feat: add memory limits to Docker services in various configurations

config/ansible/tasks/servers/services/arr-stack/docker-compose.yml.j2

@@ -17,6 +17,10 @@ services:
     restart: "unless-stopped"
     networks:
       - arr_stack_net
+    deploy:
+      resources:
+        limits:
+          memory: 1G
 
   sonarr:
     image: linuxserver/sonarr:latest
@@ -35,6 +39,10 @@ services:
     restart: unless-stopped
     networks:
       - arr_stack_net
+    deploy:
+      resources:
+        limits:
+          memory: 1G
 
   whisparr:
     image: ghcr.io/hotio/whisparr:latest
@@ -52,6 +60,10 @@ services:
     restart: unless-stopped
     networks:
       - arr_stack_net
+    deploy:
+      resources:
+        limits:
+          memory: 1G
 
   prowlarr:
     container_name: prowlarr
@@ -69,6 +81,10 @@ services:
     restart: unless-stopped
     networks:
       - arr_stack_net
+    deploy:
+      resources:
+        limits:
+          memory: 512M
 
   flaresolverr:
     image: ghcr.io/flaresolverr/flaresolverr:latest
@@ -85,6 +101,10 @@ services:
     restart: unless-stopped
     networks:
       - arr_stack_net
+    deploy:
+      resources:
+        limits:
+          memory: 1G
 
   overseerr:
     image: sctx/overseerr:latest
@@ -102,6 +122,10 @@ services:
     networks:
       - arr_stack_net
       - caddy_network
+    deploy:
+      resources:
+        limits:
+          memory: 512M
 
 networks:
   arr_stack_net:

config/ansible/tasks/servers/services/avorion/docker-compose.yml.j2

@@ -9,3 +9,7 @@ services:
       - 27003:27003/udp
       - 27020:27020/udp
       - 27021:27021/udp
+    deploy:
+      resources:
+        limits:
+          memory: 4G

config/ansible/tasks/servers/services/beszel/docker-compose.yml.j2

@@ -10,6 +10,10 @@ services:
     networks:
       - beszel-net
       - caddy_network
+    deploy:
+      resources:
+        limits:
+          memory: 256M
 
   beszel-agent:
     image: henrygd/beszel-agent:latest
@@ -21,6 +25,10 @@ services:
     environment:
       LISTEN: /beszel_socket/beszel.sock
       KEY: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKkSIQDh1vS8lG+2Uw/9dK1eOgCHVCgQfP+Bfk4XPkdn'
+    deploy:
+      resources:
+        limits:
+          memory: 128M
 
 networks:
   beszel-net:

config/ansible/tasks/servers/services/caddy/docker-compose.yml.j2

@@ -21,6 +21,10 @@ services:
       - "host.docker.internal:host-gateway"
     networks:
       - caddy_network
+    deploy:
+      resources:
+        limits:
+          memory: 512M
 
 networks:
   caddy_network:

config/ansible/tasks/servers/services/downloaders/docker-compose.yml.j2

@@ -24,6 +24,10 @@ services:
       - OPENVPN_PASSWORD={{ lookup('community.general.onepassword', 'Gluetun', vault='Dotfiles', field='OPENVPN_PASSWORD') }}
       - SERVER_COUNTRIES={{ lookup('community.general.onepassword', 'Gluetun', vault='Dotfiles', field='SERVER_COUNTRIES') }}
     restart: always
+    deploy:
+      resources:
+        limits:
+          memory: 512M
 
   sabnzbd:
     image: lscr.io/linuxserver/sabnzbd:latest
@@ -39,6 +43,10 @@ services:
     depends_on:
       gluetun:
         condition: service_healthy
+    deploy:
+      resources:
+        limits:
+          memory: 1G
 
   qbittorrent:
     image: lscr.io/linuxserver/qbittorrent
@@ -55,6 +63,10 @@ services:
       gluetun:
         condition: service_healthy
     restart: always
+    deploy:
+      resources:
+        limits:
+          memory: 1G
 
 networks:
   arr_stack_net:

config/ansible/tasks/servers/services/dozzle/docker-compose.yml.j2

@@ -11,6 +11,10 @@ services:
     networks:
       - dozzle-net
       - caddy_network
+    deploy:
+      resources:
+        limits:
+          memory: 256M
 
 networks:
   dozzle-net:

config/ansible/tasks/servers/services/echoip/docker-compose.yml.j2

@@ -16,6 +16,10 @@ services:
       -a /opt/echoip/GeoLite2-ASN.mmdb
       -c /opt/echoip/GeoLite2-City.mmdb
       -f /opt/echoip/GeoLite2-Country.mmdb
+    deploy:
+      resources:
+        limits:
+          memory: 128M
 
 networks:
   caddy_network:

config/ansible/tasks/servers/services/factorio/docker-compose.yml.j2

@@ -19,6 +19,10 @@ services:
     networks:
       - factorio
       - caddy_network
+    deploy:
+      resources:
+        limits:
+          memory: 2G
 
 networks:
   factorio:

config/ansible/tasks/servers/services/gitea/docker-compose.yml.j2

@@ -15,6 +15,10 @@ services:
     networks:
       - gitea
       - caddy_network
+    deploy:
+      resources:
+        limits:
+          memory: 1G
 
   postgres:
     image: postgres:15-alpine
@@ -29,6 +33,10 @@ services:
       - {{gitea_data_dir}}/postgres:/var/lib/postgresql/data
     networks:
       - gitea
+    deploy:
+      resources:
+        limits:
+          memory: 1G
 
