docker compose demo for home automation

cloudflare-tunnel-docker-compose.yml

services:
  cloudflare-tunnel:
    image: cloudflare/cloudflared
    container_name: cloudflare-tunnel
    hostname: cloudflare-tunnel
    restart: unless-stopped
    network_mode: "host"
    command: tunnel run
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./config/hosts:/etc/hosts
    environment:
      - "TUNNEL_TOKEN=${CLOUDFLARE_TUNNEL_TOKEN}"

docker-compose.yml

version: "3"

services:
  mosquitto:
    # default user/pass = admin/password
    container_name: Mosquitto
    # restart: always
    # image: eclipse-mosquitto:latest
    image: arm64v8/eclipse-mosquitto:1.6.12
    # image: eclipse-mosquitto:2
    volumes:
      # - /var/run/docker.sock:/var/run/docker.sock
      # - ./Mosquitto/mqtt/config:/mosquitto/config/:ro
      # - ./Mosquitto/config:/mosquitto/config:rw
      - ./Mosquitto/data:/mosquitto/data
      - ./Mosquitto/log:/mosquitto/log
    environment:
      - TZ=Asia/Jerusalem
    ports:
      - "1883:1883"
      - "1884:1884"
      - "9001:9001"
    network_mode: bridge

  zigbee2mqtt:
    container_name: zigbee2mqtt
    image: koenkk/zigbee2mqtt
    restart: always
    network_mode: host
    # ports:
    #   - "8090:8080"  # UI admin panel
    volumes:
      - ./zigbee2mqtt/data:/app/data
      - /run/udev:/run/udev:ro
    environment:
      - TZ=Asia/Jerusalem
      - Z2M_MQTT_USER=${Z2M_MQTT_USER}
      - Z2M_MQTT_PASSWORD=${Z2M_MQTT_PASSWORD}

    # devices:
    #   - /dev/ttyACM0:/dev/ttyACM0  # שים לב - אותו דונגל כמו Home Assistant
    privileged: true
    depends_on:
      - mosquitto
      
  mariadb:
    container_name: MariaDB
    # restart: always
    image: arm64v8/mariadb:10.7
    # command: mysqld --character-set-server=utf8 --collation-server=utf8_unicode_ci --init-connect='SET NAMES UTF8;' --innodb-flush-log-at-trx-commit=0
    volumes:
      # - /var/run/docker.sock:/var/run/docker.sock
      - ./MaraiDB:/var/lib/mysql
      # - /etc/localtime:/etc/localtime:ro
    environment:
      - TZ=Asia/Jerusalem
      - MYSQL_ROOT_PASSWORD=gilad
      - MYSQL_DATABASE=hass_db
    ports:
      - "3306:3306"
    # network_mode: bridge

  esphome:
    container_name: esphome
    image: esphome/esphome
    volumes:
      - ./esphome:/config
      - /etc/localtime:/etc/localtime:ro
    restart: always
    privileged: true
    network_mode: host
    
  matter-server:
    container_name: matter-server
    restart: always
    image: ghcr.io/home-assistant-libs/python-matter-server:stable
    security_opt:
      - "apparmor=unconfined"
    volumes:
      - ./matter-server/data:/data
      - /run/dbus:/run/dbus:ro
    environment:
      - TZ=Asia/Jerusalem
    network_mode: host
    privileged: true
    
  homeassistant:
    container_name: HomeAssistant
    # restart: always
    image: homeassistant/home-assistant:2022.12
    # depends_on:
      # - "mosquitto"
      # - "mariadb"
    # devices:
    #   - /dev/ttyACM0:/dev/ttyACM0
    volumes:
      # - /var/run/docker.sock:/var/run/docker.sock
      - ./home/Config:/config
      # - /dev/bus/usb:/dev/bus/usb
    ports:
      - 8123:8123
    environment:
      - TZ=Asia/Jerusalem
    # network_mode: host
    # privileged: true
  
  duplicati:
    # image: linuxserver/duplicati:2.0.6
    image: linuxserver/duplicati:arm64v8-2.0.6
    container_name: duplicati
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Asia/Jerusalem
    volumes:
      - ./duplicati/config:/config
      - /Users/giladshoham/dev/temp/negev-meetup/backups:/backups
      - /Users/giladshoham/dev/temp/negev-meetup:/source
    ports:
      - 8200:8200
    # restart: unless-stopped

  portainer:
    image: portainer/portainer:1.25.0
    container_name: Portainer
    # restart: unless-stopped
    command: -H unix:///var/run/docker.sock
    ports:
    - "9090:9000"
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - ./portainer/data:/data
    # - /opt/docker/shared:/shared
    environment:
    - TZ=Asia/Jerusalem

  vscode:
    image: codercom/code-server:4.9.1
    container_name: code-server
    environment:
      - PASSWORD=gilad
    ports:
      - 8083:8080
    volumes:
      - /Users/giladshoham/dev/temp/negev-meetup:/home/coder/project
    # restart: unless-stopped
  
  cloud9:
    image: tomerfi/alpine-c9:latest
    container_name: cloud9
    environment:
      - C9USER=gilad
      - C9PASSWORD=gilad
    ports:
      - 8181:8080
    volumes:
      - /Users/giladshoham/dev/temp/negev-meetup:/workspace
    # restart: unless-stopped

n8n-docker-compose.yml

# volumes:
#   db_storage:
#   n8n_storage:

networks:
  shared-postgres-net:
    external: true

services:
  n8n:
    image: docker.n8n.io/n8nio/n8n
    restart: always
    networks:
      - shared-postgres-net
    environment:
      - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
      - N8N_RUNNERS_ENABLED=true
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - DB_TYPE=postgresdb
      - DB_POSTGRESDB_HOST=postgres
      - DB_POSTGRESDB_PORT=5432
      - DB_POSTGRESDB_DATABASE=${POSTGRES_DB}
      - DB_POSTGRESDB_USER=${POSTGRES_NON_ROOT_USER}
      - DB_POSTGRESDB_PASSWORD=${POSTGRES_NON_ROOT_PASSWORD}
      - N8N_SECURE_COOKIE=false
    ports:
      - 5678:5678
    # links:
    #   - postgres
    volumes:
      - ./n8n_storage:/home/node/.n8n
    # depends_on:
    #   postgres:
    #     condition: service_healthy

postgres-docker-compose.yml

networks:
  shared-postgres-net:
    external: true

services:
  postgres:
    image: postgres:16
    restart: always
    networks:
      shared-postgres-net:
        aliases:
          - postgres
    environment:
      - POSTGRES_USER
      - POSTGRES_PASSWORD
      - POSTGRES_DB
      - POSTGRES_NON_ROOT_USER
      - POSTGRES_NON_ROOT_PASSWORD
    volumes:
      - ./db_storage:/var/lib/postgresql/data
      - ./init-data.sh:/docker-entrypoint-initdb.d/init-data.sh
      - ./init-npm-db.sh:/docker-entrypoint-initdb.d/init-npm-db.sh
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -h localhost -U ${POSTGRES_USER} -d ${POSTGRES_DB}']
      interval: 5s
      timeout: 5s
      retries: 10

 

wireguard-docker-compose.yml

version: "3.8"

services:
  wireguard:
    image: linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000                     # שים את ה-UID שלך כאן (ראה הסבר בהמשך)
      - PGID=1000                     # שים את ה-GID שלך כאן
      - TZ=Asia/Jerusalem            # אזור זמן
      - SERVERURL=${SERVER_URL}      # כתובת DDNS או IP קבוע שלך
      - SERVERPORT=51820             # פורט חיצוני שתפתח בראוטר
      - PEERS=gilad                  # שם ה"לקוחות" (אפשר רשימה מופרדת בפסיקים)
      - PEERDNS=auto                 # DNS עבור הלקוחות
      - INTERNAL_SUBNET=10.13.13.0   # תת-רשת פנימית ל-VPN (ברירת מחדל)
    volumes:
      - ./config:/config
      - /lib/modules:/lib/modules
    ports:
      - "51820:51820/udp"
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped
  wg-easy:
    image: ghcr.io/wg-easy/wg-easy
    container_name: wg-easy
    environment:
      - WG_HOST=${SERVER_URL}   # כתובת ציבורית
      # - PASSWORD=${WG_EASY_PASS}  # סיסמה לממשק
      - PASSWORD_HASH=$$2b$$10$$SMKleDWkV4JyuSXqM/ZSgudY0afhbLBXnpR4Yb8DbmgWw0irjztEG  # סיסמה לממשק
      - WG_PORT=51820
      - WG_DEFAULT_DNS=1.1.1.1
    ports:
      - "51821:51821/tcp"  # פורט UI
    volumes:
      - ./config:/etc/wireguard  # חייב להיות אותו תיק
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1