moonlight-relay-server/docker-compose.yml

version: "3.9"

services:
  moonrelay:
    build:
      context: .
      dockerfile: Dockerfile
    image: moonrelay:latest
    container_name: moonrelay

    restart: unless-stopped

    ports:
      - "8080:8080"       # Web UI — access at http://<your-truenas-ip>:8080

    volumes:
      # Persist Tailscale node state across container restarts.
      # Without this the node re-authenticates every restart.
      - moonrelay-data:/data

    environment:
      # ── Tailscale ──────────────────────────────────────────────
      # Generate a reusable auth key at:
      #   https://login.tailscale.com/admin/settings/keys
      # Or leave blank — on first boot check container logs for a
      # login URL and authenticate interactively.
      TS_AUTHKEY: ""

      # Name this device will appear as on your tailnet
      TS_HOSTNAME: "moonrelay"

      # Set to "1" to disable Tailscale (LAN-only mode)
      MOONRELAY_NO_TS: "0"

      # ── Server ─────────────────────────────────────────────────
      MOONRELAY_PORT: "8080"
      MOONRELAY_HOST: "0.0.0.0"

      TZ: America/New_York   # adjust to your timezone

    # Tailscale's embedded WireGuard needs /dev/net/tun
    devices:
      - /dev/net/tun:/dev/net/tun

    # Required for WireGuard kernel module access
    cap_add:
      - NET_ADMIN
      - NET_RAW

    # Optional: restrict to a specific Docker network if you have one
    # networks:
    #   - homelab

    healthcheck:
      test: ["CMD", "wget", "-qO-", "http://localhost:8080/api/status"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 15s

volumes:
  moonrelay-data:
    driver: local

# Uncomment if using a custom Docker network
# networks:
#   homelab:
#     external: true
Add docker-compose.yml 2026-03-31 15:29:54 -04:00			`version: "3.9"`

			`services:`
			`moonrelay:`
			`build:`
			`context: .`
			`dockerfile: Dockerfile`
			`image: moonrelay:latest`
			`container_name: moonrelay`

			`restart: unless-stopped`

			`ports:`
			`- "8080:8080" # Web UI — access at http://<your-truenas-ip>:8080`

			`volumes:`
			`# Persist Tailscale node state across container restarts.`
			`# Without this the node re-authenticates every restart.`
			`- moonrelay-data:/data`

			`environment:`
			`# ── Tailscale ──────────────────────────────────────────────`
			`# Generate a reusable auth key at:`
			`# https://login.tailscale.com/admin/settings/keys`
			`# Or leave blank — on first boot check container logs for a`
			`# login URL and authenticate interactively.`
			`TS_AUTHKEY: ""`

			`# Name this device will appear as on your tailnet`
			`TS_HOSTNAME: "moonrelay"`

			`# Set to "1" to disable Tailscale (LAN-only mode)`
			`MOONRELAY_NO_TS: "0"`

			`# ── Server ─────────────────────────────────────────────────`
			`MOONRELAY_PORT: "8080"`
			`MOONRELAY_HOST: "0.0.0.0"`

			`TZ: America/New_York # adjust to your timezone`

			`# Tailscale's embedded WireGuard needs /dev/net/tun`
			`devices:`
			`- /dev/net/tun:/dev/net/tun`

			`# Required for WireGuard kernel module access`
			`cap_add:`
			`- NET_ADMIN`
			`- NET_RAW`

			`# Optional: restrict to a specific Docker network if you have one`
			`# networks:`
			`# - homelab`

			`healthcheck:`
			`test: ["CMD", "wget", "-qO-", "http://localhost:8080/api/status"]`
			`interval: 30s`
			`timeout: 5s`
			`retries: 3`
			`start_period: 15s`

			`volumes:`
			`moonrelay-data:`
			`driver: local`

			`# Uncomment if using a custom Docker network`
			`# networks:`
			`# homelab:`
			`# external: true`