From ffd3d8f262ab237daadc9a3c01bf88b4de26f91a Mon Sep 17 00:00:00 2001 From: cspark Date: Thu, 29 Feb 2024 20:15:36 +0000 Subject: [PATCH] Add resource quotas to all service docker configurations --- services/service_git/docker-compose.yml | 12 ++++++++++++ services/service_invidious/docker-compose.yml | 12 ++++++++++++ services/service_mail/docker-compose.yml | 9 +++++++++ services/service_minecraft/docker-compose.yml | 8 ++++++++ services/service_nextcloud/docker-compose.yml | 16 ++++++++++++++++ services/service_searxng/docker-compose.yml | 12 ++++++++++++ 6 files changed, 69 insertions(+) diff --git a/services/service_git/docker-compose.yml b/services/service_git/docker-compose.yml index 8aede60..7362d91 100644 --- a/services/service_git/docker-compose.yml +++ b/services/service_git/docker-compose.yml @@ -20,6 +20,10 @@ services: - "222:22" networks: forgejo: + deploy: + limits: + cpus: '0.10' + memory: 512M forgejo: image: codeberg.org/forgejo/forgejo:1.21 @@ -39,6 +43,10 @@ services: - ./forgejo-data:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro + deploy: + limits: + cpus: '0.25' + memory: 512M depends_on: - forgejo-db @@ -54,6 +62,10 @@ services: networks: forgejo: ipv4_address: 11.1.0.22 + deploy: + limits: + cpus: '0.10' + memory: 128M networks: forgejo: diff --git a/services/service_invidious/docker-compose.yml b/services/service_invidious/docker-compose.yml index aae3066..7149444 100755 --- a/services/service_invidious/docker-compose.yml +++ b/services/service_invidious/docker-compose.yml @@ -22,6 +22,10 @@ services: - "3000:3000" networks: invidious: + deploy: + limits: + cpus: '0.10' + memory: 512M invidious: network_mode: "service:invidious-gluetun" @@ -61,6 +65,10 @@ services: max-file: "4" depends_on: - invidious-db + deploy: + limits: + cpus: '0.25' + memory: 512M invidious-db: image: docker.io/library/postgres:14 @@ -80,6 +88,10 @@ services: networks: invidious: ipv4_address: 11.1.0.22 + deploy: + limits: + cpus: '0.10' + memory: 128M networks: invidious: diff --git a/services/service_mail/docker-compose.yml b/services/service_mail/docker-compose.yml index 7151879..6f154aa 100755 --- a/services/service_mail/docker-compose.yml +++ b/services/service_mail/docker-compose.yml @@ -21,6 +21,11 @@ services: - "587:587" # SMTP+STARTTLS Explicit TLS / Appears to be used - "993:993" # IMAPS Implicit TLS / Appears to not be used - "143:143" # IMAPS IMAP+STARTTLS Explicit TLS / Appears to be used + deploy: + limits: + cpus: '0.10' + memory: 512M + mailserver: network_mode: "service:mailserver-gluetun" image: ghcr.io/docker-mailserver/docker-mailserver:latest @@ -56,4 +61,8 @@ services: - ENABLE_CLAMAV=0 cap_add: - NET_ADMIN # For Fail2Ban to work + deploy: + limits: + cpus: '0.25' + memory: 512M restart: always diff --git a/services/service_minecraft/docker-compose.yml b/services/service_minecraft/docker-compose.yml index 47d6c26..89094f3 100755 --- a/services/service_minecraft/docker-compose.yml +++ b/services/service_minecraft/docker-compose.yml @@ -23,6 +23,10 @@ services: volumes: # Custom IPTables forwarding rules to forward TCP(web) traffic from port 54376 to port 25565 - ./post-rules.txt:/iptables/post-rules.txt + deploy: + limits: + cpus: '0.10' + memory: 512M mc: image: itzg/minecraft-server @@ -41,3 +45,7 @@ services: # - ./data:/data # - ./data:/data + deploy: + limits: + cpus: '0.50' + memory: 1500M diff --git a/services/service_nextcloud/docker-compose.yml b/services/service_nextcloud/docker-compose.yml index a4198a2..5d7bcb6 100755 --- a/services/service_nextcloud/docker-compose.yml +++ b/services/service_nextcloud/docker-compose.yml @@ -24,6 +24,10 @@ services: - ./post-rules.txt:/iptables/post-rules.txt ports: - "11000:11000" + deploy: + limits: + cpus: '0.10' + memory: 512M nextcloud-cache: network_mode: "service:nextcloud-gluetun" @@ -32,6 +36,10 @@ services: mem_limit: 2048m mem_reservation: 512m command: redis-server --requirepass {{ service_nextcloud_postgres_pass }} + deploy: + limits: + cpus: '0.10' + memory: 2048M nextcloud-db: network_mode: "service:nextcloud-gluetun" @@ -44,6 +52,10 @@ services: - POSTGRES_PASSWORD={{ service_nextcloud_postgres_pass }} - POSTGRES_DB=nextcloud - POSTGRES_USER=nextcloud + deploy: + limits: + cpus: '0.10' + memory: 128M nextcloud: network_mode: "service:nextcloud-gluetun" @@ -65,4 +77,8 @@ services: - OVERWRITEHOST=nextcloud.{{ domain_name }} - OVERWRITEPROTOCOL=https - OVERWRITECLIURL=https://nextcloud.{{ domain_name }} + deploy: + limits: + cpus: '0.25' + memory: 512M diff --git a/services/service_searxng/docker-compose.yml b/services/service_searxng/docker-compose.yml index 31dcbf9..e41cdfb 100755 --- a/services/service_searxng/docker-compose.yml +++ b/services/service_searxng/docker-compose.yml @@ -20,6 +20,10 @@ services: - FIREWALL_VPN_INPUT_PORTS=8080 ports: - "8080:8080" + deploy: + limits: + cpus: '0.10' + memory: 512M searxng-redis: network_mode: "service:searxng-gluetun" @@ -34,6 +38,10 @@ services: - SETGID - SETUID - DAC_OVERRIDE + deploy: + limits: + cpus: '0.10' + memory: 128M # If you want to change container listen port from default 8080 https://github.com/searxng/searxng-docker/issues/20 # Set environment variable BIND_ADDRESS, example: @@ -63,3 +71,7 @@ services: options: max-size: "1m" max-file: "1" + deploy: + limits: + cpus: '0.25' + memory: 512M