   act_runner:
     image: gitea/act_runner:latest
@@ -46,6 +54,10 @@ services:
     restart: always
     networks:
       - gitea
+    deploy:
+      resources:
+        limits:
+          memory: 2G
 
 networks:
   gitea:

config/ansible/tasks/servers/services/golink/docker-compose.yml.j2

@@ -8,3 +8,7 @@ services:
     volumes:
       - {{ golink_data_dir }}:/home/nonroot
     restart: "unless-stopped"
+    deploy:
+      resources:
+        limits:
+          memory: 256M

config/ansible/tasks/servers/services/home-assistant/docker-compose.yml.j2

@@ -15,3 +15,7 @@ services:
     network_mode: host
     devices:
       - /dev/ttyUSB0:/dev/ttyUSB0
+    deploy:
+      resources:
+        limits:
+          memory: 2G

config/ansible/tasks/servers/services/immich/docker-compose.yml.j2

@@ -26,6 +26,8 @@ services:
     runtime: nvidia
     deploy:
       resources:
+        limits:
+          memory: 4G
         reservations:
           devices:
             - driver: nvidia
@@ -49,6 +51,8 @@ services:
     runtime: nvidia
     deploy:
       resources:
+        limits:
+          memory: 8G
         reservations:
           devices:
             - driver: nvidia
@@ -63,6 +67,10 @@ services:
     restart: unless-stopped
     networks:
       - immich
+    deploy:
+      resources:
+        limits:
+          memory: 1G
 
   database:
     container_name: immich_postgres
@@ -100,6 +108,10 @@ services:
     restart: unless-stopped
     networks:
       - immich
+    deploy:
+      resources:
+        limits:
+          memory: 2G
 
 volumes:
   model-cache:

config/ansible/tasks/servers/services/nextcloud/docker-compose.yml.j2

@@ -25,6 +25,10 @@ services:
       - MYSQL_PASSWORD={{ lookup('community.general.onepassword', 'Nextcloud', vault='Dotfiles', field='MYSQL_NEXTCLOUD_PASSWORD') }}
       - MYSQL_HOST=nextclouddb
       - REDIS_HOST=redis
+    deploy:
+      resources:
+        limits:
+          memory: 2G
 
   nextclouddb:
     image: mariadb:11.4.7
@@ -43,6 +47,10 @@ services:
       - MYSQL_PASSWORD={{ lookup('community.general.onepassword', 'Nextcloud', vault='Dotfiles', field='MYSQL_NEXTCLOUD_PASSWORD') }}
       - MYSQL_DATABASE=nextcloud
       - MYSQL_USER=nextcloud
+    deploy:
+      resources:
+        limits:
+          memory: 1G
 
   redis:
     image: redis:alpine
@@ -51,6 +59,10 @@ services:
       - {{ nextcloud_data_dir }}/redis:/data  
     networks: 
       - nextcloud
+    deploy:
+      resources:
+        limits:
+          memory: 512M
 
 networks:
   nextcloud:

config/ansible/tasks/servers/services/plex/docker-compose.yml.j2

@@ -19,6 +19,8 @@ services:
       - {{ '/mnt/data/music' }}:/music
     deploy:
       resources:
+        limits:
+          memory: 4G
         reservations:
           devices:
             - driver: nvidia

config/ansible/tasks/servers/services/privatebin/docker-compose.yml.j2

@@ -22,6 +22,10 @@ services:
       start_period: 90s
     networks:
       - caddy_network
+    deploy:
+      resources:
+        limits:
+          memory: 256M
 
 networks:
   caddy_network:

config/ansible/tasks/servers/services/qdrant/docker-compose.yml.j2

@@ -11,3 +11,7 @@ services:
       - 6335
     volumes:
       - {{ qdrant_data_dir }}:/qdrant/storage
+    deploy:
+      resources:
+        limits:
+          memory: 2G

config/ansible/tasks/servers/services/redis/docker-compose.yml.j2

@@ -17,6 +17,10 @@ services:
       start_period: 5s
     networks:
       - juicefs-network
+    deploy:
+      resources:
+        limits:
+          memory: 256M
 
 networks:
   juicefs-network:

config/ansible/tasks/servers/services/stash/docker-compose.yml.j2

@@ -30,6 +30,10 @@ services:
       - {{ stash_config_dir }}/generated:/generated
     networks:
       - caddy_network
+    deploy:
+      resources:
+        limits:
+          memory: 2G
 
 networks:
   caddy_network:

config/ansible/tasks/servers/services/tautulli/docker-compose.yml.j2

@@ -14,6 +14,10 @@ services:
     restart: unless-stopped
     networks:
       - caddy_network
+    deploy:
+      resources:
+        limits:
+          memory: 512M
 
 networks:
   caddy_network:

config/ansible/tasks/servers/services/unifi-network-application/docker-compose.yml.j2

@@ -29,6 +29,10 @@ services:
       - caddy_network
     sysctls:
       - net.ipv6.conf.all.disable_ipv6=1
+    deploy:
+      resources:
+        limits:
+          memory: 1G
 
   unifi-db:
     image: mongo:6.0
@@ -48,6 +52,10 @@ services:
       - unifi-network
     sysctls:
       - net.ipv6.conf.all.disable_ipv6=1
+    deploy:
+      resources:
+        limits:
+          memory: 1G
 
 networks:
   unifi-network:

config/ansible/tasks/servers/services/wireguard/docker-compose.yml.j2

@@ -17,3 +17,7 @@ services:
     sysctls:
       - net.ipv4.conf.all.src_valid_mark=1
     restart: unless-stopped
+    deploy:
+      resources:
+        limits:
+          memory: 512M