docker-compose.harmony.yml

version: '3.1'

services:
  harmony-mainnet:
    build: ./harmony/build
    command: bash -c "/harmony.sh && /binary --log.dir /harmony/log --run.shard 1 --dns.zone t.hmny.io --http.ip 0.0.0.0 --datadir /harmony"
    sysctls:
      net.core.somaxconn: 1024
      # net.core.netdev_max_backlog: 65536
      net.ipv4.tcp_tw_reuse: 1
      net.ipv4.tcp_rmem: 4096 65536 16777216
      net.ipv4.tcp_wmem: 4096 65536 16777216
      # net.ipv4.tcp_mem: 65536 131072 262144
    ulimits:
      nproc: 65535
      nofile:
        soft: 65535
        hard: 65535
    expose:
      - "9500"
      - "9000"
      - "6000"
      - "9900"
    ports:
      - 9000:9000/tcp
      - 6000:6000/tcp
    volumes:
      - harmony_data:/harmony/
      - ./harmony/keyfiles:/.hmy/blskeys
      - ./harmony/log:/harmony/log
      - ./bootstrap_skript/harmony.sh:/harmony.sh
    restart: unless-stopped

### WIREGUARD

  wireguard:
    image: lscr.io/linuxserver/wireguard
    container_name: wireguard
    healthcheck:
      test: [ "CMD", "ping", "-c", "1", "10.13.13.1" ]
      timeout: 10s
      interval: 5s
      retries: 3
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
    volumes:
      - ./wireguard/config/wg0.conf:/config/wg0.conf
      - /lib/modules:/lib/modules
    # Expose prometheus port
    expose:
      - 9090
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped


### MONITORING

  prometheus:
    image: prom/prometheus:v2.30.3
    container_name: prometheus
    volumes:
      - ./prometheus/prometheus-harmony.yml:/etc/prometheus/prometheus.yml
      - prometheus_data:/prometheus
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
      - '--storage.tsdb.path=/prometheus'
      - '--web.console.libraries=/etc/prometheus/console_libraries'
      - '--web.console.templates=/etc/prometheus/consoles'
      - '--storage.tsdb.retention.time=200h'
      - '--web.enable-lifecycle'
    restart: unless-stopped
    network_mode: "service:wireguard"
    labels:
      org.label-schema.group: "monitoring"
    depends_on:
      - wireguard

  nodeexporter:
    image: prom/node-exporter:v1.2.2
    container_name: nodeexporter
    volumes:
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro
      - /:/rootfs:ro
    command:
      - '--path.procfs=/host/proc'
      - '--path.rootfs=/rootfs'
      - '--path.sysfs=/host/sys'
      - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
    restart: unless-stopped
    expose:
      - 9100
    labels:
      org.label-schema.group: "monitoring"

  cadvisor:
    image: gcr.io/cadvisor/cadvisor:v0.42.0
    container_name: cadvisor
    privileged: true
    devices:
      - /dev/kmsg:/dev/kmsg
    volumes:
      - /:/rootfs:ro
      - /var/run:/var/run:ro
      - /sys:/sys:ro
      - /var/lib/docker:/var/lib/docker:ro
      #- /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux
    restart: unless-stopped
    expose:
      - 8080
    labels:
      org.label-schema.group: "monitoring"

### VOLUMES

volumes:
  harmony_data:
  prometheus_data: