tailnet/trilium/docker-compose.yml

# Running `docker-compose up` will create/use the "trilium-data" directory in the user home
# Run `TRILIUM_DATA_DIR=/path/of/your/choice docker-compose up` to set a different directory
# To run in the background, use `docker-compose up -d`
services:
  ts-trilium:
    image: tailscale/tailscale:latest
    container_name: ts-trilium
    restart: unless-stopped
    hostname: ${TS_HOSTNAME}
    environment:
      - TS_AUTHKEY
      - TS_EXTRA_ARGS
      - TS_SERVE_CONFIG=/ts/serve.json
    volumes:
      - tailscale:/var/lib/tailscale
    devices:
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - net_admin
      - sys_module
    configs:
      - source: ts-config
        target: /ts/serve.json
  trilium:
    # Optionally, replace `latest` with a version tag like `v0.90.3`
    # Using `latest` may cause unintended updates to the container
    image: triliumnext/trilium:latest
    container_name: trilium
    network_mode: service:ts-trilium
    # Restart the container unless it was stopped by the user
    restart: unless-stopped
    environment:
      - TRILIUM_DATA_DIR
    #ports:
      # By default, Trilium will be available at http://localhost:8080
      # It will also be accessible at http://<host-ip>:8080
      # You might want to limit this with something like Docker Networks, reverse proxies, or firewall rules,
      # however be aware that using UFW is known to not work with default Docker installations, see:
      # https://docs.docker.com/engine/network/packet-filtering-firewalls/#docker-and-ufw
      #- '8080:8080'
    volumes:
      # Unless TRILIUM_DATA_DIR is set, the data will be stored in the "trilium-data" directory in the home directory.
      # This can also be changed with by replacing the line below with `- /path/of/your/choice:/home/node/trilium-data
      - ${TRILIUM_DATA_DIR:-~/trilium-data}:/home/node/trilium-data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro

volumes:
  tailscale:
configs:
  ts-config:
    content: |
      {
        "TCP": {
          "443": {
            "HTTPS": true
          }
        },
        "Web": {
          "$${TS_CERT_DOMAIN}:443": {
            "Handlers": {
              "/": {
                "Proxy": "http://127.0.0.1:8080"
              }
            }
          }
        },
        "AllowFunnel": {
          "$${TS_CERT_DOMAIN}:443": ${TS_ALLOW_FUNNEL:-false}
        }
      }