image
    # start dashboard instead of mangement server
    command: "--dashboard"
    environment:
      TZ: "Europe/Zurich"
      NETBIRD_MGMT_API_ENDPOINT: "https://${NETBIRD_FQDN}"
      NETBIRD_MGMT_GRPC_API_ENDPOINT: "https://${NETBIRD_FQDN}"
      AUTH_AUTHORITY: "https://${NETBIRD_FQDN}/oauth2"
    volumes:
      - "dashboard.var:/nginx/var"
    tmpfs:
      - "/nginx/cache:uid=1000,gid=1000"
      - "/nginx/run:uid=1000,gid=1000"
    networks:
      frontend:
      backend:
    ports:
      - "3000:3000/tcp"
    restart: "always"

  postgres:
    # for more information about this image checkout:
    # https://github.com/11notes/docker-postgres
    image: "11notes/postgres:18"
    <<: *lockdown
    environment:
      TZ: "Europe/Zurich"
      POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
      POSTGRES_BACKUP_SCHEDULE: "0 3 * * *"
    volumes:
      - "postgres.etc:/postgres/etc"
      - "postgres.var:/postgres/var"
      - "postgres.backup:/postgres/backup"
    tmpfs:
      - "/postgres/run:uid=1000,gid=1000"
      - "/postgres/log:uid=1000,gid=1000"
    networks:
      backend:
    restart: "always"

volumes:
  server.etc:
  server.var:
  dashboard.var:
  postgres.etc:
  postgres.var:
  postgres.backup:

networks:
  frontend:
  backend:
    internal: true