homeserver/docker-compose/unifi-network-application/docker-compose.yml.j2
Michael Grote b0214bdb9a
All checks were successful
ansible-lint / gitleaks (push) Successful in 2s
ansible-lint / Ansible Lint (push) Successful in 22s
container security (#274)
https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html
Reviewed-on: #274
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>
2025-01-03 14:57:43 +01:00

87 lines
2.2 KiB
Django/Jinja

---
services:
unifi-network-application:
image: "lscr.io/linuxserver/unifi-network-application:8.0.28-ls27"
container_name: unifi-network-application
environment:
PUID: 1000
PGID: 1000
TZ: Etc/UTC
MONGO_USER: unifiuser
MONGO_PASS: "{{ lookup('viczem.keepass.keepass', 'unifi-mongodb-pass', 'password') }}"
MONGO_HOST: unifi-db
MONGO_PORT: 27017
MONGO_DBNAME: unifidb
MEM_LIMIT: 1024 #optional
MEM_STARTUP: 1024 #optional
volumes:
- unifi-data:/config
ports:
- 8443:8443
- 3478:3478/udp
- 10001:10001/udp
- 8080:8080
- 1900:1900/udp #optional
- 8843:8843 #optional
- 8880:8880 #optional
- 6789:6789 #optional
- 5514:5514/udp #optional
restart: unless-stopped
pull_policy: missing
deploy:
resources:
limits:
cpus: "2"
memory: "1024M"
security_opt:
- no-new-privileges=true
networks:
- postfix
- unifi-internal
healthcheck:
test: ["CMD", "curl", "-f", "--insecure", "https://localhost:8443"]
interval: 30s
timeout: 10s
retries: 3
depends_on:
- unifi-db
unifi-db:
# Starte Container OHNE init-script
# In Container
# 1. mongosh
# 2. db.getSiblingDB("unifidb").createUser({user: "unifiuser", pwd: "GEHEIM", roles: [{role: "dbOwner", db: "unifidb"}, {role: "dbOwner", db: "unifidb_stat"}]});
# https://discourse.linuxserver.io/t/cant-connect-to-mongodb-for-unifi-network-application/8166
image: "docker.io/mongo:8.0.4"
container_name: unifi-db
volumes:
- db-data:/data/db
restart: unless-stopped
pull_policy: missing
deploy:
resources:
limits:
cpus: "2"
memory: "512M"
security_opt:
- no-new-privileges=true
environment:
MARIADB_AUTO_UPGRADE: "1"
networks:
- unifi-internal
healthcheck:
test: ["CMD", "mongosh", "--eval", "db.stats().ok"]
interval: 30s
timeout: 10s
retries: 3
######## Volumes ########
volumes:
db-data:
unifi-data:
######## Networks ########
networks:
postfix:
external: true
unifi-internal:
driver: bridge