ff

2025-01-03 14:35:47 +01:00 · 2025-01-03 14:35:47 +01:00 · 2b4a3384cd
commit 2b4a3384cd
parent 400cc57c64
13 changed files with 115 additions and 8 deletions
--- a/docker-compose/act-runner/docker-compose.yml.j2
+++ b/docker-compose/act-runner/docker-compose.yml.j2
@ -6,8 +6,11 @@ services:
    image: gitea/act_runner:0.2.11
    restart: unless-stopped
    pull_policy: missing
-    memory: 512m
-    cpus: 2
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
    security_opt:
      - no-new-privileges=true
    volumes:
--- a/docker-compose/authelia/docker-compose.yml.j2
+++ b/docker-compose/authelia/docker-compose.yml.j2
@ -7,8 +7,11 @@ services:
    container_name: authelia
    restart: unless-stopped
    pull_policy: missing
-    memory: 512m
-    cpus: 2
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
    security_opt:
      - no-new-privileges=true
    environment:
@ -46,8 +49,11 @@ services:
    container_name: authelia-redis
    restart: unless-stopped
    pull_policy: missing
-    memory: 512m
-    cpus: 2
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
    security_opt:
      - no-new-privileges=true
    environment:
@ -67,8 +73,11 @@ services:
    command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF
    restart: unless-stopped
    pull_policy: missing
-    memory: 512m
-    cpus: 2
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
    security_opt:
      - no-new-privileges=true
    volumes:
--- a/docker-compose/gramps/docker-compose.yml.j2
+++ b/docker-compose/gramps/docker-compose.yml.j2
@ -5,6 +5,11 @@ services:
    image: ghcr.io/gramps-project/grampsweb:v24.12.2  # version
    restart: unless-stopped
    pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
    security_opt:
      - no-new-privileges=true
    ports:
@ -38,6 +43,11 @@ services:
  grampsweb_celery:
    <<: *grampsweb  # YAML merge key copying the entire grampsweb service config
    ports: []
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "1024M"
    container_name: grampsweb-celery
    depends_on:
      - grampsweb_redis
@ -49,6 +59,11 @@ services:
    container_name: grampsweb-redis
    restart: unless-stopped
    pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
    security_opt:
      - no-new-privileges=true
    healthcheck:
--- a/docker-compose/lldap/docker-compose.yml.j2
+++ b/docker-compose/lldap/docker-compose.yml.j2
@ -4,6 +4,11 @@ services:
    container_name: lldap
    restart: unless-stopped
    pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
    security_opt:
      - no-new-privileges=true
    ports:
@ -27,6 +32,11 @@ services:
    image: "postgres:17.2"
    restart: unless-stopped
    pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
    security_opt:
      - no-new-privileges=true
    environment:
--- a/docker-compose/miniflux/docker-compose.yml.j2
+++ b/docker-compose/miniflux/docker-compose.yml.j2
@ -5,6 +5,11 @@ services:
    image: "ghcr.io/miniflux/miniflux:2.2.4"
    restart: unless-stopped
    pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
    security_opt:
      - no-new-privileges=true
    depends_on:
@ -39,6 +44,11 @@ services:
    image: "postgres:17.2"
    restart: unless-stopped
    pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
    security_opt:
      - no-new-privileges=true
    environment:
@ -62,6 +72,11 @@ services:
      - miniflux
    restart: unless-stopped
    pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "4"
+          memory: "512M"
    security_opt:
      - no-new-privileges=true
    environment:
--- a/docker-compose/navidrome/docker-compose.yml.j2
+++ b/docker-compose/navidrome/docker-compose.yml.j2
@ -5,6 +5,11 @@ services:
    image: "deluan/navidrome:0.54.3"
    restart: unless-stopped
    pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "4"
+          memory: "512M"
    security_opt:
      - no-new-privileges=true
    environment:
--- a/docker-compose/nextcloud/docker-compose.yml.j2
+++ b/docker-compose/nextcloud/docker-compose.yml.j2
@ -6,6 +6,11 @@ services:
    command: --transaction-isolation=READ-COMMITTED --log-bin=ROW --innodb_read_only_compressed=OFF
    restart: unless-stopped
    pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
    security_opt:
      - no-new-privileges=true
    volumes:
@ -41,6 +46,11 @@ services:
      - internal
    restart: unless-stopped
    pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
    security_opt:
      - no-new-privileges=true
    command: "redis-server --requirepass {{ lookup('viczem.keepass.keepass', 'nextcloud/nextcloud_redis_host_password', 'password') }}"
@ -56,6 +66,11 @@ services:
    image: "registry.mgrote.net/nextcloud-cronjob:latest"
    restart: unless-stopped
    pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
    security_opt:
      - no-new-privileges=true
    network_mode: none
@ -72,6 +87,11 @@ services:
    container_name: nextcloud-app
    restart: unless-stopped
    pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "4"
+          memory: "1024M"
    security_opt:
      - no-new-privileges=true
    depends_on:
--- a/docker-compose/postfix/docker-compose.yml.j2
+++ b/docker-compose/postfix/docker-compose.yml.j2
@ -4,6 +4,11 @@ services:
    container_name: postfix
    restart: unless-stopped
    pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
    security_opt:
      - no-new-privileges=true
    ports:
--- a/docker-compose/registry/docker-compose.yml.j2
+++ b/docker-compose/registry/docker-compose.yml.j2
@ -2,6 +2,11 @@ services:
  oci-registry:
    restart: unless-stopped
    pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
    security_opt:
      - no-new-privileges=true
    container_name: oci-registry
--- a/docker-compose/routeros-config-export/docker-compose.yml
+++ b/docker-compose/routeros-config-export/docker-compose.yml
@ -3,6 +3,11 @@ services:
    container_name: routeros-config-export
    restart: unless-stopped
    pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
    security_opt:
      - no-new-privileges=true
    image: "registry.mgrote.net/routeros-config-export:latest"
--- a/docker-compose/traefik/docker-compose.yml.j2
+++ b/docker-compose/traefik/docker-compose.yml.j2
@ -7,6 +7,11 @@ services:
    image: "traefik:v3.2.3"
    restart: unless-stopped
    pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
    security_opt:
      - no-new-privileges=true
    volumes:
--- a/docker-compose/unifi-network-application/docker-compose.yml.j2
+++ b/docker-compose/unifi-network-application/docker-compose.yml.j2
@ -28,6 +28,11 @@ services:
      - 5514:5514/udp #optional
    restart: unless-stopped
    pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "1024M"
    security_opt:
      - no-new-privileges=true
    networks:
--- a/docker-compose/wiki/docker-compose.yml.j2
+++ b/docker-compose/wiki/docker-compose.yml.j2
@ -4,6 +4,11 @@ services:
    image: "registry.mgrote.net/httpd:latest"
    restart: unless-stopped
    pull_policy: missing
+    deploy:
+      resources:
+        limits:
+          cpus: "2"
+          memory: "512M"
    security_opt:
      - no-new-privileges=true
    networks: