v2m/37/docker-compose.yml

version: '3.7'

services:
  wireguard:
    image: linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Mendoza
      - SERVERPORT=51820 #optional
      - PEERS=3 #optional
      - PEERDNS=auto #optional
      - INTERNAL_SUBNET=10.13.13.0 #optional
    volumes:
      - /root/wireguard:/config
      - /lib/modules:/lib/modules
      - /usr/src:/usr/src
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    dns:
      - 172.20.0.7
    restart: unless-stopped
    networks:
      containers:
        ipv4_address: 172.20.0.6

  pihole:
    container_name: pihole
    image: pihole/pihole:v5.7
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
    environment:
      TZ: 'America/Mendoza'
      WEBPASSWORD: 'peladonerd'
    volumes:
      - './etc-pihole/:/etc/pihole/'
      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
    cap_add:
      - NET_ADMIN
    restart: unless-stopped
    networks:
      containers:
        ipv4_address: 172.20.0.7

  nginx-proxy:
    image: jwilder/nginx-proxy:0.6.0
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - certs:/etc/nginx/certs:ro
      - confd:/etc/nginx/conf.d
      - vhostd:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - acme:/etc/acme.sh
    labels:
      - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy

  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion:v1.12
    restart: always
    volumes:
      - certs:/etc/nginx/certs:rw
      - confd:/etc/nginx/conf.d
      - vhostd:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - acme:/etc/acme.sh

  whoogle-search:
    image: benbusby/whoogle-search
    container_name: whoogle-search
    restart: on-failure:5
    user: '102'
    security_opt:
      - no-new-privileges
    cap_drop:
      - ALL
    read_only: true
    tmpfs:
      - /config/:size=10M,uid=102,gid=102,mode=1700
      - /var/lib/tor/:size=10M,uid=102,gid=102,mode=1700
      - /run/tor/:size=1M,uid=102,gid=102,mode=1700
    environment: # Uncomment to configure environment variables
      # Basic auth configuration, uncomment to enable
      #- WHOOGLE_USER=<auth username>
      #- WHOOGLE_PASS=<auth password>
      # Proxy configuration, uncomment to enable
      #- WHOOGLE_PROXY_USER=<proxy username>
      #- WHOOGLE_PROXY_PASS=<proxy password>
      #- WHOOGLE_PROXY_TYPE=<proxy type (http|socks4|socks5)
      #- WHOOGLE_PROXY_LOC=<proxy host/ip>
      # Site alternative configurations, uncomment to enable
      # Note: If not set, the feature will still be available
      # with default values.
      #- WHOOGLE_ALT_TW=nitter.net
      #- WHOOGLE_ALT_YT=invidious.snopyta.org
      #- WHOOGLE_ALT_IG=bibliogram.art/u
      #- WHOOGLE_ALT_RD=libredd.it
      # Load environment variables from whoogle.env
      #- WHOOGLE_DOTENV=1
      VIRTUAL_HOST: whoogle.ejemplo.com
      VIRTUAL_PORT: 5000
      LETSENCRYPT_HOST: whoogle.ejemplo.com
      LETSENCRYPT_EMAIL: pablo@ejemplo.com
    expose:
      - 5000

networks:
  containers:
    ipam:
      config:
        - subnet: 172.20.0.0/24

volumes:
  certs:
  confd:
  vhostd:
  html:
  acme: