cloud-sync-tuner/nerdctl-compose.yaml at main · hyperpolymath/cloud-sync-tuner · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# SPDX-License-Identifier: MPL-2.0-or-later
# nerdctl compose for cloud-sync-tuner
# Run: nerdctl compose up

services:
  cloud-sync-tuner:
    build:
      context: .
      dockerfile: Containerfile
    image: ghcr.io/hyperpolymath/cloud-sync-tuner:latest
    container_name: cloud-sync-tuner
    stdin_open: true
    tty: true
    read_only: true
    tmpfs:
      - /tmp:size=64M
    volumes:
      - ./output:/home/tuner/output:rw
      - ${HOME}/.config/rclone:/home/tuner/.config/rclone:ro
      - ./config:/home/tuner/.config/cloud-sync-tuner:ro
    devices:
      - /dev/fuse:/dev/fuse
    cap_drop:
      - ALL
    cap_add:
      - SYS_ADMIN  # Required for FUSE only
    security_opt:
      - no-new-privileges:true
    environment:
      - TERM=xterm-256color
      - XDG_CONFIG_HOME=/home/tuner/.config
    networks:
      - cloud-net
    depends_on:
      wireguard:
        condition: service_healthy
    profiles:
      - default

  # VPN sidecar (WireGuard)
  wireguard:
    image: cgr.dev/chainguard/wolfi-base:latest
    container_name: cloud-sync-vpn
    cap_add:
      - NET_ADMIN
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    volumes:
      - ./sdp/wg0.conf:/etc/wireguard/wg0.conf:ro
    command: >
      sh -c "apk add --no-cache wireguard-tools iproute2 &&
             wg-quick up wg0 &&
             exec sleep infinity"
    healthcheck:
      test: ["CMD", "wg", "show", "wg0"]
      interval: 30s
      timeout: 5s
      retries: 3
    networks:
      - cloud-net
    profiles:
      - vpn

  # Standalone mode (no VPN)
  cloud-sync-tuner-standalone:
    build:
      context: .
      dockerfile: Containerfile
    image: ghcr.io/hyperpolymath/cloud-sync-tuner:latest
    container_name: cloud-sync-tuner-standalone
    stdin_open: true
    tty: true
    read_only: true
    tmpfs:
      - /tmp:size=64M
    volumes:
      - ./output:/home/tuner/output:rw
      - ${HOME}/.config/rclone:/home/tuner/.config/rclone:ro
      - ./config:/home/tuner/.config/cloud-sync-tuner:ro
    devices:
      - /dev/fuse:/dev/fuse
    cap_drop:
      - ALL
    cap_add:
      - SYS_ADMIN
    security_opt:
      - no-new-privileges:true
    environment:
      - TERM=xterm-256color
    networks:
      - cloud-net
    profiles:
      - standalone

  # aria2 for accelerated downloads
  aria2:
    image: cgr.dev/chainguard/wolfi-base:latest
    container_name: aria2-rpc
    read_only: true
    tmpfs:
      - /tmp:size=128M
    command: >
      sh -c "apk add --no-cache aria2 &&
             aria2c --enable-rpc --rpc-listen-all=true
             --rpc-allow-origin-all --max-concurrent-downloads=16
             --split=16 --max-connection-per-server=16
             --dir=/downloads"
    ports:
      - "127.0.0.1:6800:6800"  # localhost only
    volumes:
      - ./downloads:/downloads:rw
    networks:
      - cloud-net
    profiles:
      - accelerated

networks:
  cloud-net:
    driver: bridge