Ramblings of an aging IT geek
← Ramblings of an aging IT geek
homelab

docker compose for the whole house

Why I consolidated the household self-hosted services into a handful of docker-compose stacks instead of one giant file, and the conventions that keep it sane.

John Mylchreest
John Mylchreest
2021-07-16 · 3 min read

A server rack running household services

For a while my "infrastructure" was a series of docker run commands I half-remembered and a shell history I was afraid to clear. It worked right up until the box rebooted and I had to reconstruct, from memory, which container needed which flag. That is not a backup strategy. That is a hostage situation.

So I moved everything to docker-compose. Not one enormous file, which is the mistake everyone makes first, but a small set of stacks grouped by what they are for.

one stack per concern, not one stack to rule them all

The temptation is a single docker-compose.yml with thirty services in it. Don't. When you want to restart the media stuff you do not want to risk bouncing DNS at the same time. I split it roughly by blast radius:

  • infra/ for the things everything else depends on: reverse proxy, DNS, the bits that must come up first.
  • media/ for the stuff the family actually uses.
  • tools/ for the experiments I am still deciding whether to keep.

Each lives in its own directory with its own .env, and each can be brought up or torn down without touching the others.

A homelab serving the household

a layout that survives a reboot

The shape of an infra stack looks like this, give or take:

version: "3.8"

services:
  proxy:
    image: traefik:v2.4
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik:/etc/traefik

  dns:
    image: pihole/pihole:latest
    restart: unless-stopped
    env_file: .env
    volumes:
      - ./pihole/etc:/etc/pihole

The two conventions that matter: restart: unless-stopped so a reboot brings the house back without me, and every persistent path is a bind mount under the stack directory. No anonymous volumes I cannot find later. When I want to back up a service I tar its directory, and that is the whole story.

the part the family notices

The real win is not elegance, it is recovery. The host rebooted last week after a kernel update, and I did nothing. The proxy came up, DNS came up, and by the time anyone reached for the telly the media stack had already answered. Nobody said anything, which in domestic self-hosting is the highest praise there is. Compose did not make the services better. It made them boring and repeatable, and boring is exactly what you want from the thing the whole house runs on.