ScaleTail/services/ollama/compose.yaml at main · tailscale-dev/ScaleTail · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
configs:
  ts-serve:
    content: |
      {"TCP":{"443":{"HTTPS":true}},
      "Web":{"$${TS_CERT_DOMAIN}:443":
          {"Handlers":{"/":
          {"Proxy":"http://127.0.0.1:11434"}}}},
      "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}}

services:
  # Make sure you have updated/checked the .env file with the correct variables.
  # All the ${ xx } need to be defined there.

  # Tailscale Sidecar Configuration
  tailscale:
    image: tailscale/tailscale:latest # Image to be used
    container_name: tailscale-${SERVICE} # Name for local container management
    hostname: ${SERVICE} # Name used within your Tailscale environment
    environment:
      - TS_AUTHKEY=${TS_AUTHKEY}
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required
      - TS_USERSPACE=false
      - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz"
      - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The <addr>:<port> for the healthz endpoint
      - TS_AUTH_ONCE=true
      # - TS_ACCEPT_DNS=true # Uncomment when using MagicDNS
    configs:
      - source: ts-serve
        target: /config/serve.json
    volumes:
      - ./config:/config # Config folder used to store Tailscale files
      - ./ts/state:/var/lib/tailscale # Tailscale requirement
    devices:
      - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work
    cap_add:
      - net_admin # Tailscale requirement
      - sys_module # Required to load kernel modules for Tailscale
    #ports:
    #  - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required
    # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below
    #dns:
    #  - ${DNS_SERVER}

    # networks:
    #   - yourNetwork # Optional: connect to an existing proxy network so other containers can reach Ollama via its Tailscale IP

    healthcheck:
      test: [ "CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz" ] # Check Tailscale has a Tailnet IP and is operational
      interval: 1m # How often to perform the check
      timeout: 10s # Time to wait for the check to succeed
      retries: 3 # Number of retries before marking as unhealthy
      start_period: 10s # Time to wait before starting health checks
    restart: always

  # Ollama
  application:
    image: ${IMAGE_URL} # Image to be used
    network_mode: service:tailscale # Sidecar configuration to route Ollama through Tailscale
    container_name: app-${SERVICE} # Name for local container management
    environment:
      - OLLAMA_HOST=0.0.0.0:11434
      - OLLAMA_KEEP_ALIVE=24h # Optional: keeps models loaded in memory (default is 5 min)
      # - OLLAMA_API_KEY=${OLLAMA_API_KEY} # Optional: set an API key to restrict access
    volumes:
      - ./${SERVICE}-data:/root/.ollama # Stores downloaded models
    depends_on:
      tailscale:
        condition: service_healthy
    healthcheck:
      test: [ "CMD", "pgrep", "-f", "${SERVICE}" ] # Check if Ollama process is running
      interval: 1m # How often to perform the check
      timeout: 10s # Time to wait for the check to succeed
      retries: 3 # Number of retries before marking as unhealthy
      start_period: 30s # Time to wait before starting health checks
    restart: always

# networks:
#   yourNetwork:
#     external: true # Assumes an existing external Docker network named "yourNetwork"